KTH-SEECS Applied Information Security Lab

National University of Sciences and Technology (NUST)

Protecting the Digital Evidence and Preserving the Chain of Custody

Domain:Digital Forensics

 Status: Active

Contact Person(s): Makhdoom Syed Muhammad Baqir Shah Shahzad Saleem

Digital forensics is more important than ever due to the transition of our world towards the digital world. In order to solve any crime, evidence is always the key. No judicial decision can be made without the light of sound evidences. Since the data has been digitalised, the need for acquiring sound digital evidence is increased. Digital evidence contains more information than traditional evidence but it can easily be tampered with. It is really important to protect the integrity of digital evidence and its associated chain of custody. If the chain of custody of the evidence is questionable then integrity of the evidence becomes questionable. This need has also been depicted in various European Commission’s legislation e.g. Article 16 Expedited Preservation of Stored Computer Data, Article 23 on General Principles Relating to International Cooperation. In order to maintain the chain of custody of the evidence, the forensic examiner must be authenticated and authorized to acquire the digital image/digital evidence.