The Chain of Custody is crucial in investigations as it helps establish and maintain integrity of the evidence throughout various stages (i.e. seizure, transfer, analysis, etc.). Due to the increasing reliance of digital media in our every-day tasks, digital components are becoming more prominent in investigations. CASE seeks to represent that cyber aspect of a Chain of Custody. Those aspects that can be represented in CASE are properties of a device (manufacturer, model, serial number, storage size, etc.), tools used to acquire and/or analyze the device, and the context of data pertaining to the device.
Some examples of Chain of Custody in the cyber-investigation domain include Urgent Evidence and IR (Incident Response).
Email forensics pertains to gathering evidence from a mail server or an individual's email account to investigate cases such as phishing/whaling campaigns, blackmail/threats, corporate espionage, and others.