What is chain of custody in digital forensics?

Chain of custody is the documented chronological record of who handled evidence, when, where, and why, from the moment of collection through presentation in court or final disposition. Each transfer must be recorded with signatures, dates, and descriptions of actions taken. For digital evidence, chain of custody also includes cryptographic hashes computed at collection time and verified at each transfer to prove data integrity. A broken chain of custody may cause evidence to be ruled inadmissible in legal proceedings because its authenticity and integrity cannot be guaranteed.