Chain of Custody Checklist

Chain of Custody Checklist

A free, printable checklist to keep digital evidence defensible from collection to court.

Free — no signup required.

Chain of custody is the documented trail showing who collected, held and handled each piece of evidence, and proving it was not altered along the way. For digital evidence that proof rests on two things working together: a complete log of every handoff, and a cryptographic hash that shows the file itself never changed. The checklist below walks through both, from preparing to collect through issuing a final integrity certificate. Print it, work down the boxes for each item, and keep the completed sheet with your evidence records.

General information, not legal advice. This checklist is provided for general educational purposes to support good evidence-handling practice. It is not legal advice. Evidence rules vary by jurisdiction and case — for any specific matter, consult a qualified lawyer or forensic professional in your jurisdiction.

The Checklist

1. Before collection

Authority and scope confirmed — you are permitted to collect, and you know exactly what is in scope.
Collection kit ready — write-blocker, storage media, labels, camera, log forms and tools to hand.
Clean target media — destination drives wiped/verified empty before anything is written to them.

2. At collection

Record date, time and collector name for the act of collection.
Photograph or note the original state of the device or item before it is moved or changed.
Compute a hash (SHA-256) of every item immediately at collection.
Record source device details — make, model, serial number, identifiers and location.

3. Documentation

Assign a unique evidence ID to each item.
Start a chain-of-custody log capturing who, when, what and why for every entry.
Record a witness where applicable (name and signature).

4. Transfer & storage

Log every handoff, and re-check the hash at each transfer to confirm it still matches.
Use tamper-evident storage — sealed bags or containers, seals signed and dated.
Restrict access to authorised people only, and record who can access what.

5. Verification & certification

Re-hash and compare (MATCH) at each step to confirm the item is unchanged.
Issue an integrity / custody certificate recording the per-item hashes and verification result.
Retain the certificate together with the custody logs for the life of the matter.

How e-Dex Helps

e-Dex turns several of these checklist steps into one offline workflow. It computes a SHA-256 hash (and other algorithms) for each item, keeps a chain-of-custody log of who handled it and when, and issues a signed integrity certificate recording the per-item hashes and an overall match result. Because it runs fully offline on a single Windows machine, your evidence files never leave your computer.

 Download e-Dex Free

Related Resources

Frequently Asked Questions

What is a chain of custody checklist?
A chain of custody checklist is a structured list of the steps that keep evidence accounted for from the moment it is collected until it is presented. For digital evidence it covers confirming authority, hashing each item, assigning a unique ID, logging every handoff, storing items in tamper-evident conditions, and re-verifying the hashes. Working through the list helps show that nothing was added, lost or altered.

Why is hashing part of a chain of custody for digital evidence?
A cryptographic hash such as SHA-256 is a fixed-length fingerprint of a file's contents. Computing it at collection and re-computing it after each copy or transfer lets you prove a file is bit-for-bit identical to what was collected. The chain of custody log records who held the file and when, while the matching hash records that the file itself did not change — the two together make integrity provable rather than assumed.

Is this checklist legal advice?
No. This checklist is general information to help organise good evidence-handling practice and is not legal advice. Evidence rules vary by jurisdiction and case. For decisions that affect a specific matter, consult a qualified lawyer or a forensic professional in your jurisdiction.

How does e-Dex help with chain of custody?
e-Dex is a free, offline Windows tool that computes SHA-256 (and other) hashes for each item, keeps a chain-of-custody log of who handled it and when, and issues a signed integrity certificate that records the per-item hashes and an overall verification result. Because it runs entirely on your own machine, evidence files never leave your computer.