You are a digital forensics intern at Azorian Computer Forensics, a privately owned forensics investigations and data recovery firm in the Denver, Colorado area. Azorian has been called to a client's site to work on a security incident involving five laptop computers. You are assisting Pat, one of Azorian's lead investigators. Pat is working with the client's IT security staff team leader, Marta, and an IT staff member, Suhkrit, to seize and process the five computers. Marta is overseeing the process, whereas Suhkrit is directly involved in handling the computers. The computers must be removed from the employees' work areas and moved to a secure location within the client's premises. From there, you will assist Pat in preparing the computers for transporting them to the Azorian facility.

NOTE: Before answering the following question, familiarize yourself with the term "Chain of Custody." Evidence is always in the custody of someone or in secure storage. The chain of custody form documents who has the evidence in their possession at any given time. Whenever evidence is transferred from one person to another or one place to another, the chain of custody must be updated.

A chain of custody document shows:

What was collected (description, serial numbers, and so on)

Who obtained the evidence

Where and when it was obtained

Who secured it

Who had control or possession of it

The chain of custody requires that every transfer of evidence be provable that nobody else could have accessed that evidence. It is best to keep the number of transfers as low as possible.

Walk through the process of removal of computers from the employees' work areas to the client's secure location and, eventually, to the Azorian facility. Who might have possession of the computers during each step? It is strongly suggested that you sketch a rough diagram or flow chart of the process.

NOTE: Each transfer of possession requires chain of custody documentation. Each transfer requires a signature from the person releasing the evidence and the person receiving the evidence. Include the from/to information in your diagram or flow chart.