Also, the lack of training to patrol officers could lead to valuable evidence being inadvertently destroyed. Most local agencies lack the equipment necessary to conduct digital forensics. Many local experts have even been reported to have purchased their own equipment to do their job (Taylor, et. Al. , 2011). The lack of management support and recognition of computer crime analysis has led to the lack of funding for these local cyber units. With a lack of funding comes a lack of equipment, training, and the ability for personnel to specialize in digital forensics. Explain and describe the best practices for collection, preservation, transportation, and storage of electronic evidence. Since all evidence collection methods can be called into question later, it is best to establish a written standards operating procedures and use it every time. A checklist should be created off of the operating procedures and brought to each crime scene by the investigator. Every electronic device should be photographed before touching anything. The checklist should be followed step by step and every item needs to be put into an evidence bag and tagged.
Then a chain of custody document needs to be created for every piece of evidence. No analysis should be done on the original copy of any device. All analysis should be done on system image copies of each device. When transporting evidence, make sure it is treated as fragile cargo. All magnetic media need to be packed and transported in antistatic bags or paper. Make sure as to not bend CDC, diskettes or tapes. When storing evidence, make sure the chain of custody is being properly documented. The evidence should be stored with an evidence custodian in a secure room.
The above information is only a quick sampling of the necessary requirements for the collection, preservation, transport and storage of digital evidence. 3. What is the importance of chain of custody as it relates to computer crime? The chain of custody is a legal document that records the history of who had possession of the evidence and when. It is also used to show that the data presented is “as originally acquired” and has not been altered prior to the admission into evidence. This is important when it comes to electronic evidence as it can be easily altered.
An identifiable person must always have physical custody of any piece of evidence to ensure its authenticity (TERM, n. D Without a properly documented chain of custody, the electronic data and the findings of the investigation could be inadmissible in a court of law. This is why chain of custody is of paramount importance.