The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Of Bags And Men: Chain Of Custody

Posted by Xavier Ashe on November 27, 2005

I have received TONS of email regarding interest in learning more
about what “chain of custody” is and what a proper CoC bag looks like.

Before you read on, keep this in mind: this is purely from my
experience in the field. Proper procedures in law enforcement, private
investigation and evidence handling may differ depending on where you

I am going to describe how *I* use these bags in preserving evidence during computer security / forensics investigations.

Now that the disclaimer is done … let's look at what a typical CoC bag looks like.

Very good article from a blog entitled, A Day in the Life of an Information Security Investigator
I have been involved with a few security incidents that involved the
police or the FBI, but they always handled the evidence tagging. 
I'll have me to get a few of those bags.


