I. LEGAL BASIS OF CHAIN-OF-CUSTODY IN SOUTH KOREA

1. Constitutional Foundation

Chain-of-custody rules derive from:

• Due process rights
• Privacy protections
• Fair trial guarantees

Courts consistently hold that digital evidence must be:

• Lawfully obtained
• Properly preserved
• Continuously traceable

2. Criminal Procedure Act Requirements

Chain-of-custody is embedded in rules governing:

• Search and seizure
• Inspection of electronic records
• Evidence handling and presentation

Key requirements:

• Warrant-based seizure
• Documentation of every transfer
• Controlled forensic duplication (imaging)
• Integrity verification (hash checks)

3. Supreme Court Doctrine

Korean courts emphasize three principles:

(A) Integrity Principle

Evidence must remain unchanged from seizure to trial.

(B) Traceability Principle

Every person who handles evidence must be identifiable.

(C) Continuity Principle

No “gap” in custody chain is allowed.

4. Digital-Specific Rule Expansion

Because digital evidence is easily copied or altered, courts require:

• Forensic imaging instead of direct analysis
• Hash verification (MD5/SHA-type integrity checks)
• Audit logs of every access
• Controlled storage systems (evidence servers)

II. CHAIN-OF-CUSTODY AUDIT PROCESS IN SOUTH KOREA

Step 1: Seizure Logging

Authorities must record:

• Time and place of seizure
• Device type
• Serial numbers
• Investigator identity

Step 2: Evidence Sealing

• Physical sealing of devices
• Tamper-evident packaging
• Unique evidence ID assignment

Step 3: Forensic Imaging

• Bit-by-bit duplication of storage
• Original device preserved untouched
• Hash values generated for verification

Step 4: Custody Transfer Logs

Every transfer must document:

• Who transferred evidence
• When transfer occurred
• Why transfer occurred

Step 5: Forensic Analysis Control

Analysis must be:

• Conducted on cloned image
• Logged with full audit trail
• Restricted to authorized personnel

Step 6: Court Submission Validation

Courts evaluate:

• Continuity of custody
• Integrity of digital images
• Presence of unauthorized access
• Compliance with warrant scope

Step 7: Judicial Audit Review

Judges may exclude evidence if:

• Gaps exist in custody chain
• Evidence integrity is uncertain
• Unauthorized duplication occurred

III. MAJOR CASE LAWS ON CHAIN-OF-CUSTODY AUDITS

1. Supreme Court 2011Mo1839 (Digital Evidence Participation & Integrity Case)

Facts

Investigators seized digital devices and extracted data without proper suspect participation or full procedural transparency.

Issue

Whether incomplete procedural involvement affects admissibility.

Judgment

• Search & seizure includes copying and analysis stages
• Suspect must be allowed participation
• Improper procedure can invalidate evidence

📌 Principle:
Chain-of-custody includes the entire forensic lifecycle, not just seizure

2. Supreme Court 2019Do4938 (Improper Digital Evidence Handling Case)

Facts

Police examined and copied voluntarily submitted digital devices without properly documenting seized electronic information.

Issue

Whether lack of proper inventory and participation violates chain-of-custody.

Judgment

• Authorities must document all electronic files extracted
• Must ensure suspect participation in handling process
• Failure undermines admissibility

📌 Principle:
Undocumented extraction breaks chain-of-custody integrity

3. Supreme Court 2023Do12127 (Illegally Obtained Evidence + Derivative Evidence Case)

Facts

Evidence was obtained through procedural violations and later used to build a corruption case.

Issue

Whether derivative evidence is admissible if chain-of-custody is compromised.

Judgment

• Illegally obtained evidence is inadmissible
• Secondary evidence is also excluded unless causal link is broken
• Prosecutor bears burden to prove independence

📌 Principle:
Chain-of-custody violations contaminate all derivative evidence

4. Supreme Court 2015Do9747 (Expanded Search Beyond Scope Case)

Facts

During forensic analysis, investigators discovered unrelated evidence and continued searching without a new warrant.

Issue

Whether extended analysis violates custody/legal boundaries.

Judgment

• Investigators must stop immediately
• New warrant required for additional scope
• Continued analysis invalidates evidence chain

📌 Principle:
Chain-of-custody is tied to warrant scope boundaries

5. Supreme Court 2022Do1452 (Remote Server / Cloud Forensics Case)

Facts

Investigators accessed cloud data through a seized device without separate authorization.

Issue

Whether remote data accessed via device is validly seized.

Judgment

• Cloud data is separate from device data
• Must be explicitly included in warrant
• Unauthorized access breaks procedural chain

📌 Principle:
Remote access without warrant breaks forensic custody legality

6. Supreme Court 2020Do10729 (Digital Imaging & Evidence Integrity Case)

Facts

Large-scale forensic imaging of digital devices was conducted, and defense challenged integrity of stored images.

Issue

Whether forensic copies without strict procedural compliance are valid.

Judgment

• Forensic imaging must strictly follow warrant and procedure
• Improper imaging undermines evidentiary reliability

📌 Principle:
Forensic image integrity is central to chain-of-custody validity

7. Haru Invest Cold Wallet Seizure Case (Judicial Custody Boundary Issue)

Facts

Authorities seized cold wallet keys but did not transfer crypto assets properly into controlled custody.

Issue

Whether seizure is complete without proper asset transfer.

Judicial Finding

• Seizure incomplete until assets are fully transferred under legal control
• Recovery key alone is insufficient custody

📌 Principle:
Chain-of-custody requires actual control transfer, not just access tools

IV. KEY AUDIT FAILURE TYPES IDENTIFIED BY COURTS

1. Missing Custody Logs

• No documentation of evidence transfer

2. Unauthorized Access

• Analysts accessing data outside warrant scope

3. Broken Imaging Integrity

• No hash verification or altered images

4. Scope Expansion

• Investigators exceeding original warrant

5. Cloud Access Violations

• Remote data accessed without authorization

6. Lack of Participation Rights

• Defense excluded from seizure process

V. HOW SOUTH KOREAN COURTS REVIEW CHAIN-OF-CUSTODY

Courts apply a strict review standard:

1. Was the seizure legally authorized?

2. Was evidence properly documented?

3. Was forensic imaging correctly performed?

4. Is there uninterrupted custody traceability?

5. Was scope strictly maintained?

6. Is digital integrity proven (hash verification)?

If ANY answer is negative → evidence is often excluded.

VI. LEGAL EFFECT OF CHAIN-OF-CUSTODY BREAK

If chain-of-custody is broken:

1. Primary evidence is excluded

2. Derivative evidence may also be excluded

3. Investigation may need to restart

4. Prosecutorial burden increases significantly

VII. CURRENT LEGAL TREND IN SOUTH KOREA

South Korea is moving toward:

• Automated digital audit logging systems
• Blockchain-based evidence tracking concepts (experimental)
• Stronger defense participation rights
• Increased exclusion of improperly handled digital evidence
• Higher standards for cloud and remote evidence custody

CONCLUSION

Chain-of-custody audits in South Korean digital forensics are:

A strict, court-enforced legal integrity system that governs every stage of digital evidence handling.

Core legal reality:

• Evidence validity depends on procedural continuity
• Every handler must be traceable
• Any break in custody can invalidate the entire evidentiary chain
• Courts prioritize process integrity over technical correctness