Parichay
Chain of Custody (Hirasaat ki Shrinkhala) digital forensics mein sabse critical concept hai. Ye evidence ke collection se lekar court presentation tak ke har step ka documented record hai. Agar chain of custody break ho jaaye, to poori evidence inadmissible ho sakti hai.
Is part ke ant tak, aap chain of custody documentation karna, evidence integrity maintain karna, aur hash values ke importance ko samajhna sikhenge.
Documentation
Chain of custody documentation evidence ke collection se lekar final disposition tak ka complete record hai. Ye prove karta hai ki evidence tamper nahi hui hai.
Chain of Custody Principles
- Continuous Documentation: Evidence ke saath har interaction record hona chahiye
- Accountability: Har samay evidence kiske paas hai - clearly defined
- Integrity: Evidence mein koi change nahi hua - verifiable
- Security: Unauthorized access prevent kiya gaya
- Completeness: Koi gap nahi hona chahiye documentation mein
Chain of Custody Form Components
Sample Chain of Custody Form
Evidence Transfer Log
| Date/Time | Released By | Received By | Purpose | Signatures |
|---|---|---|---|---|
| 15-Jan-2024, 11:00 | SI Rajesh Kumar | Forensic Lab | Imaging | [Signed] |
| 16-Jan-2024, 09:00 | Lab Tech Amit | SI Rajesh Kumar | Return after imaging | [Signed] |
| 20-Jan-2024, 14:00 | SI Rajesh Kumar | Evidence Room | Storage | [Signed] |
Chain of custody mein ek bhi gap ya missing signature defense attorney ke liye evidence challenge karne ka ground ban sakta hai. Har transfer documented aur signed hona chahiye.
Sakshya Akhandta (Evidence Integrity)
Evidence integrity ka matlab hai ki evidence collect karne ke baad usmein koi change nahi hua hai. Digital evidence ke liye ye cryptographic hash values ke through prove hota hai.
Integrity Measures
Physical Security
Evidence room access control, CCTV monitoring, sealed evidence bags with tamper-evident seals
Write Protection
Hardware/software write blockers original evidence ko modify hone se rokते hain
Hash Verification
Cryptographic hash values evidence ka digital fingerprint create karte hain
Documentation
Every action logged with timestamp, person responsible, and purpose
When to Verify Integrity
- Immediately after evidence collection (baseline hash)
- Before creating forensic image
- After creating forensic image (compare source and image hash)
- Before any analysis
- After completing analysis
- Before presenting in court
- Any time evidence changes custody
Hash Values (MD5, SHA-256)
Hash function ek mathematical algorithm hai jo kisi bhi size ke data ko fixed-length unique string mein convert karta hai. Ye digital evidence ka "fingerprint" hai.
Hash Function Properties
- Deterministic: Same input always produces same hash
- One-Way: Hash se original data recover nahi ho sakta
- Collision Resistant: Do different inputs same hash produce nahi karenge (practically)
- Avalanche Effect: Small change in input = completely different hash
Common Hash Algorithms
| Algorithm | Output Length | Status | Use Case |
|---|---|---|---|
| MD5 | 128 bits (32 hex chars) | Deprecated for security | Quick verification (with SHA) |
| SHA-1 | 160 bits (40 hex chars) | Deprecated | Legacy systems |
| SHA-256 | 256 bits (64 hex chars) | Current standard | Forensic verification |
| SHA-512 | 512 bits (128 hex chars) | More secure | High-security requirements |
Hash Examples
File: evidence.dd (500GB Hard Drive Image)
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA-256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
---
Agar file mein ek byte bhi change ho:
Original file hash (SHA-256):
a7b9c3d4e5f6...
After 1 byte change (SHA-256):
x8y2z9w1p7q4... (Completely different!)
Hash Calculation Tools
md5sum / sha256sum
Linux command-line tools. Built-in aur fast. Example: sha256sum file.dd
HashCalc
Windows GUI tool. Multiple algorithms support karta hai.
FTK Imager
Imaging ke dauran automatic hash calculation aur verification.
Autopsy
Forensic platform mein built-in hash verification.
Ek child exploitation case mein, defense ne argue kiya ki evidence tampered thi. Prosecution ne chain of custody documents present kiye jo dikhate the ki: (1) Collection par MD5 + SHA-256 calculate kiya gaya, (2) Imaging se pehle aur baad mein hash same the, (3) Har transfer par hash verify kiya gaya. Court ne evidence accept ki.
Best Practices for Hashing
- Dual Hashing: Always use MD5 + SHA-256 dono (defense ke against)
- Document Everything: Hash values case notes mein record karein
- Witness Hash Calculation: Important cases mein hash calculation witness ke saamne karein
- Automated Logging: Forensic tools ke logs preserve karein
- Periodic Verification: Long-term storage mein periodic hash check karein
Common Challenges
Chain of Custody Challenges
- Multiple Jurisdictions: Evidence different agencies ke beech transfer hone par documentation gaps
- Cloud Evidence: Physical custody concept cloud mein applicable nahi - documentation approach different
- Live System Evidence: Volatile data capture mein traditional chain of custody concepts adapt karne padte hain
- Large Scale Data: Terabytes of data mein individual file hashing impractical - container hashing use karein
Defense Challenges
Defense typically in points par challenge karta hai:
- Missing signatures ya timestamps
- Unexplained gaps in custody
- Hash mismatch ya missing hash values
- Improper storage conditions
- Untrained personnel handling evidence
Indian courts mein, chain of custody break hone par evidence ki reliability question ho sakti hai. Judges ke discretion par depend karta hai ki evidence accept karein ya reject. Strong documentation is case ko significantly strengthen karta hai.
- Chain of Custody evidence ke collection se court tak ka continuous documented record hai
- Har evidence transfer documented, signed, aur timestamped hona chahiye
- Evidence integrity cryptographic hash values (MD5 + SHA-256) se verify hoti hai
- Hash values evidence ka unique digital fingerprint hain - 1 byte change = completely different hash
- Always dual hashing use karein (MD5 + SHA-256) for forensic purposes
- Chain of custody mein gap = defense ke liye challenge opportunity
- Documentation, documentation, documentation - ye mantra hai