How do I maintain the proper chain of custody of my electronic evidence?

Chain of custody is a legal term that describes the collection, transportation, and storage of evidence to prevent alteration, loss, physical damage, or destruction. The goals of a chain of custody policy are accountability and appropriate handling and storage of the evidence.

It may be helpful to have a policy that defines requirements, responsible parties, and procedures to be followed when potential evidence is collected.

Each individual in the chain should understand that he or she is responsible for an item of evidence. This responsibility includes its safe keeping while under his or her control until properly released to another authorized person. This control can be accomplished through physical means such as secure packaging and locked storage areas with mandatory access logs, or electronically such as making exact digital copies, signing and/or hashing data files, and transmitting them through secure private channels. Note that these measures should be conducted so that no change is made to the evidence (or copy).