ARCHIVE

Posts Tagged ‘Chain of Custody’

The Importance of Establishing a Chain of Custody for Audio/Video Evidence

Friday, February 19th, 2016

The Importance of Establishing a Chain of Custody for Audio/Video EvidenceEstablishing a chain of custody for audio and video evidence is the first step in any audio or video forensic investigation. This includes audio/video forensic enhancement, audio/video authentication. Where did the evidence come from? Who created the recording that is being entered into evidence?

A chain of custody is the documentation of who did what to evidence and when was it done. A chain of custody includes people, dates, places, activity and the recording of that information to establish the chain of custody. What has been done since the evidence was created? The chain of custody refers to both digital and analogue audio or video evidence.

The chain of custody for a piece of evidence is important to the legal community because it adds credibility to the audio/video evidence. However, it is common for law enforcement and others in the legal community to often overlook establishing a chain for audio/video evidence. It’s not because of neglect but more often due to lack of training or understanding the importance of the process.

Unfortunately, audio/video recordings are sometimes entered into evidence without documenting the evidence recovery process. When this is the case, if both parties agree that the evidence is acceptable, and tamper free, the audio/video recording is established as the ‘original’ and the chain of custody begins there.

An audio/video chain of custody begins with the evidence recovery process. This is the process of forensically removing the original audio/video recording from the recorder that created it. Based on our experience at Primeau Forensics, once both parties in a criminal or civil litigation agree on an original, they request each side’s forensic expert to establish a protocol for recovering the audio/video evidence. This protocol is written step by step instructions created by one of the experts, then negotiated and or modified and revised until the protocol is established.

Over the last 32 years practicing as lead expert at Primeau Forensics, Ed Primeau has worked with evidence recordings from client lawyers who received recordings from the police. Whenever evidence is not retrieved personally, the police reports, depositions, and other court documents that accompany the evidence must be carefully read to understand how it was acquired. This paper trail must establish a timeline; a chronological listing that accounts for the recovery, custody, transfer and storage of the evidence because the lack of an established chain of custody can easily overturn a conviction on appeal.

18: Creating Video Work Product as an Audio Video Forensic Expert

Friday, February 27th, 2015

18: Creating Video Work Product as an Audio Video Forensic ExpertVideo work product is a way to document forensic investigations, like evidence recovery, for reference at a later date. Processes and procedures are documented using a video camera by a forensic expert during a forensic investigation for future use. I have referred back to my video work product many times during the course of a case when I have questions later in the evolution of the case. There are a few different digital video recording platforms that I use when creating ‘video work product’. Each one of these types of systems serves a certain purpose in assisting with a forensic investigation as well as the investigative process.

I personally use the VIEVU LE2 and LE3 body worn cameras. My main use for this body camera in my investigations is recording my forensic process in the field. This includes retrieving evidence from different systems so I can review the video later and include in my report to support the authenticity of my work product and any evidence used in the case.

Another type of digital video camera that I use to produce video recordings is a HDSLR photography camera. In some investigations, a single video recorded perspective may not be sufficient to display the forensic process or document the events. Having another high quality camera with flexibility of perspectives and interchangeable lenses can capture aspects of my investigation that body worn cameras cannot.

Video evidence produced by CCTV systems can help solve crime, as well as reproduce accidents and disasters as they occurred for play back in many different settings. A significant use a video forensic expert has when recording video from a CCTV system is to create an exemplar. This recording is used as a comparison file to the original evidence to help determine the authenticity of the original evidence.

It is a best practice of ours at Primeau Forensics to video record many forensic investigations like the exemplar creation process and evidence recovery so if anyone has any questions during the life of the case, this video work product can be referenced.

Now listen in with Audio and Video Forensic Expert Ed Primeau as he discusses creating Video Work Product for Forensic Investigations.

7: Importance of the Chain of Custody for Digital Media Evidence

Monday, October 27th, 2014

7: Importance of the Chain of Custody for Digital Media EvidenceEstablishing chain of custody when authenticating digital media evidence for use in the courtroom is extremely important. The chain of custody must account for the seizure, storage, transfer and condition of the evidence.  The chain of custody is absolutely necessary for admissible evidence in court.

Importance to the expert

My forensic software allows me to look at the metadata or digital information of an audio or video recording, but does not always allow me to understand how a recording was created.  Just because the information is missing from the metadata does not mean that a recording has been compromised.  This is why the chain of custody information is important to a forensic examiner. It helps show where the file came from, who created it, and the type of equipment that was used.  That way, if I want to create an exemplar, I can get that equipment, create the exemplar and compare it to the evidence to confirm the file properties.

Importance to the court

When I testify in court with a piece of evidence, I am always prepared with the chain of custody.  As I mentioned earlier, without a complete chain of custody, it can become very easy for the opposing attorney or prosecutor to challenge or dismiss the evidence presented.  Having a complete chain of custody form, as well as any other accompanying forms and including any visual proof of retrieval, such as pictures or video, greatly helps prove the authenticity and admissibility of the evidence in the courtroom.

Recently, new ways of establishing a chain of custody have come about and are slowly becoming accepted in the legal community.  Online services are now available for digital evidence that record the chain of custody and who has received the evidence.  The evidence is stored in cloud space and eliminates the need for repeated transference of physical copies.  It maintains standardized security procedures and is also useful as a backup storage space for surveillance cameras.

Chain of custody is important to the court because if I find something wrong with the evidence during the authentication process, it allows me to go back and determine who was responsible for the evidence up until that point. 

Importance to the investigation

The chain of custody is important to the investigation process because it is the first step when authenticating digital audio and video evidence.  Identifying this chain of custody provides information about whether or not this evidence has been copied or cloned.  As technology advances and becomes more accessible, digital media evidence has become easier to edit, modify and alter.  The Scientific Working Group on Digital Evidence (SWGDE & IOCE) defines Original Digital Evidence as, “Physical items and the data objects associated with such items at the time of acquisition or seizure.”  It is not always possible to receive the evidence from its original source at the time of acquisition or seizure.  Very often, I receive digital media evidence from a client who may have received it from the police or another source.  When this occurs, I have to pay careful attention to the reports, depositions and other legal documents that accompany the evidence.  This paper trail must be part of an unbroken timeline that shows exactly where the evidence has been between its creation and my examination of it.  When I encounter any gaps in this timeline that can raise questions to the authenticity of the evidence, further investigation becomes necessary.

There are occasions when I am asked by the client to physically retrieve the evidence directly from the recorder that created it.  This process creates the chain of custody for my investigation.  When an expert creates the chain of custody, it removes all doubt as to the authenticity of the evidence.   This process has become more common throughout my investigations when the original evidence is available for my retrieval.  To further authenticate this process, I create audio and video recordings of the retrieval process, which becomes part of the chain of custody. In addition, when I am at the site and I retrieve the digital evidence, I have access to the administrator information about that evidence, such as an administrative log, date and file info, and who accessed the files.  The more information an expert can retrieve strengthens the authentic chain of custody that is created.

Primeau Forensics’ chain of custody process

  • Save original package materials
  • Take photos of physical evidence
  • Take screenshots of digital evidence content
  • Document date, time and any other information of receipt
  • Ingest a bit for bit clone of digital evidence content into our forensic computers
  • Perform a hash test analysis to further authenticate working clone

All of the above information outlined in our forensic procedure for creating a chain of custody is important and necessary to include when creating a forensic report.

When examining digital media evidence, especially digital audio and video recordings, you should never examine the original file.  Always make sure that when you process a piece of evidence, you work on the copy of that file so that the original remains untouched at all times.  That way, if you have to go back to compare your work product to the original, you’ll have that original file preserved.

It doesn’t matter what forensic science you are an expert in.  The chain of custody is always important.  Maintaining that chain of custody is crucial for the credibility of your work product and eventual testimony.

Establishing a Chain of Custody for Audio and Video Evidence

Tuesday, February 4th, 2014

Establishing a Chain of Custody for Audio and Video EvidenceAs a Registered Investigator and Certified Forensic Consultant in audio and video analysis, I am often called upon to testify as an expert witness for either the prosecution or the defense. My job is to offer an authoritative analysis of electronic evidence, introduced in the form of audio or video recordings. The content of my testimony is twofold, interpretation and authentication. I interpret and clarify the recordings, and I authenticate the identity of those individuals seen and heard. But I must also authenticate the evidence as evidence. Has this recording been tampered with? Is the recording I examined the original or a copy? Through whose hands has this recording passed before and after it reached me? Where and how has it been stored?

The answers to these questions may determine the admissibility of the electronic evidence, and ultimately, whether a defendant is found guilty or innocent. Establishing and maintaining an unbroken chain of custody is vital. Without it, the evidence and my testimony, no matter its probative value, may be successfully challenged and ruled inadmissible. According to the online IT Law Wikia, chain of custody is defined as “a process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.”

I always make a video recording of my process/investigation when I retrieve evidence. For example, if the video evidence is on a digital video recorder, I travel to the DVR and personally retrieve the evidence myself. The video I record of my retrieval process effectively establishes a chain of custody. Of course, I follow the same procedure when I personally retrieve an audio recording.

However, there are many instances where I obtain evidence from lawyers who, in turn, receive recordings from the police. Whenever I do not retrieve the evidence personally, I must carefully read the reports, depositions, and related documents that accompany the evidence I receive. This paper trail must support the construction of a timeline, an unbroken, chronological listing that accounts for the seizure, custody, transfer, storage, and condition of the evidence. The timeline must be free of any gaps, periods of time during which the exact custody and location of the evidence cannot be accounted for. A weak link in the chain of custody can easily overturn a conviction on appeal, so I am always prepared for chain of custody questions when I testify.

A typical chain of custody form includes blank text fields that allow for the entry of the following: Case Name and Number, Type of Evidence, Evidence Initially Procured (Where, By Whom, Date & Time), Manufacturer and Serial Number of Media Device and/or Media, and a table listing Evidence Inventoried By (Name, Date, Time, ID), Evidence Released By (Name, Date, Time), and Evidence Received By (Name, Date, Time).

As I mentioned earlier, there are actually two chains of custody when considering electronic evidence: the physical recording itself and the data it holds. With the proliferation of home computers capable of desktop audio and video editing, there has been an increasing incidence of tampering with recordings before they are collected as evidence. I can usually spot recordings that have been altered very quickly, once I begin my electronic analysis.

Slowly gaining acceptance with law enforcement, security companies, and the legal community are online services that maintain and track the chain of custody of electronic evidence, which is stored in the cloud. Particularly useful for the archiving and storage of video from body cams, vehicle cameras, and surveillance cameras, these services hope to modernize the handling of electronic evidence by eliminating the repeated transference of physical evidence, maintaining standardized security procedures, and providing easy access to the content of electronic recordings.

 

 

 

 

 

 

Download Edward Primeau’s C/V

Video

 Check out our other Forensic Services Websites: