preview

Chain Of Custody, Metadata, Digital Forensics

Good Essays
Keyword: Chain of Custody, Digital Evidence, Metadata, Digital Forensics 1. Introduction An important aspect of the criminal investigation is the documentation or recording of evidence or the chain of custody. According to [1], a chain of custody is a procedure for chronologically documenting evidence. Meanwhile, according to [2], a chain of custody is an important part of the investigation process which will guarantee the evidence is acceptable in the court. In this case, the chain of custody will document the evidence in the investigation process with all aspects of information about where, when, why, who, how. The scope of the chain of custody encompasses all individuals involved in the acquisition, collection, analysis, and other contextual…show more content…
This information capacity problem is resolved through the approach of the forensic format and container information on the acquisition and disk imaging process; this is as discussed by [1][7][8][9][10][19][20]. As for the second issue of the digital chain of custody information standard is as discussed by [13][18][21] about what kind of information should be available for the chain of custody. In particular, some other researchers such as [1] [22] [23] reinforce opinions about the 5W and 1 H concepts as the basis for information on digital chain of custody. Unfortunately, from an industry point of view, the ISO 27037: 2012 document on the Collection of Digital Evidence does not discuss the metadata standard for digital evidence and chain of custody [24] [25]. The document only provides an overview of the minimum information required for documentation of digital evidence. In this case, the researchers before have not yet reached the output of a comprehensive grouping of information in the chain of custody of digital…show more content…
In this case it can be differentiated into an independent file format (represented by raw data dd) and specific file format or vendor based format (represented by EO1 format from Encace). The second one is the digital evidence generated from the live acquisition process represented by the pcap extension as the output of live data capture process by wireshark application, and the third is digital evidence of multimedia file (Audio, Video, Image, Text). Meanwhile, according to [59] forensic analysis will involve an enormous amount of metadata generated from various types of user and system activities. However, this study is limited to metadata information directly related to the management of digital evidence for the chain of custody. A simple test was conducted to find out whether the proposed Pseudo Metadata concept has fulfilled the digital chain of custody solution. In this case, two approaches are applied for testing. The first is its ability to handle three types of digital evidence as in the research scenario, and the second is to summarize all of the information needs in particular that support the explanation of ISO 27037 on the chain of custody for digital
Get Access