Concepto
legal que cubre la validez e integridad de las evidencias recogidas para
sustentar un proceso judicial. Cubre todos los pasos desde la recogida hasta su
utilización final.
possession,
movement, handling, and location of material from the time it is obtained to
the time it is presented in a matter [ISO-27050:2015]
A legal principle regarding
the validity and integrity of evidence. It requires accountability for anything
that will be used as evidence in a legal proceeding to ensure that it can be
accounted for from the time it was collected until the time it is presented in
a court of law.
Scope Note:
Includes documentation as to
who had access to the evidence and when, as well as the ability to identify
evidence as being the exact item that was recovered or tested. Lack of control
over evidence can lead to it being discredited. Chain of custody depends on the
ability to verify that evidence could not have been tampered with. This is
accomplished by sealing off the evidence, so it cannot be changed, and
providing a documentary record of custody to prove that the evidence was at all
times under strict control and not subject to tampering.
ISACA, Cybersecurity
Glossary, 2014
A process that tracks the
movement of evidence through its collection, safeguarding, and analysis
lifecycle by documenting each person who handled the evidence, the date/time it
was collected or transferred, and the purpose for the transfer. [CNSSI_4009:2010]
A process and record that
shows who obtained the evidence; where and when the evidence was obtained; who
secured the evidence; and who had control or possession of the evidence. The
“sequencing” of the chain of evidence follows this order: collection and identification;
analysis; storage; preservation; presentation in court; return to owner. [CNSSI_4009:2010]