Which of the following details must appear on a chain-of-custody form to maintain the integrity and admissibility of digital evidence during an investigation?
The vulnerability severity score (CVSS) associated with the exploited vulnerability
The names, signatures, and date/time entries for each individual who handled the evidence
The organization's entire network topology diagram
The purchase price of the storage media used to hold the forensic image
A valid chain-of-custody record tracks who handled the evidence and when they did so. Recording the names (and signatures) of each custodian, along with the date and time the evidence changed hands, creates an unbroken timeline that demonstrates the evidence was not tampered with. Network diagrams, CVSS scores, or the purchase cost of storage media are not required elements and do not prove continuous control of the evidence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a chain-of-custody important in digital forensics?
Open an interactive chat with Bash
What happens if there is a break in the chain-of-custody?
Open an interactive chat with Bash
How are names, signatures, and timestamps recorded on a chain-of-custody form?