What is the chain of custody in incident investigations?

Chain of custody is the documented, chronological transfer of evidence to preserve integrity and admissibility. It tracks every step of handling the item—from collection at the scene, through storage and analysis, to presentation in court or investigation case files. This includes who handled the evidence, when and where it was moved or accessed, and how it was stored (sealed containers, access controls, and storage locations). Maintaining a clear chain, with timestamps, handler IDs, and any integrity checks (like hash values), helps prove the evidence hasn’t been altered and is reliable for decision-making. The other options describe narrower or different concepts: merely noting who handled it last before disposal doesn’t cover the entire lifecycle; a timeline of evidence significance isn’t about handling or custody; a description of how the evidence was found focuses on discovery, not ongoing control and integrity.