BLOG

See the latest news and insights around Information Governance, eDiscovery, Enterprise Collaboration, and Social Media. 

All Posts

What Is Chain Of Custody?

Chain of custody, in a legal context, can refer to both physical and electronic evidence. With the huge increase in the leverage of the latter within litigation cases, today, chain of custody is a key requirement of any eDiscovery process.

As a result, your organization needs a clear understanding of what is required in order to ensure you have a watertight procedure for handling electronically stored information (ESI).

AdobeStock_332764841Chain of custody is an important element of this process, as it helps determine authenticity, thus ensuring the validity of your wider eDiscovery processes. Preserving the chain of custody by following the correct procedures helps organizations to preserve and guarantee the quality of evidence presented to the courts. 

This article will explore the different aspects of the chain of custody and why companies like yours need to pay attention to internal procedures related to chain of custody.

What Is Chain of Custody?

Chain of Custody refers to the process of documenting the chronological handling of evidence. It provides a clear record of who was responsible for evidence linked to a specific case at any given time, as well as the way that this evidence was stored, transferred, handled, and formatted. 

The correct collection and documentation of evidence are crucial to the success of any investigation. For evidence to be valid, there’s a need to prove that all the steps involved in your collection and documentation processes were fair – keeping evidence protected from spoliation and keeping its validity unquestionable.

The chain of custody might include when, how, and by whom individual items of evidence were collected, analyzed, or controlled. It can also help prove that specific elements of evidence bear relation to the case they’re being associated with, and can be directly linked to the defendant. In some cases, chain of custody can also help prove to a court that a piece of evidence was not fabricated or fraudulently “planted”.

Why Is Chain of Custody Important?

Without an adequate chain of custody, it is impossible to absolutely authenticate evidence. From the moment the evidence is collected until it is presented, chain of custody ensures full transparency of the process. 

Even though the concept is quite straightforward, correctly creating a chain of custody can prove a complex task. This is due to the challenges and responsibility of identifying, collecting, and preserving evidence from multiple sources at each step of the chain.

If one part of this sequence is missed out or not handled properly, the courts might consider the presented evidence to be inadmissible, so it’s vitally important that your organization has a clear procedure in place should litigation arise.

Chain of Custody in eDiscovery 

Nowadays, most business operations and procedures take place online. As a consequence, there is a steady increase in the number of sources of ESI, as well as in the quantity of data being requested and provided as evidence in modern-day regulatory and litigation cases. 

In the wake of COVID-19, the amount of business being conducted online skyrocketed. The rise in homeworking led to a boom in team collaboration software, as companies scrambled to get their teams working remotely. Use of social media and even business conducted on private mobile devices increased. The result? Many new sources of ESI and a huge amount of data generated daily – all with the potential to be linked as evidence in any number of hypothetical litigation cases.

Not only is ESI being generated in greater quantities from a wider number of sources, the authenticity of ESI is also under heightened scrutiny, as electronic evidence is often assumed to be easier to modify. 

For this reason, it is important to have a clear process of documentation when it comes to the collection and retention of this data. It is essential to guarantee defensible reporting that confirms who, when, how, and what ESI was preserved, collected, and processed. Without this, you are leaving your business vulnerable to legal obstacles and sanctions for the spoliation of evidence. This presents challenges not only for the organization’s legal department but also for IT staff responsible for managing the corporate data.

How to Maintain Chain of Custody During eDiscovery

When establishing a process, clarity and proof should be at the forefront of your mind. This is especially important with regard to digital evidence, which could easily be modified or adjusted. It can also prove difficult to keep track of all documentation, given the high volume of data.  

By maintaining a clear chain of custody in all the steps, you make sure that your source and method of evidence collection cannot be challenged. You need to answer these three key questions to ensure your ESI evidence is authentic and accepted by the Court. 

How was it collected?

You will need a systematic process in place to document your data. You need to gather information specifying when, where, and who collected and preserved the evidence.

Organizations can use software to support this process, but it must ensure an accurate and authentic representation of the evidence for legal matters. For example, many courts ruled web captures (“screenshots”) to be inadmissible, as the evidence cannot be authenticated. 

How was it preserved?

As previously mentioned, the chain of custody must establish that the evidence was not subject to alteration from its collection until its presentation. The process needs rigorous and meticulous documentation, as a simple view might lead to a case running into serious problems. For instance, if someone accesses a web document, it will alternate the date of the last access, who last accessed it, and the date of the last modification. 

Who collected the evidence?

It is likely that the litigant or organization’s legal department will be responsible for collecting or preserving a piece of evidence. If questioned by the court, the respondents might be asked to testify and, potentially, be accountable for charges of tampering. With this in mind, it might be advantageous and effective to have a third party responsible exclusively for managing the chain of custody and be prepared to testify about the procedures of data collection and preservation, if needed. 

Some of the best practices to preserve the chain of custody include: 

  • Ensuring the scene is secure before data is captured. Documenting the context and infrastructure from which the data is being captured can be useful during an investigation
  • Making a forensic copy of the information. Using copies helps to preserve the integrity of the evidence 
  • Ensuring that the storage medium is sterilized. Even in the case of electronic evidence, storage devices must be entirely clean of any potential contamination

Chain Of Custody: What Information Should Be Recorded?


ESI can be generated by a variety of sources and media, so you’ll need to establish a standard process for recording chain of custody for each. Detailing the documentation as much as possible also ensures that the evidence is irrefutable. A simple misstep can be harmful, as it can invalidate the authenticity of evidence, potentially changing the entire outcome of a case. When managing your chain of custody, make sure you include:

1- Information about the collection and transport of evidence

  • Date and time of collection: The date and time that the media containing ESI was provided 
  • Pick-up or delivery location: Information regarding the location where the ESI was collected from, including the company’s name, address, location and any additional information
  • Delivering Party: Information about the company and its representative providing the ESI 
  • Delivery Detail: Detailed description of the media being received
  • Receiving Party: Information about the company and its representative receiving the ESI

2- Information about the evidence 

  • Name of investigators
  • Owner of the ESI 
  • Mater name/case number 
  • The brand and type of media 
  • Serial number 
  • Make and model of hard drive and other media
  • Storage capacity of the device or hard drive
  • Tools used for capturing the ESI
  • Name of the document or image file 
  • Hash value of source hard drive or files
  • Hash value of resulting image files for verification
  • Physical description of the computer (for example, if it was on or off)
  • Any additional comments or issues throughout the process
  • Signature of everyone involved in the collection, handling, and possession of evidence

How Pagefreezer Helps With Chain Of Custody


As a leading digital archiving solution, Pagefreezer helps eliminate some of the issues regarding chain of custody in eDiscovery processes.

Whether descriptive, structural, or administrative, metadata provides context for your digital data. And without metadata, your ESI is very likely to be denied in court. Pagefreezer automatically captures all metadata you’ll need in real-time: where, when, and how a record was created. In addition, Pagefreezer captures all changes to files, so your metadata is not overwritten. It keeps track of all the interactions and changes in a file, and you can easily access it at any point during a case. 

With Pagefreezer, you can easily export a defensible record directly from the Pagefreezer dashboard. Pagefreezer exports contain SHA-256 digital signatures (hash values) and timestamps, ensuring the rules and compliance of digital evidence. 

Finally, Pagereezer offers access to your archived ESI in a manner that enables very easy and accurate discovery. You can filter your ESI using keywords, restrict your search to a specific account or user, or conduct a large-scale search across your archives.It is also possible to give access to external parties via private portals.  

Ready To Perfect Your Chain Of Custody Process?

Managing and preserving ESI for litigation and regulatory affairs is one of the most demanding eDiscovery challenges. With the increasing volume of electronic data and their growing relevance within the litigation space, organizations need to ensure a solid process for establishing chain of custody when it comes to digital evidence. Chain of custody simply is too important to leave to chance. When it comes to making sure you’re protected and prepared for any litigation, Pagefreezer can help.

Want to learn more? Why not download or white paper, Authenticating Digital Evidence Under FRE 902(13) and (14): Using Digital Signatures (Hash Values) and Metadata to Create Self-Authenticating Digital Evidence.

Download the Guide

George van Rooyen
George van Rooyen
George van Rooyen is a Content Marketing Specialist at Pagefreezer.

Related Posts

What Is Chain Of Custody?

Chain of custody, in a legal context, can refer to both physical and electronic evidence. With the huge increase in the leverage of the latter within litigation cases, today, chain of custody is a key requirement of any eDiscovery process.

5 Key Steps to Improving Information Governance (IG)

There’s nothing quite like an unexpected year-long period of remote work to highlight gaps and inefficiencies in an organization’s information governance (IG) strategies. Thanks to the events of 2020, there was an explosion of data sources across most organizations—from team collaboration platforms (Slack, MS Teams, etc.) and video conferencing tools (Zoom, Google Meet, Cisco Webex), to mobile text messages, company websites, and social media accounts—and many companies recognized the fact that more mature IG strategies were needed to successfully manage this data and reduce risk.

Implementing an Enterprise Collaboration Tool? Here Are 5 Questions Your Compliance Team Will Ask

Organizations are embracing team collaboration tools at a rapid rate. However, the massive volumes of scattered data these platforms create can cause compliance issues that have the potential to spiral out of control. The smart solution? An enterprise-grade archiving solution that can help organizations collect, store, and monitor their collaboration data.