As a Registered Investigator and Certified Forensic Consultant in audio and video analysis, I am often called upon to testify as an expert witness for either the prosecution or the defense. My job is to offer an authoritative analysis of electronic evidence, introduced in the form of audio or video recordings. The content of my testimony is twofold, interpretation and authentication. I interpret and clarify the recordings, and I authenticate the identity of those individuals seen and heard. But I must also authenticate the evidence as evidence. Has this recording been tampered with? Is the recording I examined the original or a copy? Through whose hands has this recording passed before and after it reached me? Where and how has it been stored?
The answers to these questions may determine the admissibility of the electronic evidence, and ultimately, whether a defendant is found guilty or innocent. Establishing and maintaining an unbroken chain of custody is vital. Without it, the evidence and my testimony, no matter its probative value, may be successfully challenged and ruled inadmissible. According to the online IT Law Wikia, chain of custody is defined as “a process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.”
I always make a video recording of my process/investigation when I retrieve evidence. For example, if the video evidence is on a digital video recorder, I travel to the DVR and personally retrieve the evidence myself. The video I record of my retrieval process effectively establishes a chain of custody. Of course, I follow the same procedure when I personally retrieve an audio recording.
However, there are many instances where I obtain evidence from lawyers who, in turn, receive recordings from the police. Whenever I do not retrieve the evidence personally, I must carefully read the reports, depositions, and related documents that accompany the evidence I receive. This paper trail must support the construction of a timeline, an unbroken, chronological listing that accounts for the seizure, custody, transfer, storage, and condition of the evidence. The timeline must be free of any gaps, periods of time during which the exact custody and location of the evidence cannot be accounted for. A weak link in the chain of custody can easily overturn a conviction on appeal, so I am always prepared for chain of custody questions when I testify.
A typical chain of custody form includes blank text fields that allow for the entry of the following: Case Name and Number, Type of Evidence, Evidence Initially Procured (Where, By Whom, Date & Time), Manufacturer and Serial Number of Media Device and/or Media, and a table listing Evidence Inventoried By (Name, Date, Time, ID), Evidence Released By (Name, Date, Time), and Evidence Received By (Name, Date, Time).
As I mentioned earlier, there are actually two chains of custody when considering electronic evidence: the physical recording itself and the data it holds. With the proliferation of home computers capable of desktop audio and video editing, there has been an increasing incidence of tampering with recordings before they are collected as evidence. I can usually spot recordings that have been altered very quickly, once I begin my electronic analysis.
Slowly gaining acceptance with law enforcement, security companies, and the legal community are online services that maintain and track the chain of custody of electronic evidence, which is stored in the cloud. Particularly useful for the archiving and storage of video from body cams, vehicle cameras, and surveillance cameras, these services hope to modernize the handling of electronic evidence by eliminating the repeated transference of physical evidence, maintaining standardized security procedures, and providing easy access to the content of electronic recordings.
Tags: Chain of Custody