Operating in the realm of virtual evidence management can present challenges for law enforcement agencies both large and small. However, the transition to virtual platforms is not only inevitable, but can be an immediate process under certain circumstances. There is a growing need for law enforcement to remain on pace with technologies geared toward digital data collection and sharing. The evolution of the virtual management of digital evidence started in the early 1990s; however, tangible solutions have only recently begun to materialize over the past five years. This latest step forward has come primarily in response to innovations in technology concerning cloud computing solutions. These advancements have helped to accelerate viable evidence management options for law enforcement. Additionally, social justice initiatives have prompted legislative changes in efforts to spark shifts within the criminal justice system in relation to prosecutorial evidence.

Cellphones, computers, and servers… oh my! Entertaining the management of the evidence gathered from these types of devices and systems is very much a discouraging start to the yellow brick road. The sudden surge of digital evidence has left some agencies scrambling to achieve federal, state, and local compliance standards while under the constraints of budgetary concerns and operational capabilities. In contrast, other law enforcement agencies are continually seeking methods of securely collecting, storing, and transferring digital evidence. Regardless of which pool an agency currently falls into, innovations in virtual evidence management have burgeoned to meet legislative needs while surviving the legal scrutiny the courts demand. Simply stated, there is now a way forward thanks to innovations in evidence software. What does this mean for the traditional notions of evidence management, chain of custody concerns, and the security of cloud computing? Law enforcement executives and administrators must consider the past to fully understand the present.

Traditional Evidence Management Versus Virtual Evidence Management

Traditional

First consider the aspects of traditional evidence management. Police departments and sheriffs’ offices would have to continually assess the volume of physical evidence collected and managed in their localities to determine physical storage capacity needs. For instance, larger agencies in big cities may need a separately maintained evidence storage warehouse, while smaller agencies may need only a secured evidence closet. An average-sized department’s evidence room might be more of an adjoined series of rooms to which access would be highly restricted and managed. The access, storage, and retrieval of evidence would require in-person, document-based authentication. This would potentially include forms, court orders, access key card systems, sign in logs, and other tracking methods. Most likely, in addition to evidence storage, the facilities could require space for evidence processing so as to mitigate the possibility of an interference with the chain of custody.

An evidence facility, as described, requires trained and qualified evidence custodians, managers, and technicians. To manage competing priorities on a tight budget, smaller departments would more than likely assign multiple roles to each assigned staff member or designate certain positions to split their time between evidence control and patrol operations. In contrast, larger departments managing a higher volume of evidence processing may opt to exclusively assign staff to evidence management posts. Other considerations about the facility, like climate control, fire prevention equipment, and evidence storage requirements, would have to be considered. Evidence room supplies, tracking systems, evidence disposal protocols, and even mail delivery methods must all be factored into the management of physical evidence and digital evidence traditionally acquired from physical hardware.

Virtual

Because physical evidence has been the primary focus, agencies may lag behind in adapting to the technology available for virtual evidence management. Virtual management of evidence, however, minimizes the physical footprint of traditional evidence management and lessens the burden on staffing levels. In particular, if law enforcement groups go the route of contracting a third-party software vendor, then staffing issues can be immediately alleviated. These vendors generally are able to provide the software infrastructure not usually supported by local government IT departments. Generally, most software vendors include support staff such as system administrators and service technicians within the purchase package and service contract. This minimizes the need of assigned staff to support evidence management by providing a remotely administered system. Essentially, an internal vendor liaison would be the heaviest burden to staffing levels with a virtually managed system.

Second, the key benefit of cloud-based computing is the available storage capacity. Unlike physical evidence storage sites, virtual platform capacities are easily expanded or truncated depending on the particular needs of the agency. Because cloud storage is virtually limitless, there are scalable options to fit any agency’s needs and budget. Both evidence management types—the traditional physical storage room and virtual evidence management systems—have the same aim. Though the two evidence management types address two different forms of evidence, physical and digital, the latter can be used to manage aspects of the former. For instance, videos can be exported from recording devices and stored as data in a virtual evidence room. Then, upon request, these data can be exported via links securely emailed to the requesting party. For instance, prosecuting attorneys can securely receive the video at their desktop, after an authentication process. This practically eliminates the need for flash drives as physical evidence, thusly minimizing storage space. The same can be said for larger forms of hardware that contain evidentiary metadata.

Aside from physical space, virtual evidence storage does not require evidence disposal vendors, climate control considerations, replenishment of evidence room packaging supplies, or physical security systems. In fact, the heavy lift for police departments is generally found in the storage solution costs, similar to any cloud-based computing solution. However, vendors who offer cloud-based software for evidence storage in the virtual realm now provide highly customizable systems and scalable pricing options. Agencies can select the most affordable system arrangement that meets their specific needs and budgets. Police and sheriff departments might believe that costs of long-term data storage may far exceed on-site data storage solutions, a perception that is mainly attributable to a monthly pricing fee schedule most vendors employ. However, cloud-based storage is not only far cheaper in terms of initial equipment costs, it generally balances out in terms of sustainability. On-site data storage solutions will most certainly become obsolete over time, which will necessitate upgrading hardware or purchasing new hardware, creating additional costs to help combat an aging infrastructure. Vendors who provide cloud solutions will continually upgrade their systems at cost. The goal for vendors is to stay in business, which for cloud service providers requires staying up to date. Other presumed disadvantages of virtual evidence management include data management and security concerns. However, advancements in cloud-based computing software have all but negated the aforementioned concerns.

In instances where evidence processing would normally necessitate allocated physical space, virtual evidence management provides a seamless interface of certain hardware-type physical evidence. Computer forensic investigators can avoid time-consuming data retrieval from external and internal hard drives by creating forensic images instead. Replicating or cloning drives onto other drives prior to analysis has typically been the standard practice, but with the advent of virtual analysis software (VAS), users can create forensic images of the drive that operates the same in the virtual world as it would if the actual external hard drive or computer were being used. By creating this virtual machine replica of a hard drive, investigators can access and analyze its data remotely and more quickly. Investigators can acquire an accurate analysis in seconds—something that used to require an extensive number of hours. Additionally, VAS-recovered data can be used as admissible evidence and managed virtually, as long is at meets the statutory requirements.

The advantages far exceed any conceivable concerns particular to the specific department that is exploring virtual evidence management as a solution. Primarily, advantages can be found in areas of accessibility, scalability, disaster resiliency, and user-friendliness. Internet connectivity, whether through hardlines or Wi-Fi, make accessing virtual evidence data easy from laptops, tablets, and other mobile devices. Most vendors now allow police departments to structure the product to the specific needs of the department. These customizations can include what data are to be stored, length or duration of storage, protocols for system purging of data, and access authentication. Disaster resiliency is ensured because the collected data are not stored on-site at departments, but rather in a remote network of servers. Natural disasters, fires, and flooding have little to no impact on virtually stored data. Finally, cloud-based systems are accessed through computer applications designed with users in mind. The applications map routes to access and retrieve and manage content in an uncomplicated manner. All these factors, plus more, contribute to the effectiveness of evidence managed virtually.

Looking Ahead

This new frontier can prove nerve-racking for even the most computer-literate law enforcement administrators. While the implications can be daunting, the virtual evidence management is not, in and of itself, an overwhelming concept. In part, due to the increasingly common use of evidence management platforms, the need can be explained in practical terms. What has traditionally been categorized and considered as evidence has changed or, rather, expanded. Metadata potentially considered as evidence can be retrieved from a variety of new sources, such as, for example, video recordings from surveillance cameras, audio data from recorders, and binary data from computer resources. Cloud computing platforms, including cellphone applications and social media platforms, can also contain collectable data needed for the furtherance of criminal investigations. While the courts have struggled to establish limitations on data collection and privacy concerns, much digital evidence is admissible in court proceedings.

Working to appropriately manage evidentiary metadata remains a critical concern for law enforcement agencies. Police executives must weigh the pros and cons of operating evidence management systems in relation to overriding concerns of agency credibility and liability due to evidence mismanagement. Agency heads must also consider the volume of evidentiary data they are obligated to manage each year. The benefits of virtually managing evidence are limitless—pun intended. Virtual evidence management frees up resources such as staffing, localized computer data storage, and physical evidence storage space for digital hardware. Virtually managing evidence allows law enforcement to instantly respond to the sharing requests from district attorneys or local prosecutors, defense attorneys, media outlets, and members of the public seeking compliance with the Freedom of Information Act (or local freedom of information legislation).

Software companies have worked within U.S. federal regulations and prevailing case law to ensure virtual evidence management is a secure, user-friendly process that adheres to the demands of the courts. Agencies can better understand this process by assessing their needs while evaluating the variables of virtually managing evidence—chain of custody concerns; management of the virtual evidence room; and policy, procedures, and protocols.

Chain of Custody Concerns

As is the case with physical evidence, chain of custody remains a prevalent concern for law enforcement when managing digital and virtual evidence. The goal of law enforcement agencies in establishing chain of custody is to maintain the integrity of criminal investigations by protecting the sourced evidence materials. Any evidence, physical or digital, must be protected from contamination that could result in an inadmissible ruling in court. Thus, concerns of preserving the chain of custody with virtual evidence are amplified once consideration is given to the vulnerabilities of Internet networks, computer systems, and cloud-based computing. Vulnerabilities are exposed through devious attacks by cybercriminals that result in data breaches. Software companies have worked to develop security protections that safeguard virtual evidence through its various stages. The stages include collection of media types; examination of data; an analysis of information retrieved from examination; and finally, reporting information as evidence. Risks of intrusion can be found along all of these phases. It is understandable why agencies would like the ability to transmit such data securely.

For digital evidence, chain of custody can be maintained by preserving its chronological records of collection, transfer, and analysis. Preventing the interruption of this chain upholds the integrity of the data as court admissible evidence. Thanks in part to improvements in cybersecurity and multi-authentication protocols, digital evidence can be collected, transmitted, and analyzed much more securely than before. Software providers have designed secure data centers, and records of system access are maintained, which means that chain of custody records can be generated and retrieved to show the point-to-point control and transfer upon request.

Management of The Virtual Evidence Room

The pitfalls and challenges with managing a virtual evidence room could be its own article. However, a lot of the angst of this process can be cured during the preplanning phase of any project that would bring on virtual evidence management. An obvious step would be to determine if virtual managers will be provided by the software vendor, or if the agency has the infrastructure in place to internally manage digital forensic storage.

If using a vendor to fulfill this role, properly estimating project costs, both initial and annual, will go a long way in defining the role of the virtual manager provided by the outside vendor. Some important factors include the complexities of encrypted access points, regular maintenance, and the responsiveness by the virtual manager with regards to troubleshooting. All of these should be factored into project costs as either an initial cost or as part of a fee schedule that spans the life of the project. Another priority to target would be the flexibility of the system. Specifically, the virtual manager would be responsible for completing system patches and upgrades as needed. The client may also wish to change system protocols and settings, which the vendor’s virtual management group should be able to resolve. Lastly, agencies should be provided with detailed reports that produce criminal justice statistics and system performance metrics.

If an agency has a solid IT infrastructure, the virtual management could take place in-house. A suggestion that would make this endeavor less strenuous would be to prioritize in the set up of the virtual management work group. Any work group aiming to be successful in managing virtual evidence should observe a few principles. First, communication should be prioritized. This includes regularly scheduled meetings, using communication technology such as video conferencing, message groups, data sharing software, and portable devices allowing remote connection. Second, work groups should maintain outlined workflow processes that clearly define work assignments, work travel paths, work initiators, and clearly defined roles. Third, internal virtual managers should have a crisis plan in place for system emergencies and ensure all staff within the work group are trained on the plan. Last, internal virtual managers should have written policy in place to meet government mandates and industry standards.

Policy and Procedures

In this new arena of cloud-based evidence storage, the administrative priorities should include developing internal policies and protocols to meet the needs of operating virtual evidence management. The Federal Bureau of Investigation’s Criminal Justice Information Security (CJIS) Services provides a resource for both understanding regulations and developing sensible policies. CJIS sets forth rules and regulations of digital information sharing and management within the U.S. criminal justice system, and U.S. law enforcement agencies are required to be compliant with the guidelines set forth by CJIS. For additional guidance, agencies could seek out information from the International Journal of Digital Evidence.

Conclusion

While many law enforcement agencies are still tentatively weighing the risk/reward of virtual evidence management, trends within the criminal justice system seem to indicate full steam ahead. Virtual evidence management provides a web-based, highly secure solution to the storage of digital evidence. It provides authenticated, immediate access to evidentiary data needed as prosecutorial evidence. But the transition does not have to occur all at once. In fact, the customization of platforms makes the switch easier to manage. This scalability of service packages provides for a more manageable transition into cloud solutions. Agencies can sidestep the  potentially overwhelming impact of a cloud transition for digital evidence management by incorporating a step-by-step service package purchase approach. In fact, software companies make customization easy by offering services that operate independently and codependently with seamless integration.

Law enforcement agencies, both large and small, can be assured that it is in the interests of the cloud solution service providers to continually attain and maintain CJIS compliancy—including providing system updates in response to CJIS-mandated changes and legislative changes. Essentially, this creative business practice dwarfs the capability of local government IT systems. This level of service is generally not easily achievable with a local IT department’s cloud solution, without incurring enormous costs. The numerous, customizable options, along with the opportunity to make a slower, measured transition, makes virtual evidence management a reasonable and advantageous opportunity for agencies of all sizes and budgets.