Chain of custody is the documented record of how evidence is collected, handled, transferred, stored, and accessed over time. It matters because evidence loses credibility when nobody can show who touched it or whether it was altered.
What is Chain of Custody?
In digital investigations, chain of custody helps prove that evidence remained controlled and trustworthy from collection through review. It supports forensic integrity, legal defensibility, and disciplined incident handling.
What Chain of Custody Commonly Records
Common details include who collected the evidence, when it was collected, where it was stored, who accessed it, when it changed hands, and how integrity was verified.
Chain of Custody vs. Evidence Collection
Evidence collection is the act of gathering evidence. Chain of custody is the ongoing documentation of that evidence after collection.
Frequently Asked Questions
Why is chain of custody important?
Because investigations, legal matters, and internal reviews rely on evidence that can be shown to be authentic and well controlled.
Does chain of custody only matter in court?
No. It also matters in internal investigations, regulatory review, and any incident where evidence integrity could be questioned later.
Related Cybersecurity Terms
