Chain of Custody

An employee has been charged with fraud and is suspected of using corporate assets.

As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?

A.

Order of volatility

B.

Data recovery

C.

Chain of custody

D.

Non-repudiation.

C.

The correct answer is C. Chain of custody.

When evidence is collected during an investigation, it is critical to maintain the integrity of the evidence to ensure it is admissible in court. Chain of custody is a forensic technique that documents the handling of evidence from the moment it is collected to its presentation in court.

The chain of custody is a chronological record that tracks the movement and handling of evidence. This includes information about who collected the evidence, the time and date it was collected, where it was stored, who had access to it, and any analysis or testing that was conducted.

By maintaining a clear chain of custody, the admissibility of evidence is less likely to be challenged in court. The chain of custody serves as evidence that the evidence has not been tampered with, altered, or contaminated.

In the case of an employee suspected of fraud, the chain of custody would be used to document the collection of any potential evidence, such as computer hard drives, financial records, or other corporate assets. This documentation ensures that the evidence is properly collected, stored, and analyzed, making it more likely to be admissible in court.

Option A, order of volatility, is a technique used in digital forensics to prioritize the order in which volatile data should be collected. Option B, data recovery, is the process of retrieving data from damaged or corrupted storage media. Option D, non-repudiation, is a security concept that ensures that a party cannot deny having performed an action or transaction. While these techniques may be relevant in certain investigations, they are not directly related to preserving the admissibility of evidence.