I was just a 20-year old systems administrator when 3 intimidating FBI agents showed up at work. Little did I know that this experience would come in handy for my CISSP exam a decade later.
At the time, I was working for a political strategy and public opinion firm in Washington D.C. We had just heard on the news that a state elected official was involved in a bribery and corruption scandal. We also found out from news headlines that one of our senior analysts may have been involved to a degree.
The FBI agents came directly into our small IT room with a court-ordered search warrant demanding all email communication between the senior analyst and the mayor going back 3 years.
It was pretty surreal to have 3 FBI agents in our room where we crack nerd jokes and discuss video games.
They adamantly wanted us to follow a strict chain of custody process.
All emails were to be printed out, organized by date and time, and put into office file boxes which were provided by the FBI.
On top of the boxes was a giant sticker, to be filled out by us, that looked something like this:
This form insured that the submitted evidence in an ongoing federal investigation could be tracked throughout it’s life cycle.
Proper chain of custody is able to answer the questions WHO, WHAT, WHEN, WHERE, and HOW?
WHO was in charge of these emails while it was being transported from my office to FBI headquarters? The name of the FBI evidence collection team member.
WHAT were in these boxes? Stacks of printed out emails.
WHEN had these boxes arrived at the FBI office? 6:00pm
WHERE were these boxes of evidence after seizure? FBI Forensics Lab, 6th Floor, Headquarters, Washington D.C.
HOW were these boxes moved around? Under escort by FBI agents.
In the United States, individuals have to be proven guilty without a reasonable doubt.
If just one link in the chain of custody was proven to be false in a courtroom, the government’s whole case against the mayor could be dismissed.
Note: Time and places of these events have been changed to protect privacy and inference attacks.