What is chain of custody in digital forensics and why is it crucial in Annex B investigations?

Chain of custody in digital forensics is the documented, chronological record that tracks the evidence from the moment it is collected through every handoff, transfer, and storage step until it is presented or adjudicated. It means who collected it, who handled it, where it was stored, how it was moved, and the integrity checks performed at each step. This trail, along with hash verifications and timestamps, proves that the evidence remained unaltered and authentic throughout the investigation. In Annex B investigations, keeping a precise chain of custody is crucial because it ensures the digital artifacts are credible and admissible in proceedings; a broken or poorly documented chain can undermine the trustworthiness of the evidence, regardless of what the data shows. The other options don’t fit because they describe a command structure, a method for copying data, or a retention policy, none of which guarantee the integrity and accountability of evidence over time.