Digital Evidence sharing is not simple. It calls for several measures of security to prevent data breach and tampering in all forms. What are these measures, and what is the optimal solution that cumulatively provides us with these options altogether?
Let’s take it back to the preexisting mechanisms of sharing evidence files to better understand the problem at hand. Following that we will analyze the measures that can be taken, and then present you with a solution that can help you implement it all.
Redundant Ways of Sharing Evidence
Times have changed. Evidence files ingested from multiple digital sources, including body cams, dashcams, CCTVs, mobile phones, and several other mediums, are no longer shared using the old-fashioned way – through hard drives, pen drives, floppies, and CDs. Considering how much digital evidence we have now, to share digital evidence this way is both impractical and highly unsecure.
The future is in the cloud!
No, we’re not talking about changing the weather with artificial clouds - that’s pretty far-fetched from what we work with anyways. This is about cloud storage technology.
The present age demands all information to be on the cloud – that too for a number of reasons surrounding ease of data accessibility, security and little to no storage limit constraints. This means we are storing, managing and sharing evidence from online cloud platforms too.
Simply put, our means to share digital evidence has gotten digital too.
But knowing the nature of the type of data digital evidence itself is, sharing it through an online cloud platform is not a piece of cake, nor the best option to just go with just any service provider on the webs.
So, what are these hurdles that fall before us when sharing evidence online and how do you go about them? Are there any possible solutions that resolve this matter for us entirely?
These are the objectives this blog is bound to explore.
Sharing Evidence Online – The Complexities
Storing evidence files on the cloud is a nifty way to solve a lot of issues surrounding the matter. You don’t have to worry about storage, because your cloud service provider will be managing that on their end. Based off your subscription for a tenant on the cloud, you can have your storage and customized to store terabytes or even petabytes of digital evidence data.
But the bigger concern that pops up when talking about digital evidence is the security of your data. Fortunately, unlike an on-premises storage at your local data center, cloud storage providers handle security of all data on their end.
They implement various security protocols and mechanisms, such as encryption-based security to protect data at rest and in transit, of which the most optimal is AES-256 encryption algorithm. DRM also adds additional protection of stored data.
With storage and security out of the way, we’re left with one thing – sharing. Digital evidence won’t stay boxed up forever. At some point sooner or later it is to be requested by law enforcers, courts and jury or other personnel to be reviewed, analyzed by prosecutors, and presented at hearings.
Therefore, the aspect of securely sharing digital evidence is a big one. But we cannot summarize it as link sharing with password protection on files. There’s a lot more to be asked of a system that allows you to share your evidence file.
The Concerns With Sharing Digital Evidence
Securely sharing evidence is a challenge much different than securely storing evidence data. One must always be vary of the file(s) being shared, both internally and externally, in terms of access.
Perhaps the user wants to limit the access down to only a specific period of time and then revoke it. Or maybe the user wishes to only send it to a certain user without allowing them to send it to their colleague or any other individual. What if the evidence file contains some critical government information, which, even after redaction, contains information that they could cause legal violations if leaked to enemy states? What if the receiving user is maliciously downloading the critical evidence files and sharing it around with unauthorized personnel?
There are a few elements that may be of varying concern, depending on the nature of the evidence files being shared. Some common things to ask yourself, as a law enforcer, when sharing digital evidence through an online platform include, but are not limited to, the following:
- Is the data being shared with your destined user limited to said destined user?
- What types of rights are you providing to the user and are they able to bypass these restrictions?
- Can you prevent a file from being accessed by a particular domain or region in case of a breach?
- Can the user be restricted entirely from accessing any files provided to them if any malicious or suspicious activity is detected on their end?
- Can you segregate your files based on different user roles, or create portals for restricting access amongst different user groups?
7 Features To Ensure Secure Digital Evidence Sharing
A number of advanced sharing options can be implemented in order to ensure such concerns are eliminated or counteracted against, thus allowing complete control over sharing critically confidential evidence files.
Liberty of Link Expiry on Shared Links
The individual sharing a link to a file should have the capability to provide an expiry for the link. This allows the sharer to limit access to a file and allow it for only a specific amount of time. The sharer should also have the capability to expire a link whenever necessary, regardless of if an expiry is provided or not. This is accomplished through tokenization of links.
Multiple Link Generation
Generating multiple links for a single file allows you to have varied access control for different users. If the sharer wishes to prevent a certain user or group from accessing a file, they can limit it by setting an expiry for one link instead of eliminating access from every user holding a shared, single link.
Access Restriction for Unauthorized Users
Knowing the nature of digital evidence files, often these files carry critical information that may not be shared beyond certain individuals at any costs. When generating a shareable link, the user can specify if the file can be accessed only by users to whom the link was specifically shared with, or anyone who tries to access the file through the link.
IP Restrictions & Domain Restrictions
When unauthorized activity is detected from a certain individual or region, the sharer can restrict access by restricting it using the receiving end’s IP address, or pool of IP addresses for an entire domain or region.
Restrict Downloads and Embedding
Evidence files being shared are often meant to be viewed only by the receiver. In such cases, downloading the evidence media, embedding it into any external medium or similar practices are unauthorized by all means.
Password Protection for Files Shared Through Links
The user can set a password for an individual file. This allows the user on the receiving end to only be able to access the file if they are in possession of the password for it. This goes on to further limit unauthorized access.
Force an HTTPS Connection for a User
In order to eliminate the security threats from HTTP and other redundant connections, the sender can set the file to force the receiving user to only be able to view the file in a HTTPS connection. This allows for continuous SSL-based secure access of the content along with protection from man-in-the-middle attacks.
Read more on Secure Evidence Sharing
What A Digital Evidence Management System Has To Offer
Before your mind ponders off to find yourself a solution which offers all these capabilities; we’ll stop you right there as we tell you what the perfect solution for the job is – an ideal digital evidence management system. Unlike a simple file hosting service, a digital evidence management system will offer much greater control over the files being shared.
Read more here for a comparison of content management systems and file hosting services, for digital evidence.
The best perk of using a digital evidence management system is that they will offer you most, if not all, of the features that we have spoken of earlier.
While we do not discourage you from doing your own research for options, we know you do not have all the time in the world to go about looking over each DEMS system out there.
So, we’ll simply break it to you; not many digital evidence systems will be providing you with each of the aforementioned sharing options altogether. You might have to use third-party tools or multiple options to gather up all of these features for incorporating all of these advanced sharing capabilities.
Fortunately for you, VIDIZMO offers you the perfect solution right here!
VIDIZMO’s Digital Evidence Management System is a complete evidence management solution that provides the complete set of options necessary when it comes to sharing critical and confidential evidence files with the specified recipients.
But advanced sharing capabilities is not where VIDIZMO stops – there’s plenty more on the platter where that came from. VIDIZMO DEMS is a complete solution for digital evidence management. That includes:
- Ingesting digital evidence from multiple sources of data
- Storing it; be it in on the cloud (government or commercial), as SaaS or in a datacenter of your choice
- Keeping it secure, both at rest and in transit, using AES-256 encryption and DRM
- Preventing any form of tampering using SHA protection
- Integration with RMS, CMS or other existing systems
- Ability to create separate portals for the public, prosecutors, internal affairs and others
- Integration of AI-based automized solutions to implement automatic redaction through on-demand face detection, automatic transcription and translation, speech-to-text conversion and other features
- Provides a proper audit log through maintenance of a Chain of Custody for each individual evidence file
- Assign case folders to respective prosecutors for limited access and other features
- Place annotations in evidence, add comments to files, place meta data tags and other details
- Provides tools to keep you compliant with frameworks such as GDPR, CJIS, CRoC, FedRAMP, HIPAA, and others