The chain of custody refers to the order of sequence of control of digital evidence content, including emails handled during an investigation. Proof that they correctly dealt with the evidence is required to prove their legal acceptance at trial in a court. The chain of custody must maintain a consistent procedure when in control of evidence.
Email remains valuable evidence in civil, criminal, and corporation legal cases. Preserving emails and attachments in their original state is critical to maintaining the chain of custody. The ability of opposing parties to tamper with evidence, including digitally stored content, is not unheard of.
Legal challenges often arise during a trial because of faults in the logical sequence of handling the electronic evidence not following the chain of custody.
What happens if digital evidence becomes tampered with and alters the chain of custody? Will the evidence not be allowed in court? Yes, in most cases, a break in the chain of custody results in evidence being dropped from the case.
Leveraging advanced email security providers like Trustifi helps protect the data stored in their email archives. Trustifi’s cloud-based platform secured the archive with military-grade level encryption to ensure the client’s digital evidence was preserved in the original form.
What is Chain of Custody?
Chain of custody helps guarantee evidence transparency throughout the legal process, from collection to presentation. Maintaining a proper chain of custody is crucial for authenticating and preserving evidence.
Why Is Chain of Custody Essential?
Chain of Custody is a documented protocol that tracks the chronological handling of evidence, including the individuals responsible for the evidence, as well as the storage, transfer, handling, and formatting of the evidence.
Maintaining a transparent chain of custody is essential in ensuring the authenticity and acceptance of your Electronically Stored Information (ESI) evidence by the Court.
What Are the Procedures for Maintaining the Chain of Custody?
The chain of custody begins with the e-discovery custodians following procedures when handling evidence. These procedures should include the following:
- What is the evidence? Email, voice, email attachment, SMS message, or other form of electronic document.
- Who was the collecting party? Petitioner or respondent? Defense or prosecutor?
- When and where was the evidence collected?
Archived evidence undergoes strict chain-of-custody procedures and is assigned a unique identifier for tracking. The item’s retrieval, access, or distribution becomes documented in a permanent court case record. The sequence of control or chain of evidence, collection time, and a clear description of steps taken are filed when evidence is introduced.
Failing to follow a strict chain of custody process will negatively impact value evidence not being allowed in court. A chain of custody process must govern admissible evidence and potential evidence.
The Role of Email Archiving in the Chain of Custody
The email archiving system is secure, centralized, and searchable. It should be user-friendly and match the organization’s e-discovery workflow requirements.
During the evidence process, technicians and custodians may access the email archive or receive exported data files from security providers. The chain of custody document will note the role of the email security provider and their security measures to protect the evidence. The report may suggest the need for additional compliance and security control.
Supporting the Chain of Custody
Email archiving requires a secured and redundant system to preserve every message. The archiving vendor should prove it removed nothing from the mailbox until it’s safe to maintain every email message.
All email archiving solutions should support extensive roles-based access control (RBAC) with multi-level authentication. Protecting the access layer in the archiving will help ensure the stored email data will not become tampered with. Organizations could face fines for non-compliance to shareholder lawsuits if the data becomes tampered with.
If archived data is secure, organizations can avoid non-compliance risks; they need to apply encryption to any data leaving the environment.
How do Trustifi Email Archives Support the Steps in the Chain of Custody?
Email and e-discovery evidence teams should follow a consistent and repeatable process to support their legal cases.
There are several steps in the chain of custody process. These steps align with email archiving capabilities:
- Collection- Trustifi’s seamless plugin into Microsoft 0365 and Google Gmail makes the email collection process easy and non-intrusive to the users.
- Examination – Trustifi’s SMART search capability supports in-depth keywords search aligned with the eDiscovery case framework.
- Evaluation – Trustifi captures all email content and metadata, including CC, BCC, and distribution groups. We can examine the content through Trustifi’s advanced user interface without the ability to tamper with the data.
- Reporting – Trustifi’s email archiving reporting gives clients to input information into their proper eDiscovery case reporting tool and chain of custody form.
- Preservation – All client emails archived by Trustifi are stored in their original form.
Trustifi’s Role in the Chain of Custody
The chain of custody of electronic email records is critical for all organizations expecting e-discovery to be essential in their legal defense. Partnering with Trustifi to archive their Gmail and Microsoft 0365 platforms also provides an additional layer of protection. Separating the email provider from the archive adds an extra layer of data security if the email provider is breached or has a service outage. Other benefits of this strategy include:
- The chain of custody in this service model becomes much simpler for the client needing to archive email evidence.
- The client can access the Trustifi archive separately from the Microsoft or Google Gmail services for evidence custody.
- All e-discovery challenges can be isolated away from the email service. All retention, legal holds, and search can be accomplished on the Trustifi platform.
- The chain of custody starts with content already stored in the Trustifi-secured platform.
Why Trustifi?
Working with global email security platforms like Trustifi, this solution delivered world-class security and e-discovery capabilities to assist all their clients.
Trustifi is a cyber security firm featuring solutions delivered on software as a service platform. Trustifi leads the market with the easiest-to-use and deploys email security products, providing both inbound and outbound email security, data loss prevention, and email archiving from a single vendor built to stop fileless malware, ransomware, and data exfiltration.
As a global cybersecurity provider of both inbound and outbound email protection, Trustifi currently supports customers from countries including the USA, Canada, Brazil, the Dominican Republic, the UK, the Netherlands, India, the UAE, China, and Japan, Cyprus, the Philippines, and more. The company has also developed “One-Click Compliance” capabilities that cater to world security regulations, including PDPO for Hong Kong, POPI for South Africa, GDPR for Europe, and LGPD for Brazil.
