Digital evidence is increasingly becoming a core part of all investigations, ever-increasing in size and creates multiple problems when it comes to handling and managing them. There are two ways in which digital evidence assists a case:
Indirectly in a conventional crime case with evidence from multiple sources like CCTV cameras or mobile phone data.
- Directly in a cyber-crime with digital evidence playing a central role as the crime was committed digitally, like a malware attack or a cyber-scam.
Interpol has assessed that cyber-crime has constantly been rising, especially since the start of 2020, when the COVID-19 pandemic began. The attacks' target has shifted from minor individual cases to large corporations, government organizations, and critical healthcare institutes. With workforces moving online, the pandemic has led to the creation of many weak digital infrastructures that the criminals are exploiting to access sensitive information and create disruptions.
There is no denying that the increased digital data trail provides more avenues for law enforcement agencies to catch criminals. However, it is only possible if the technology and data are appropriately secured, handled, and analyzed while meeting all the set evidence integrity standards and compliances. Handling digital evidence brings about a tirade of problems for the agencies. Here is a list of 6 major problems faced by law enforcement agencies while handling digital evidence and more, importantly, how you can minimize the risk:
Risk of Data Breach, Tampering, and Cyber Attacks
Obtaining digital devices and evidence is easy in most cases. The tricky part is securing that evidence and protecting it from data breaches, as digital evidence is at high risk of cyber-attacks and evidence tampering. It is difficult to prevent these attacks and even more difficult to detect tampering of evidence as it is done discreetly to make it seem like the evidence is still intact. Data breach frequently happens and can lead to leaked identities and loss of evidence.
Agencies must have preventive measures in place to avoid this digital evidence problem. The best solution is to opt for a high-quality enterprise-grade evidence management system with a robust security system in place for evidence protection and tamper detection. It should help maintain audit logs to track the lifecycle of evidence, ensure Chain of Custody, and preserve evidence in its original state. Otherwise, the evidence could be made inadmissible during the trial on the grounds of being altered.
When it comes to storage of data, it’s important to store them in encrypted formats and within hardware that has built-in security protocols. A good option is look for a cloud provider that has high grade security within its datacenters, for example AWS or Azure cloud.
Diversity of Digital Devices, Data Type, and Volume
According to research, an estimated 80% of cases have some form of video evidence linked to it. Video and other forms of digital evidence now exist in multiple formats extracted from different devices like CCTV cameras, body-worn cameras, home security cameras, cell phones, etc.
For agencies, the problem is that the volume of digital evidence is increasing at an exponential rate. The agencies simply do not have enough storage space to retain all the information. It is also humanly impossible to manually sift through all the evidence in different devices and file types to find useful insights.
A way to swiftly solve these problems is by taking the help of a Digital Evidence Management System. It auto-ingests the evidence from multiple sources and supports multiple formats to provide a centralized portal for storage, protection, and analysis. It also helps sift through bulk data, meet compliances, and extract insights through AI features like:
- AI-enabled Search within the evidence for spoken words, faces, and objects like license plate
- Automatic video redaction of personally identifiable information like faces, words, etc.
Time-based filtered search to jump to the point where certain words were said or faces were shown
This solution speeds up the investigation and allows officers and detectives to focus on actual analysis of relevant information.
CJIS Security Policy clearly states that agencies need to store digital evidence in a controlled environment or secure physical location and restrict access to authorized individuals only. This is a problem that agencies struggle with a lot while handling digital evidence, especially when they are enormous in number.
While storing the data in a virtual environment, agencies need to control access based on user roles so that access to evidence is given to authorized personnel only. Also, keeping audit logs helps in tracking who viewed the evidence at what time. Choose a digital evidence management solution that allows such user and content segregation through secure and separate portals and case folders. The system administrators should also not have access to the evidence files.
Errors and Mishaps
No human is perfect, and errors are bound to happen due to causes like unintentional biases, excessive workload, technology usage error, random mishaps, etc. It is crucial to have trained personnel with appropriate knowledge and experience. The workload should be managed appropriately so that the investigation is not affected negatively. Any minor error could lead to evidence being made inadmissible in court.
Technology and automated systems should be utilized properly to help investigators manage the workload and focus on the right information. To avoid mishaps, everyone except the chief investigator can be given view-only access so that the files are not mistakenly altered or deleted. Also, choose a digital evidence management solution that allows the retrieval of the original file if some mishap has occurred in the shared version. Technology should also be used to monitor all tasks to prevent avoidable errors. Also, it is extremely important to provide routine training of evidence handling, procedures to be followed and technology usage to the investigators.
Transfer of Data
Evidence is most at-risk during transfer as data could be breached, exposed, or tampered with. Protecting digital evidence during transit is very difficult. Storing on traditional devices like USB or laptops with just password-protection is not enough as these can easily be stolen and hacked. Simple online transfer through email is even riskier.
It is stated in the CJIS Security Policy that during transmission of criminal justice information, the data should be encrypted to ensure protection. The encryption has to be FIPS 140-2 certified. Hence, while adopting any digital evidence management solution, choose a solution that complies with these policies and follows all the required protocols to ensure secure transfer.
Presenting in Court
Finally, all efforts are left in vain if the digital evidence is made inadmissible in court due to problems in handling it appropriately. Agencies should also be aware of how the evidence can be presented based on the court's technology setup and internet connectivity. Based on that, evidence should be transported and presented securely.
Download and present the evidence if it cannot be shown directly. If possible, capture and print image stills of video evidence and submit all other documents and images in print form to supplement the digital presentation. Prosecutors must be aware of all the evidentiary requirements of admitting different types of digital evidence to ensure all the procedures are strictly followed. Here is Primer for Prosecutors regarding the benefits, challenges, and guidance for presenting video evidence in court.
Moreover, proper documentation of digital evidence’s chain of custody is required to prove in court that the evidence was retained in its original form and not altered in any way. This chain of custody record record should mention the time and place the evidence was collected from, ownership details of the evidence, where it was stored and details regarding who had access to it at what times.
Maintaining a chain of custody is difficult when it comes to digital files and, it is therefore, important to ensure that the digital evidence management solution you opt for provides a complete Chain of Custody report to record and show all these details. In case there is ever a doubt regarding an evidence being altered, the evidence could be made inadmissible in court.
Digital evidence is a core part of all investigations, so law enforcement agencies should adopt appropriate measures and solutions to combat the problems mentioned above. As stated earlier, adopting a comprehensive Digital Evidence Management solution will lead to a smoother, speedier, and more accurate investigation.
VIDIZMO's Digital Evidence Management System is a secure and centralized all-encompassing solution for storage, management, analysis, and sharing of multi-format and multi-source digital evidence. It provides the highest level of security through features like tamper detection, audit logs, chain of custody report, and much more. Comprehensive role-based access management options are also present, allowing evidence uploaders to restrict access based on user roles or groups. Among these, they can define who can only view, download, share, etc. Moreover, its in-depth analysis and automation tools include:
- Frame-by-Frame video analysis
- Object and facial recognition to help in automatic redaction, searchability, and analysis
- Search within evidence
- Evidence crime map
- Automatic transcription and translation of transcriptions