Skip to content
Log in

Chain of custody log

Definition

The continuous record documenting every person who accessed a digital exhibit, every transfer of possession, every examination action, and the hash values that verify data integrity at each stage. The log must be contemporaneous and signed.

Related terms

ACPO principles
Four principles for digital evidence handling published by the UK's Association of Chief Police Officers (now maintained by the Forensic Science Regulator):...
Forensic image
A bit-for-bit verified copy of a storage medium, created using a write-blocker to prevent modification of the original. The copy is verified...
Hash value (digest)
A fixed-length output produced by a cryptographic algorithm such as SHA-256 applied to a data set. Any change to the input data,...
Working copy
A copy of an exhibit on which examination work is performed, created from a verified forensic image. The original or master copy...
Write blocker
A hardware or software device interposed between a digital storage medium and the forensic workstation that prevents any write commands from reaching...

Explained in

  • Chain of Custody for Digital MediaThe continuous record documenting every person who accessed a digital exhibit, every transfer of possession, every examination action, and the hash values that...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account