Chain of Custody: Best Practices for Digital Evidence Handling
Written documentation pertaining to the conveyance of electronic evidence, including the time and recipient, is provided via the chain of custody. These individuals confiscated the electronic equipment and transported the evidence from the scene of the incident to a preservation facility, a forensic laboratory, or the courts.
THE MAIN POINTS IN THE CHAIN OF CUSTODY ARE
- Following the creation of the appropriate seizure memo, the storage medium or device needs to be physically examined, photographed, and kept in a temperature-free environment.
- Evidence should be well protected against theft and other calamities.
- Electronic and digital evidence needs to be shielded from outside magnetic and electric fields.
- Digital evidence, particularly compact discs, needs to be shielded from physical harm like scratches.
- Digital evidence handling should involve a minimum of personnel.
- Devices and electronic evidence should be easily identifiable, conspicuous, and permanently inked.
- The investigating officer should arrive at the scene fully equipped to conduct a search and make a seizure.
- For packaging digital evidence, he should have a enough supply of envelopes, bags, and containers on hand.
DIGITAL EVIDENCE COLLECTION FORM
Cyber forensics relies heavily on digital evidence collection, which necessitates that the evidence be precise and comprehensive. careful documentation of the chain of custody and careful preservation of digital evidence are essential. This document, called the "Digital Evidence Collection Form," is meant to be used with electronic evidence. In the DEC Form, the following information must be listed.
| DEC FORM |
|---|
| Crime Number |
| Section of Law Involved |
| Date (Sent to Forensic Lab) |
| Name of Investigating Officer |
| Address (Location of Evidence Collection) |
| Equipment Related Information |
| Type of Equipment Seized |
| Manufacturer |
| Model Number |
| Serial Number of Equipment |
| Preserving Hash Value |
| Maintaining Chain of Custody |
LEGAL PROCESS FOLLOWED AFTER THE DUE SEIZURE OF THE
ELECTRONIC EVIDENCE
The evidence gathered during the investigation should be presented to the relevant court right away. It is necessary to secure court orders before transferring digital evidence to a specialist for forensic examination. The investigating officer must inform the court that there is a chance the electronic evidence could be tampered with if the accused prays for the release of the confiscated items.
WHEN THE INVESTIGATING OFFICER FORWARDS THE
COLLECTED ELECTRONIC EVIDENCE FOR FORENSIC ANALYSIS,
THE FOLLOWING GUIDELINES SHOULD BE FOLLOWED
| Requirement |
|---|
| Brief history of the case and the DEC form |
| Details of the exhibits seized and their place of seizure |
| Model, make, and description of the hard disk or any storage medium |
| Date and time of the visit to the place of occurrence |
| Condition of the computer system (on or off) at the place of occurrence |
| Is the photograph of the place of occurrence taken? |
| Is it a stand-alone computer or part of a network? |
| Does the computer have any internet connection or networking with other computers? |
| All electronic evidence must be examined by the examiner notified under Section 79A IT Act 2000 |
| All columns in the charge sheet must be filled carefully |
| Original documents and seized articles must accompany the charge sheet |
THE GUIDELINES FOR PREPARING THE CHARGE SHEET IN
CYBER CRIME CASES
- Every detail that the complainant provided while filing the FIR or initiating the inquiry should be covered in the police report.
- Verify that all of the sections mentioned in the FIR are still in effect and that none have been declared unconstitutional or repealed. Section 66A of the Information Technology Amended Act was ruled unlawful by the Hon'ble Supreme Court in Shreya Singhal v. Government of India, AIR 2015 SC 1523.
- Alongside the charge sheet must be the documentation attesting to the correct chain of custody of the electronic evidence.
The charge sheet should include the FSL report. - Please provide detailed information about the place of occurrence and the process the Investigating Officer has followed for digital analysis of electronic records
Follow cyberdeepakyadav.com on
Facebook, Twitter, LinkedIn, Instagram, and YouTube
What's Your Reaction?
