Framework for Tracking Custodianship of Digital Evidence Items
Framework for Tracking Custodianship of Digital Evidence Items
Managing digital evidence presents a multifaceted challenge owing to the increasing complexity of digital data. While crucial for event hypotheses and legal proceedings, ensuring its reliability and maintaining chain of custody integrity is daunting. Conventional evidentiary criteria fall short of accurately auditing digital evidence metadata, creating discrepancies between traditional and digital custody chains. Digital evidence’s characteristics, such as easy copying, transferring, and potential contamination, complicate management, especially considering its transborder and time-sensitive nature. Existing standards reveal gaps in the digital chain of custody management, causing inconsistent practices among stakeholders.
Establishing a standardised digital chain of custody (dCoC) process is imperative to ensure evidence consistency and admissibility. This paper proposes a framework to guarantee the integrity, transparency, and accountability of digital evidence items. It introduces digital custody metadata (DCM), defining transfer purposes and custodianship at each Custody Transfer Point (CTP). The framework addresses challenges in managing digital evidence metadata with a unified approach, ensuring compliance across jurisdictions and tools. A case study demonstrates its application in managing CBRNE digital evidence items collected through diverse means, including drones. Developed within the STRATEGY project, the proposed framework aims to establish a dependable approach to digital evidence management.
data governance, digital evidence items, situational awareness, tracking custodianship
Gabriel Pestana, holds a PhD in Information Systems from the Technical University of Lisbon and serves as an associate professor at the School of Technology – Setúbal Polytechnic University. His research spans Data Analytics, Business Process Automation, and knowledge management. He analyses data governance workflows and decision-making processes, employing data semantics, context awareness, and analytics in solution design and implementation.
Prayudi and A. SN, “Digital Chain of Custody: State of The Art,” Int J Comput Appl, vol. 114, no. 5, pp. 1–9, Mar. 2015, doi: 10.5120/19971-1856.
Jasmin Cosic and Zoran Cosic, “Chain of custody and life cycle of digital evidence,” Comput Technol Appl, vol. 3, pp. 126–129, 2012, Accessed: May 13, 2021.
A. Koleoso, “A Digital Forensics Investigation Model With Digital Chain of Custody for Confidentiality, Integrity and Authenticity,” Conimsconference.Com.Ng, no. July, 2018.
ISO, “ISO/FDIS 22095: 2020 (E) Chain of custody — General terminology and models.” International Organization for Standardization, Geneva, Switzerland, pp. 1–34, 2020. [Online]. Available: https://www.iso.org/
EN ISO/IEC, “EN ISO/IEC 27037 Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence.” CEN-CENELEC Management Centre, Brussels, Belgium, pp. 1–38, 2016.
F. Pestana, L. M. Carvalho, J. Gouveia-Carvalho, and W. Antunes, “Digital Chain of Custody for CBRNE Events: Custody Transfer Governance,” in Information Systems and Technologies, A. Rocha, H. Adeli, G. Dzemyda, and F. Moreira, Eds., Cham: Springer International Publishing, 2022, pp. 304–314.
D’Anna et al., “The Chain of Custody in the Era of Modern Forensics: From the Classic Procedures for Gathering Evidence to the New Challenges Related to Digital Data,” Healthcare (Switzerland), vol. 11, no. 5, Mar. 2023, doi: 10.3390/HEALTHCARE11050634.
Kalaboukas, D. Kiritsis, and G. Arampatzis, “Governance framework for autonomous and cognitive digital twins in agile supply chains,” Comput Ind, vol. 146, Apr. 2023, doi: 10.1016/j.compind.2023.103857.
ISO/IEC, “ISO/FDIS 22313 Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301.” International Organization for Standardization, Geneva, Switzerland, 2019. [Online]. Available: www.iso.org
EN ISO/IEC, “EN ISO/IEC 27042 Information technology – Security techniques – Guidelines for the analysis and interpretation of digital evidence.” International Organization for Standardization, Geneva, Switzerland, pp. 1–14, 2016. [Online]. Available: www.iso.org
Shah, S. Saleem, and R. Zulqarnain, “Protecting Digital Evidence Integrity and Preserving Chain of Custody,” The Journal of Digital Forensics, Security and Law, vol. 12, no. 2, pp. 121–130, Oct. 2017, doi: 10.15394/jdfsl.2017.1478.
Júlio Gouveia-Carvalho, “Investigating alleged use of biological agents against agriculture, livestock and the natural environment: A practical approach,” Portugal, BWC/MSP/2019/WP4, 2019.