SIST-TS CEN/TS 18053-1:2024

SLOVENSKI STANDARD
01-november-2024
Digitalna skrbniška veriga za dokaze CBRNE - 1. del: Pregled in koncepti
Digital Chain of Custody for CBRNE Evidence - Part 1: Overview and Concepts
Digitale Beweiskette für CBRNE-Beweise - Teil 1: Überblick und Konzepte
Ta slovenski standard je istoveten z: CEN/TS 18053-1:2024
ICS:
13.300 Varstvo pred nevarnimi Protection against dangerous
izdelki goods
35.240.99 Uporabniške rešitve IT na IT applications in other fields
drugih področjih
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

CEN/TS 18053-1
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
September 2024
TECHNISCHE SPEZIFIKATION
ICS 13.300; 35.240.99
English Version
Digital Chain of Custody for CBRNE Evidence - Part 1:
Overview and Concepts
Digitale Beweiskette für CBRNE-Beweise - Teil 1:
Überblick und Konzepte
This Technical Specification (CEN/TS) was approved by CEN on 26 May 2024 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2024 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 18053-1:2024 E
worldwide for CEN national Members.

Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
4 Symbols and abbreviated terms . 8
5 General Guidance . 9
5.1 General. 9
5.2 Background context . 9
5.3 Roles and responsibilities . 10
5.3.1 General. 10
5.3.2 Roles and responsibilities of the stakeholders . 11
5.3.3 Change of responsibilities at the CTP . 11
5.4 Custody transfer within the dCoC process . 12
5.4.1 General. 12
5.4.2 The Mission Command Team viewpoint . 12
5.4.3 The custody transfer schema. 13
5.4.4 The metadata components . 14
5.5 Digital custody metadata . 14
5.6 Token-based authentication . 15
6 Context of the Custody Transfer Lifecycle . 16
6.1 General. 16
6.2 The custody transfer lifecycle . 16
6.3 Stakeholders and custody transfer points within the dCoC . 18
6.3.1 General. 18
6.3.2 Mission Command Team . 18
6.3.3 Reconnaissance Team . 19
6.3.4 Sampling Team . 19
6.3.5 Carrier Team . 20
6.3.6 Laboratory Team . 21
6.3.7 External System . 22
6.4 Traceability in Digital Chain of Custody . 22
6.5 The metamodel of the CTP dendrogram . 24
Annex A (informative) Macro representation of the dCoC process . 27
Annex B (informative) Dendrogram with multiple custody transfer nodes . 29
Bibliography . 31
European foreword
This document (CEN/TS 18053-1:2024) has been prepared by Technical Committee CEN/TC 391
“Societal and citizen security”, the secretariat of which is held by AFNOR.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the
United Kingdom.
Introduction
In situations involving chemical, biological, radiological, nuclear, and explosive (CBRNE) incidents caused
by natural or accidental events or deliberate actions like terrorism or warfare, it can be crucial to
accurately identify CBRNE agents by collecting and transporting samples to a laboratory. A digital chain
of custody system might contribute to ensuring the traceability and security of CBRNE evidence items
throughout the process. This process involves various stakeholders, emphasizing the significance of
maintaining the integrity of the chain of custody and documenting all actions, particularly at Custody
Transfer Points (CTPs), for easy auditing of the involved stakeholders.
In any digital Chain of Custody (dCoC) process, it is essential to identify stakeholders with specific roles
or participation in the dCoC process. These stakeholders may include the Mission Commander Team, the
Reconnaissance Team, the Sampling Team, the Carrier Team, and the Laboratory Team. The data
governance workflow aims to offer guidance on executing a secure digital transfer and identifying the
stakeholders involved as contributors to the evidentiary materials at each stage of the process. The
guidelines emphasize the importance of incorporating digital custody metadata (DCM) into the dCoC
process to ensure the integrity and non-repudiation of digital evidence items and to trace the custodian.
By including DCM, the dCoC process can provide comprehensive and accurate documentation of all steps
involved in the custody, control, transfer, and auditing of the digital evidence items, thereby increasing
transparency and accountability.
This document addresses services and final outputs concerning dCoC for CBRNE evidence items. The
concepts and terminology presented in this document are utilized by the definitions in ISO 22095 Chain
of Custody – General terminology and models. Additional definitions of concepts relevant to the CTP data
governance process specification and custody transfer of metadata structures considered by the digital
evidence log are also provided. Many of the terms and definitions listed here are also mentioned in the
EN 17173 European CBRNE glossary; although not mandatory, reading these two standards is suggested
to get familiarised with the terms and definitions listed for the chain of custody in the area of CBRNE.
The guidelines can be applied to other supply chains (e.g. food chains, retail logistics, etc.). The dCoC for
CBRNE digital evidence items represents a paradigmatic context to address data governance
considerations for evidentiary purposes in a highly demanding framework.
This document is intended to be used with Part 2 in order to ensure the implementation of the custody
transfer data governance process. Part 2 provides the technical details regarding the implementation of
the data structure for the DCM in each CTP in the dCoC.
NOTE 1 It is important to emphasize that across the European Union, there are several regulatory and legislative
procedures to handle the chain of custody for CBRNE incidents, so it is essential to take these considerations into
account. The use of the guidelines can vary based on the digital evidence procedures adopted in each member state
of the European Union.
NOTE 2 If the digital log for each custody transfer (i.e. who owns the custody at each transfer point) is not
preserved, the evidence submitted in the court might be challenged and ruled inadmissible.
1 Scope
This document provides an overview of the concept of Custody Transfer Point (CTP) within the digital
Chain of Custody (dCoC) process, including the identification and audit of the custody ownership and
metadata governance to ensure the integrity of the data at each CTP. The document also provides:
• Definitions of the concepts within the dCoC process related to the digital evidence log for each
custody transfer (i.e. who owns the custody at each transfer point);
• General guidelines for the data governance process within the CTP lifecycle, including identification
of the role of the stakeholders;
• Digital metadata management policies and compliance with good practices for non-repudiation of
the reported data regarding the ownership of digital evidence items within the custody transfer
lifecycle.
This is part one of two documents for the provision of Digital Custody Metadata (DCM) for managing data
related to the custody of digital evidence items. Part 2 complements this document by providing detailed
guidance on the steps in the data governance process within each CTP lifecycle.
The document aims to provide guidance to both technical and non-technical personnel, including
individuals accountable for compliance with statutory and regulatory requirements and industry
standards. It is designed to be helpful for a broad range of professionals, regardless of their technical
expertise, ensuring that all stakeholders involved in implementing the document's recommendations can
understand and follow them effectively.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at https://www.electropedia.org/
— ISO Online browsing platform: available at https://www.iso.org/obp
3.1
audit
process for obtaining relevant information about an object of conformity assessment and evaluating it
objectively to determine the extent to which specified requirements are fulfilled
[SOURCE: ISO 22095:2020, 3.5.6]
3.2
authorised custody carrier
person or entity which arranges transportation of digital evidence items, on its own behalf or on behalf
of others, in their name or on its own, even if using the means of others, responsible for the staff, vehicles
and structures which are made available
[SOURCE: EN 17173:2020, 3.33, modified by removing “radioactive material”.]
3.3
concern
matter of interest or importance to the stakeholder
3.4
custody transfer point
concept that documents and maintains a chronological history of digital information about the custody
transfer instant for a specific mission; part of the dCoC process (represented by a node in the
dendrogram), where the custodianship is transferred from one authorized custody carrier to another
Note 1 to entry: Provides a non-repudiation log with undauntable details on the point at which the evidence item
is defined as being delivered or loaded.
3.5
data governance
workflow focused on managing the quality, consistency, usability, security, and availability of
information, together with the governance checkpoint processes to show continued compliance
monitoring
Note 1 to entry: It includes setting policies that apply to how data are gathered, stored, processed, and disposed of.
It governs who can access what kinds of data are under governance.
Note 2 to entry: This process is closely linked to data ownership and stewardship notions.
Note 3 to entry: Data governance also involves complying with external standards - data policies - set by industry
associations, government agencies, and other stakeholders.
3.6
digital chain of custody
non-repudiation digital record with verifiable information about the possession, movement, handling,
and location of digital evidence items from one point in time until another
Note 1 to entry: A process by which inputs and outputs and associated information are digitally transferred,
monitored and controlled as they move through each CTP.
[SOURCE EN 17173:2020, 3.96, modified by focusing on tracking metadata related to the custodianship
of digital evidence items.]
3.7
digital custody metadata
data model that defines and describes data related to the custodianship and custody transfer of CBRNE
digital evidence items
Note 1 to entry: Metadata may describe data, data elements, or other objects.
Note 2 to entry: Metadata may include data descriptions, data about data ownership, measurements, indicators,
access paths, access rights, data volatility or any other information digitally provided.
[SOURCE: ISO/IEC 11179-1:2015, 3.2.16, modified by focusing the metadata structure on custodianship
at each CTP.]
3.8
digital chain of custody process
abstract description of a digital chain of custody (3.5) representing a sequence of custody transfer actions
with a generic set of parameters to monitor the execution of the information flow within the digital chain
of custody
Note 1 to entry: A workflow can be used to map out the execution of a custody transfer point (3.3) from its starting
point to its outcome.
3.9
digital evidence item
detailed digital information stored or transmitted in binary form that may be relied on as evidence
Note 1 to entry: Unlike physical evidence, it can be altered or deleted remotely.
Note 2 to entry: Provides actionable intelligence on the status of the evidence information at every point in time and
presents the findings for prosecution
Note 3 to entry: Stakeholders need to be able to authenticate the digital evidence and also provide additional
information to prove its integrity.
Note 4 to entry: A digital evidence item may refer to a physical sample and/or to a data measurement.
3.10
digital non-repudiation log
secure transaction log file with information that can't be denied as having taken place or being legitimate
3.11
digital twin evidence
digital representation of a physical evidence item, corresponding to a data model characterising a
physical evidence item or data measurement within a chain of custody process
3.12
custodian owner
stakeholder (i.e., person or information system) that has a custody, control or possession of data
regarding a digital evidence (3.8) item
Note 1 to entry: A custodian owner is defined as the resource that, at the moment, directly holds the custodianship
of a specific digital evidence item.
Note 2 to entry: From an information system perspective, databases and applications, network storage and digital
archives can also be considered a custodian resource.
3.13
custodian receiver
stakeholder that assumes the custodianship of data regarding a digital evidence (3.8) item
Note 1 to entry: This can be a person or information system
3.14
metadata
data that provides descriptive information about other data
Note 1 to entry: Metadata should be used to discover and characterize data artefacts within the digital chain of
custody (3.5).
3.15
mission
unique reference to an event requiring the implementation of a formal data governance process
coordinated by a mission command team
Note 1 to entry: Action-based statement with a set of metadata (3.13) identifying the purpose of a specific event.
3.16
mission resource
resource assigned to accomplish a specific task in the mission (3.14) and which is coordinated under a
mission command team
Note 1 to entry: A resource can be a person, equipment or any informational system used to accomplish a specific
task in the assigned mission
3.17
verification
confirmation of truthfulness through the provision of objective evidence that specified requirements
have been fulfilled
Note 1 to entry: The objective evidence needed for verification can result from an inspection, audit or other forms
of determination, such as performing alternative calculations or reviewing documents.
Note 2 to entry: The word “verified” is used to designate the corresponding status.
[Source: ISO 22095:2020 Chain of custody, 3.5.8 verification]
4 Symbols and abbreviated terms
AAA Authentication, Authorization, and Accounting (or Auditing)
API Application Programming Interface
CIA Confidentiality, Integrity and Availability
CTP Custody Transfer Point
DO Data Object
dCoC digital Chain of Custody
DCM Digital Custody Metadata
GUI Graphical User Interface
NFC Near Field Communication
SOP Standard Operating Procedures
STS Security Token Service
ROV Remotely Operated Vehicle
5 General Guidance
5.1 General
The flow of information in a typical chain of custody process is primarily done through paper documents
[1]. When creating a digital twin of this process, the rules for ensuring the authenticity and integrity of
digital data used for evidentiary purposes should be similar. Guidance should be provided on what
metadata to apply in the digital environment, especially when it is necessary to keep track of who has
custody of digital evidence at each handover point.
The purpose of the custody transfer point (CTP) is to encapsulate and protect information related to
digital evidence that needs to be transferred between two locations by mission resources. Digital custody
metadata (DCM) provides the metadata to characterize each CTP within the digital chain of custody
(dCoC) process. Because DCM often involves collecting sensitive data, it may be privacy-invasive.
Therefore, these guidelines are also intended to help ensure compliance with data protection aspects.
This section steers the dCoC process by providing stakeholders with guidelines to set up a practical and
reliable DCM audit and identify those involved in the custody transfer lifecycle. These guidelines aim to
establish rules for implementing CTP actions to ensure admissible integrity and ensure the chain of
evidence in administrative, disciplinary and judicial proceedings.
5.2 Background context
Maintaining the chain of custody is about preserving the integrity of the information in the digital custody
metadata (DCM). A consistent data governance workflow provides a trackable digital fingerprint
regarding the digital evidence item collected at the site scene and that it is in its original/unaltered
state [2].
DCM should be trustworthy, with little or no possibility for manipulation or human interaction. However,
data are easily transported, so data governance and uniformisation of metadata describing who owns the
custody at each CTP is required, such that:
• the dCoC consists of recording metadata information and access control and security issues for all
digital handlings in the process;
• the dCoC is also a chain of responsibility for the custodianship of digital evidence items as they move
through each CTP;
• during the dCoC process, the purpose is to ensure that the data claimed for a specific digital evidence
item are indeed the ones that are delivered in the output;
• the dCoC can use traceability records to identify the stakeholders that take legal ownership or
physical control over a specific digital evidence item;
• keeping a standardized record of the DCM is a critical issue, as the authenticity of metadata evidence
should be maintained (for further details on the DCM data model, please see Part 2);
• following a standardized process to ensure data quality within the dCoC is essential (for more
information, please see Part 2).
Another sensitive variable in the data governance workflow is the time and moment of contact with a
CBRNE digital evidence item, consisting of a (physical) evidence item (the sample package) and the DCM.
Knowing the evidence's current location is not enough [3]. An accurate log should be provided, tracking
the movement and possession of the digital handling at all times.
The dCoC process addresses this challenge by identifying the main features to monitor the custodianship
of CBRNE digital evidence items, triggering an alert message to the Mission Command Team (for a
detailed description, please see section 6.3) whenever a suspicious situation is detected. The following
sections provide information about considerations that should be attended to in the custody transfer.
5.3 Roles and responsibilities
5.3.1 General
Data governance means setting data management policies. It governs who can access what kinds of data
and what kinds of data are under governance [4]. Within the scope of the dCoC, the data governance main
goal is to create a digital non-repudiation log of each custody transfer, ensuring that:
• data are consistent and trustworthy and doesn't get misused;
• trigger situational-awareness notification to the intervening stakeholders whenever mishandling
situations are detected.
Figure 1 illustrates the dCoC data governance workflow, providing a high-level view of the stakeholders'
interaction and role within the dCoC process (for a detailed description, please see section 6.3). The dCoC
dendrogram creates a non-repudiation digital log of each assigned resource, and at each CTP, the physical
sample package and the corresponding DCM are transferred.

Figure 1 — The stakeholders and CTPs within a dCoC process
The dCoC data governance workflow should provide information about the digital evidence items and
corresponding metadata, including who owns the custody, the purpose and how the custody transfer
between stakeholders was accomplished. Compliance with a consistent process may improve the quality
of the DCM, which serves as a standardized reference for stakeholders assuming custody of the evidence
at each CTP.
5.3.2 Roles and responsibilities of the stakeholders
The role and responsibilities of the identified teams are summarized according to the planning and
operational levels.
• At the planning level, the Mission Command Team enables speed, agility, and decisiveness at the
operational level while providing the necessary decision space at the higher level. The Mission
Command Team is also responsible for managing the dendrogram of CTPs and assigned resources
(i.e. custody owner and custody receiver) within the dCoC process (see section 6.2.1 for more
information);
• At the operational level, the primary goal is coordinating ground operations to collect information
to answer the commander's information requirements.
o The Reconnaissance Team provides the necessary information and early warning of a CBRNE
scene assessment, enabling preliminary data collection on measurement data regarding CBRNE
digital evidence items. The next step is for the Mission Command Team to instruct the Sampling
Team.
o The Sampling Team should maintain close contact and exchange information with the Mission
Command Team, with a real-time update of the process execution (i.e. on-site scene operations).
The data from sampling operations supports the intelligence preparation of the operational
environment process and directly relates to ongoing and future operations.
o The Carrier Team is responsible for transporting the collected evidence to its final destination
for the subsequent analysis.
▪ Once physical samples have been packaged for transportation, the Carrier Team can escort
the package either to an intermediate transfer point or to an authorized storage location.
▪ The Carrier Team accepts custody of the package and is responsible for safely transporting
the package and reporting data according to the (pre-)defined communication protocol.
o The Laboratory Team is responsible for validating the package information handled by the
Carrier Team.
▪ The analyse of the samples is performed by the Laboratory Team. Therefore, they will have
to break the seal sealing the package. If the laboratory is not the final destination, they
should generate another sealed package and handle it to the assigned Carrier Team.
▪ Other workflows might be considered within the dCoC process, e.g. an on-site split of the
sample, partitioning of the sample into several replicates and subsequent transport to
different destinations. The Laboratory Team should ensure compliance with all those
possible scenarios.
5.3.3 Change of responsibilities at the CTP
The CTP provides a way to digitally document and validate the examination and analysis of evidentiary
metadata because all actions taken regarding the evidence should be authorized and recorded. The DCM
structure for each CTP should contain comprehensive information about the circumstances of evidence
collection, the individuals who handled the evidence, the duration of the custody, the conditions for the
handling and storage of the evidence, and the transfer of the evidence to subsequent custodians at each
transfer, including details about the resources utilized at each CTP.
The dCoC process should be considered a sequential documentation process that accounts for the
custody, control, transfer, analysis, and disposition of digital evidence items. As presented in Figure 2,
within the dCoC, the data governance ensures the integrity of the DCM. This means the traceability of the
record of control, transfer, and analysis of digital evidence items indicates transparency in the dCoC
process for each CTP lifecycle.

Figure 2 — Information workflow within the dCoC process
Preserving a chain of custody is all about following a consistent process. Therefore, within the digital twin
context, the custody owner could formally send a piece of digital evidence (or measurement data) to the
assigned custodian receiver. This implies that when the Mission Command Team creates a new CTP and
sets the corresponding resources, a workflow security token should be generated to mitigate the risk of
intrusions.
Metadata characterizing each CTP in the dCoC process is critical as evidence becomes unacceptable if
compromised. CTP should provide a non-repudiation log, with firm details at the point where evidence is
defined as delivered or loaded, allowing the entire process to be tracked for each digital evidence item.
Creating a CTP dendrogram provides the Mission Command Team with a graphical visualization tool for
the surveillance of the chain of evidence, identifying any situation that might compromise the dCoC (for
a detailed description, please see Annex B).
5.4 Custody transfer within the dCoC process
5.4.1 General
In this document, the chain of evidence is understood as the process of documenting each custody
transfer in the dCoC process. A set of metadata should be considered for each CTP to analyse and monitor
who holds physical and digital evidence item [5]. The aim is to ensure the traceability of digital evidence
from initial custody to the Laboratory Team's disposition of the digital evidence item.
5.4.2 The Mission Command Team viewpoint
The Mission Command Team should be able to know where, when and how a digital evidence item was
discovered, collected, processed, and when and who had access to it. The dCoC process should consider:
• What is a digital evidence item (e.g. provide a fingerprint of the digital evidence item)?
• Where was the digital evidence discovered, collected, handled or examined (e.g. GPS locations of the
resource which holds the digital evidence item)?
• Who manages (makes contact) with the digital evidence item (e.g. biometric characteristics)?
• Why (reason) is the digital evidence item relevant?
• When was the digital evidence custody produced, handled or transferred (e.g. provide a timestamp)?
• How is the digital evidence used (e.g. specify the SOP adopted)?
These considerations define best practices to ensure:
• the preservation of the chain of custody
• the integrity of the information structure, in particular, for auditing the DCM
• triggering awareness situations whenever a suspicious condition is detected.
Each CTP represents a vulnerability that might compromise the dCoC process. A standardized approach
with a well-defined DCM structure is recommended to ensure that the digital evidence can be accepted
as relevant.
5.4.3 The custody transfer schema
The structure of the CTP data model used to characterize a digital evidence item should contain all the
metadata needed to uniquely describe the data package transported from point A to point B. Figure 3
provides a framework of the essential components that should be considered for the data governance of
the stakeholders (also known as actors) involved in a CTP, along with metadata to characterize the CTP
lifecycle.
The framework suggests that DCM should be designed using a robust data model to feed a state machine
diagram of the current CTP state. For the CTP to change its state to a successful custody transfer, the
custody owner and receiver should acknowledge the reported metadata.

Figure 3 — Custody transfer schema within the dCoC process
Stakeholders should reject the CTP metadata if any suspicious information is detected. They should be
able to identify which section in the CTP data model triggered the detected inconsistency(ies). A Service
Design Thinking approach complemented by user experience techniques can provide the proper
framework to specify responsive GUIs for intervening stakeholders to acknowledge or reject the reported
CTP metadata.
A text field should be provided for writing any additional comments to the report. This kind of
information might be helpful to the Mission Command Team's understanding of the problem and support
their decision-making process.
The goal is to accurately monitor the possible states of the CTP, keeping a historical record of the alert
messages triggered by the system whenever an inconsistency is detected or reported by the intervenient
stakeholders.
5.4.4 The metadata components
Since a package can hold multiple samples, a set of metadata should be considered to standardize the
description of the data samples under consideration. Table 1 provides a high-level view of the data model
elements recommended to characterize a CTP.
Table 1 — The metadata structure of a CTP
Metadata Component Description
Metadata identifying the CTP within a specific CBRNE mission. A
CTP and Mission
dendrogram with multiple CTP nodes should be created for each mission.
Metadata characterizing the package used to transport the digital
Package evidence item. It corresponds to a data set describing the package and the
sample bags included inside the package being transported.
Metadata identifying the stakeholders intervening in the CTP. It identifies
who is the custody owner and who is the custody receiver. The custody
owner might be:
• The Sample Team, if it refers to the first CTP in the dCoC process;
Stakeholders
• The Carrier Team, if it relates to an intermediate CTP in the dCoC
process;
• The Laboratory Team, if it relates to an intermediate destination
where the original samples might be split or to the final
destination.
Low-cost technologies, such as QR codes, are recommended to optimize data collection on packages and
the corresponding sample bags placed inside each package [6]. Annex B provides an example of a CTP
dendrogram. It suggests using two types of nodes to visualize better when a digital evidence item is split,
identifying which stakeholders can manage the dendrogram.
For more information on the analysis and interpretation of digital evidence, see ISO/IEC 27042:2016.
5.5 Digital custody metadata
Digital information is considered different from paper information because of its intangible form. Digital
evidence is usually accompanied by metadata not found in paper documents. Digital metadata can also
cross countries and legal jurisdictions [2]. Therefore, handling digital evidence is much more complex
than managing physical evidence.
The DCM should follow a standard process to collect the metadata required for characterizing the CTP,
including identifying the resources assigned to the CBRNE mission. Contribute to creating a digital non-
repudiation log of each custody transfer from initial creation to final transfer or disposal. The main goal
is to provide formal chronological evidence showing who owns the custody of a CBRNE digital evidence
item as it moves through each CTP within the dCoC.
The descriptive data of a DCM is always relative to the object of description, meaning:
• if P is data and P→Q represents the descriptive relationship such that P describes Q, then P is
metadata about Q;
• P only becomes metadata once its descriptive relationship to Q is established.
The implications of these two statements are: (1) because metadata are data, it can be exchanged like
other data, but (2) to remain metadata, the exchange should include the associated context and
relationships.
The DCM defines the metadata structure for each CTP within the dCoC process. The metadata for each
custody transfer should:
• monitor who owns the custody at each CTP;
• provide chronological evidence of custody, control, transfer, and disposition;
• register information regarding the creation, modification history, ownership, or other provenance or
lineage information within the custody transfer lifecycle;
• support auditing procedures and quality control measures, including tracking data changes within
each CTP.
The DCM structure should identify and track all resources allocated to a specific mission. As such, the
DCM structure should provide information related to the following:
• resources (e.g. personnel, equipment and third parties' systems) assigned to the mission;
• standardized digital log for each custody transfer (i.e. who owns the custody at each sample transfer
point);
• information characterizing the sample package to be transported;
• a set of core indicators for assessing and monitoring the data flow in the dCoC process (e.g. tracking
CBRNE digital evidence items).
This is achieved by having rigorous and complete records of all actions to produce the DCM.
5.6 Token-based authentication
A token-based authentication simplifies securing access to on-premise or cloud-based applications [7]. It
enables organisations to adopt digital transformation initiatives by securely sharing their information
through APIs with external entities. Such a token-based authentication provides the following benefits:
• authentication requires users to own a token (a computer-generated code) before they are granted
access to a network or a resource;
• enhance security by:
o providing a strong multi-factor authentication process for identity and access management;
o removing reliances on weak login credentials;
o incorporating Security Token Service (STS).
A dCoC process token is generated as an attestation token to confirm the trustworthiness of the running
workflow. It encrypts a set of specific parameters with which a workflow token runs. Logs for workflow
failure are tokens that, by design, require administrator access. Permission to view logs would include
the details of why the workflow failed, including sensitive information that is blocked by design.
A token-based approach should use highly secure encryption algorithms [8]. The recommended method
for this to work is to consider specific technologies, such as Smart Contracts with Blockchain and Near
Field Communication (NFC) [9], in the dCoC process.
• Blockchain in Smart Contracts is a way to guarantee the auditable integrity of the DCM and the
traceability of custodians. Smart Contracts might help automate the workflow's execution so that all
participants can be immediately sure of the outcome without any intermediary's involvement or time
loss ;
• NFC sensors have a relatively short range, which discouragesinterference from afar, as close physical
proximity is needed to interact with the NFC system. NFC provides a medium for blockchain to
interact with the physical world, and blockchain verifies NFC tags to detect and prevent tampering;
• NFC technology combined with Blockchain in Smart Contracts provides a highly secure network with
an immutable digital ledger and transparent data exchange. Blockchain alone operates in a purely
digital space; connecting physical objects to a blockchain is necessary. NFC tags can translate physical
objects, locations, and markers into digital data.
Combining the two technologies within Smart Contracts leads to flows with increased transparency, more
security and automated administrative operations. It creates a digital identity, providing a safer
connection to product origin/ data authenticity and improved tracing and tracking of the digital evidence
items' journey through the dCoC.
To streamline communication between the Mission Command Team and other resources on site, a dCoC
process necessitates the use of multi-channel communication. Additionally, adhering to the
authentication, authorization, and accounting (AAA) security framework is advised to enhance security,
facilitate intelligent management of access to digital resources, and enforce data policies and custody
transfer auditing.
6 Context of the Custody Transfer Lifecycle
6.1 General
This section addresses a typical configuration of stakeholders participating in the data governance
process and their roles and responsibilities within the dCoC process. The approach sets the context and
boundaries of the custody transfer process and its relation to external systems.
6.2 The custody transfer lifecycle
Figure 4 provides an overview of the dCoC process, outlining the CTP as a critical point within the dCoC
process. For simplicity, the schema considers that the Reconnaissance Team and the Handling Team do
not assume the custody of any sample evidence, as the Sampling Team is responsible for collecting field
samples. The Reconnaissance Team has the potential to collect valuable evidence information at the site
scene that could aid the Mission Command Team in determining specific aspects of the digital evidence
items that should be included in the DCM's metadata structure. This information may be crucial for the
Sampling Team to be aware of when gathering digital evidence items.
NOTE Some CBRNE missions also include a Handling Team. Its role is to assist the Sampling Team at the
decontamination zone. This unit is smaller than the Sampling Team, but the level of operations is similar, covering
how to conduct sensitive site exploitation and methods for CBRNE sample collection and management. Within the
dCoC process, the Handling Team is considered a Carrier Team
The Reconnaissance Team evaluates the scenario and defines possible sampling spots/objects by pre-
filling the samples' forms. Then the Sampling Team collects and identifies the samples using any
electronic means and adequately packages the collected samples into a sample container, providing
instructions to the Carrier Team on how to transport the package. The
...