Introduction
Evidence tampering is a criminal offense. It is an act in which a person alters, falsifies, or conceals evidence with the intent to interfere with an investigation process being monitored by law enforcement, government, or regulatory authority. In this age of digitization, it is more important than ever before to take critical measures to detect and mitigate cases of digital evidence tampering through a foolproof mechanism.
In view of which VIDIZMO offers Evidence Tamper Detection that makes your DEM system capable enough to identify that an attempt to compromise evidence integrity has been committed. This detection of the threat enables the user to verify whether the evidence is in its original form or not
Concept
Digital evidence carry critical and crucial information related to a Case, therefore, they are required to be protected through such a mechanism that ascertains that evidence or rendition of that evidence has been tampered with or not. To empower organizations to be able to run tamper detection workflows, VIDIZMO computes an unmistakable fingerprint of each digital file (evidence) upon upload, known as Hash value. Since any modification of the evidence file would alter its Hash value (calculated using attributes of the content using a cryptographic algorithm), therefore, this Hash provides proof that any digital evidence is exactly the same as the original (since upload). To learn about how you can use it, see: How to Detect if an Evidence has been Tampered?
Note: A Manager+ portal user can turn on the Evidence Tamper Detection App. In order to learn more see: How to Enable Content Tamper Detection App
Please read further to understand how VIDIZMO achieves Content Tamper functionality.
Process
Original Hash Computation
Once you have switched on the Content Tamper Detection app in your portal, when a user uploads certain evidence into the VIDIZMO portal, it goes through an encoding workflow that transcodes the uploaded evidence producing various qualities and renditions for multi-platform playback. At the end of the encoding activity, another process is initiated which downloads all evidence renditions from the storage and generates their original hash to be stored in the database for future reference. Multiple hashes are generated for multiple evidence renditions using the SHA (Secure Hashing Algorithm) Algorithm. The hash is used as a unique value of fixed size representing a large amount of data which is called hash value .
Tamper Verification Workflow
As soon as the evidence is uploaded, the workflow indicates the verification status of each evidence upon its thumbnail. This entails that as the evidence is ingested into the system, the system will initially compute its original hash and mark it verified for the Portal users.
Now, during the investigative/inspection process, it is potentially possible that the integrity of an evidence is compromised. VIDIZMO provides an option to verify the integrity of an evidence by re-initiating the workflow, but this time only to check if the unique composition of the elements of the current file in the content storage generated in the form of a hash, is still veritably the same as the original hash value stored in the database against that file.
The workflow initiated after a request for Tamper Detection shall be responsible for:
- Accessing the content from its content storage URL stored in the database.
- Downloading the content files from the content storage to a temporary workflow folder.
- Generate hash values against every file based on their unique elements and attributes.
- Match current hash value with the original hash value stored in the database; the original hash for the file is the one generated and saved during upload.
- After this, the temporary folder in which files were downloaded for their current hashes to be calculated is discarded along with the files.
Note: In a case where Azure Blob Storage and AMS Encoder is configured as the specified storage provider in the portal, the hashing process remains the same.
Outcome
The hash value of evidence renditions generated at the time of running evidence tamper detection workflow must match with the corresponding hash value of evidence renditions generated at the time they were ingested into the system, only in this case shall the evidence be marked as verified in VIDIZMO Portal. In case of a mismatch, the evidence shall be prominently distinguished by tagging it as Tampered. Click, to learn more about: How to View Tamper Report on Evidence
Here is how a comprehensive Tamper Detection report is processed and generated:
- The afore-mentioned step shall be repeated for every rendition or file associated with the evidence stored in the content storage.
- Based on the verification results, a report shall be generated within the Evidence Info section, that will inform users of the status of each rendition of the file – if it has undergone tampering or remains legitimate.
- An authorized user can view this report by clicking on the Evidence Tamper status.
In Bulk Evidence Tamper detection, the entire hashing mechanism that triggers content tamper detection workflow remains the same. The only difference being all files associated that digital evidence will be downloaded for tamper detection. Click, to see: How to run Evidence Tamper Detection on Bulk Evidence
Note: In case of Timed Data (Closed Caption/Drone Data) or any Playback Support file (e.g. .m3u8) tampering, the evidence will be tagged as Tampered. But in Evidence Tamper Report there will be no visibility against which file has been tampered with.
Use-Case Scenarios
Law Enforcement Agencies
Law enforcement agencies rely extensively on digital evidence for investigative processes and court hearings. There is a clear benefit to having ample information to obtain convictions, but if there is no guarantee about evidence authenticity then justifying a verdict can be difficult. To help you gauge evidence integrity, VIDIZMO’s Digital Evidence Management (DEM) can be used where evidence can be identified by its originality using Tamper Detection functionality.
Tele diagnosis in Healthcare
Tele diagnosis refers to remote diagnosis. These platforms are designed to enable transmission of physical examination records and medical reports remotely or concurrently to a specialist at a different or the same geographical location. The examining specialist doctor may be in the same geographical region at the same time as the examination, or the specialist may be remotely located.
Evidence Tamper Detection provides a futuristic approach in TeleDiagnostic platforms to ensure that records of images and videos preserve the diagnostic quality and originality even after being subjected to compression procedures for transmission. Using VIDIZMO, any kind of change in any rendition of any kind of healthcare media can be identified.