Chain of Custody for Forensics and Audit Evidence
The typical evidence chain of custody requirement is based on the evidence collected during any investigation, audit or examination. This chain of custody is often paramount and provides the means of accountability for the various pieces of available evidence. It isolates the risk to prevent tampering with that evidence and thereby protects the integrity of the evidence. There are 6 basic questions that need to be answered by the chain of custody documentation:
- What is the evidence?—This is where the type, kind, amount and size of the evidence is delineated. This includes the type of storage device, container, device or media component that retains the digital evidence. Identify it as a hard drive, flash drive, tape, CD or some other type of storage media.
- Who acquired the evidence?—This is where the auditor, investigator or incident responder who retrieved the evidence is identified. This can be an investigator, but is necessarily the evaluator of the evidence. Often the person who acquired the evidence acts as an incident handler for the organization when the response effort to some sort of computer incident is being enacted.
- What is the location, time and date that the evidence was collected?—The particulars of the date, time and location of the evidence when collected are identified and documented. This is also where any special identification criteria used to specify a location are described. The location of the evidence when captured or seized should be described.
- How is the evidence secured?—This is where the organizational method for securing the evidence is documented. Storage methods and means are included within the ledger and forms used. Safes, lockable file cabinets and special storage lockers are all typical means for secure storage of evidence.
- To whom was the evidence relinquished to, and when, if at all?—When the evidence is provided to other personnel, such as other examiners, auditors or investigators under discovery rules, this activity is described and documented on the chain of custody form. These data are defined and included with the evidence, and documented on a ledger for future reference.
- Throughout the process, who came into possession of the evidence, and when and why did they obtain the evidence?—The chain of custody form documents whoever had possession of the evidence throughout its life cycle of seizure, review, storage, preservation and return to owner. So, at any point in the process, the chain of custody documentation identifies who had possession and for what purpose they had it.
These 6 basic chain of custody questions help ensure the reliability of evidence, and this documentation ensures accountability throughout the process.
Leighton Johnson, CISA, CISM, CIFI, CISSP, is a senior security consultant for the Information Security and Forensics Management Team of Bath, South Carolina, USA.
How to Jump Start GDPR With Identity and Access Management
More than 50% of businesses today do not have a strategy to address the European General Data Protection Regulation (GDPR). For companies that fail to comply, it could cost them as much as 4% of their annual turnover. Establishing controls for your enterprise to prevent data breaches may be the first step in establishing GDPR compliance. ISACA and CA Technologies present the “How to Jump Start GDPR With Identity and Access Management” webinar to help you implement breach notifications, establish repeatable controls and governance, and prevent data breach occurrences in your enterprise. This webinar takes place on 14 September at 11AM CDT (UTC -5 hours). ISACA members can earn 1 continuing professional education (CPE) hour by attending this webinar and completing a related survey.
Christian Almskou and Paul Ferron will present this webinar. Almskou, who is senior partner at ICY Security, is responsible for helping companies in a wide range of industries across Europe develop and implement security strategies to enable business transformation and comply with local and global regulations. For more than 12 years, Ferron, director of digital identity strategy at CA Technologies, has been helping enable businesses to adopt a secure approach to minimize business risk. During this webinar, they will highlight how to achieve GDPR compliance and secure your enterprise’s data.
To learn more about this webinar or to register for it, visit the How to Jump Start GDPR With Identity and Access Management page of the ISACA website.
A New Direction for Deploying and Securing Applications
More and more enterprises are moving their applications into public and private cloud infrastructures. The cloud facilitates business growth due its agility, resiliency and scalability. Containers, microservices and development operations (DevOps) have made rolling out new applications in the cloud quick and desirable for development teams. While improving speed, enterprises should not forget to pay attention to security. ISACA and Imperva present the “Changing Trends in Deploying and Securing Applications” webinar to walk through new application deployment models and security requirements needed for a safe transition. This webinar takes place on 19 September at 11AM CDT (UTC -5 hours). ISACA members can earn 1 continuing professional education (CPE) hour by attending this webinar and completing a related survey.
Ajay Uggirala, director of product marketing at Imperva, will present the webinar. Uggirala has more than 17 years of industry experience working at various network security companies. Using his extensive product marketing and computer engineering background, he will provide the security context you need for your enterprise’s increasing use of new and emerging technologies.
To learn more about this webinar or to register for it, visit the Changing Trends in Deploying and Securing Applications page of the ISACA website.
2017 Virtual Summit: Topics in Cyber Security
Join cyber security experts at a free, half-day virtual summit addressing the critical issues impacting your organization’s data and infrastructure. You will have the opportunity to connect with your peers around the world without the expense of travel. The virtual summit will also present opportunities to:
- Gain expert insight into the future direction of cyber security.
- Interact with innovators and solutions providers between educational sessions.
- Earn up to 4 free continuing professional education (CPE) hours.
ISACA, Skybox Security and Adobe are presenting the 2017 Virtual Summit: Topics in Cyber Security. The event takes place on 21 September at 9AM CDT (UTC -5 hours), and ISACA members can earn CPE hours by attending the summit.
To learn more about this event or to register for it, visit the 2017 Virtual Summit: Topics in Cyber Security page of the ISACA website.
Assessing Cryptographic Systems
Assessing enterprise IT often requires a mix of art and science. As an auditor, you apply direct, rigorous quantitative methods. This will almost certainly be paired with subjective judgments regarding the trust you place in developers, vendors and implementation teams. When reviewing cryptographic systems, this art/science balance becomes even more important since many auditors do not possess deep expertise in the development and application of cryptography or its arcane mathematical foundation.
Familiarity with cryptographic concepts, applications, potential vulnerabilities and threats can enhance skill in reviewing cryptographic systems and components. The Assessing Cryptographic Systems white paper provides a basic context for assessing cryptographic systems, highlights potential areas of concern and recommends general strategies that you can apply to many environments. Access the complimentary ISACA white paper on the Assessing Cryptographic Systems page of the ISACA website.
IT Audit Leaders Forum Recap
ISACA held 2 invitation-only IT audit leaders forums at the North America and European CACS Conferences in 2017. IT audit leaders from a variety of enterprises and industries attended these flexible and cooperative forums. They discussed real-world issues including mutual problems and solutions to challenges confronting the audit profession.
The IT Audit Leaders Forum Recap white paper summarizes the topics discussed at these events. This includes key challenges in the audit profession, the future of IT audit leadership, managing emerging technology risk, auditing cyber security, an operational data governance framework, and cloud and data security. The overall goal of publishing this recap is to assist the auditing profession at large. You can access the complimentary ISACA white paper on the IT Audit Leaders Forum Recap page of the ISACA website.
2017 Member Get a Member Program
Do you love being a member of ISACA? Take this opportunity to share your enthusiasm. From now until the end of 2017, for each colleague you recruit to become an ISACA member through the Member Get a Member program, you will be rewarded.
The more colleagues you recruit, the better the reward you can enjoy. If you recruit 2-3 members, you will receive a microwave-to-erase-and-reuse notebook; for 4-5 members, you will receive a voice-activated personal home assistant; for 6-7 members, you will receive a portable gaming system; for 8-9 members, you will receive a smart watch with global positioning system (GPS), and for 10 or members, you will receive a Wi-Fi/Bluetooth sound system.
To refer colleagues to become ISACA members, simply send them a personalized email from your email account. Copy and paste this sample email, add your colleague’s name and include your member ID number. To learn more, visit the 2017 Member Get a Member website.