Overview

Evidence tampering is a criminal offense. It is an act in which a person alters, falsifies, or conceals evidence with the intent to interfere with an investigation process being monitored by law enforcement, government or regulatory authority. To help detect the evidence integrity, VIDIZMO provides Tamper Detection functionality in its Digital Evidence Management (DEM) system.

 

Content tamper detection works in a way that, when an evidence has been uploaded, its hash stores in the database. Now, whenever an authorized user verifies that evidence a new hash re-generates and compares it to the one which was generated earlier. If both Evidence hashes found to be the exact same, then the evidence would be marked as Un-tampered, and Tampered in the other case. To learn about Content Tamper Detection, see: Understanding Evidence Tamper Detection

 

Please read further to know how to check whether an evidence has been tampered with.


Before you start

Contributors can run a check for tamper detection only on the evidence uploaded by them.

Moderator+ users can run a check for tamper detection on every evidence irrespectively.


Check Tamper Detection

VIDIZMO DEM gives its users the ability of detecting tamper on; 

  • Single evidence 
  • Bulk evidence 


Run Tamper Detection on a Single Evidence 

I. From your DEM portal Homepage:

  1. Click on the overflow menu of the evidence you want to check for tamper.
  2. Select Verify Evidence to run the workflow for checking Evidence Tampering.
  3. A toast notification will appear displaying the message “Tamper Verification Workflow has been Initiated".  


Note: Evidence tamper workflow can take a while to detect tamper as it checks each available evidence rendition.






Tip: If you are in Case view, you can switch to the Evidence view by using the filter as shown below.



  


II. In-case the Evidence has not tampered, the evidence will indicate its authenticity with a verified marker. The status can be seen on the thumbnail of the evidence.




II. If the Evidence has been found tampered, its status will appear as Tampered after the detection process has completed. 




Note: Clicking on the Tamper Status will take you to the Evidence Information screen, where you can see the time when the last tamper detection was run.



Run Tamper Detection on Bulk Evidence 

I. From your DEM portal Homepage:

  1. Select more than one Evidence.
  2. Select Verify Evidence present at top bar to detect tamper on bulk evidence
  3. If you do not find Verify Evidence tab then click on overflow menu present below evidence tab.( this option will appear only in small screen)




 

Once the bulk tamper detection workflow completes, you will be able to view the status of each evidence on its thumbnail.


View Tamper Report on Evidence

VIDIZMO provides a consolidated tamper detection report that highlights the following:


  • The timestamp of when the report was the last run, this is crucial in deciding whether or not the tamper status can be reliably trusted upon
  • The multiple renditions of the digital evidence available in VIDIZMO application after encoding, and the tamper status of each rendition in the content storage.


This is how you may proceed onto viewing the tamper report:


I. From the Portal Homepage;

         1. Click on the tamper status of evidence, it will take you to the Evidence info screen.



  

II. In the Evidence Info. screen, you will be able to view;

  1. When the last Tamper Detection Check was run.
  2. In the File Name click on the + sign to expand all the renditions of that evidence.
  3. In the Tamper Status column, you will be able to view which rendition(s) of the evidence has been tampered with.




Contributions were made by Waqar Baig & Perwasha Khan.



Understanding Evidence Tamper Detection

How to Enable Evidence Tamper Detection Functionality in DEM

How to Inspect an Evidence