CASE Topics

Chain of Custody

The Chain of Custody is crucial in investigations as it helps establish and maintain integrity of the evidence throughout various stages (i.e. seizure, transfer, analysis, etc.). Due to the increasing reliance of digital media in our every-day tasks, digital components are becoming more prominent in investigations. CASE seeks to represent that cyber aspect of a Chain of Custody. Those aspects that can be represented in CASE are properties of a device (manufacturer, model, serial number, storage size, etc.), tools used to acquire and/or analyze the device, and the context of data pertaining to the device.

Some examples of Chain of Custody in the cyber-investigation domain include Urgent Evidence and IR (Incident Response).

Urgent Evidence

Incident Response


Email forensics pertains to gathering evidence from a mail server or an individual's email account to investigate cases such as phishing/whaling campaigns, blackmail/threats, corporate espionage, and others.



When gathering evidence from an audio device, a forensic analayst could perform audio enhancement, audio authentication, and/or a forensic transcription.

Voice Comparison


Video forensics are typically performed on recording devices, such as: surveillance cameras, DVRs/NVRs, and cell phones. Analysis types include image comparison, image authentication, motion tracking, and others.

IP Theft/Video Leak