[Rdap] Standards for digital evidentiary data

Joe Hourcle oneiros at grace.nascom.nasa.gov
Wed Dec 19 13:53:05 EST 2012 

On Dec 19, 2012, at 11:50 AM, Konkiel, Stacy Rose wrote:

> Hello all,
> 
> I'd like to tap our collective expertise to see if I can find an answer to the following question: What kind of standards exist for maintaining digital evidentiary data? Is there anything like HIPAA for such data?
> 
> Context: a campus police department is interested in using one of our high-capacity storage systems to store digital video files of traffic stops, etc. We have an excellent, high-capacity, tape storage system at IU that is used currently only for long-term research data storage. Current restrictions on the types of content we'll store are a) no government classified data and b) no clinical records (copies are fine, but no primary documents, as they don't want the liability in the event that the servers are down for maintenance).
> 
> So far, my searching has only returned information about digital forensics-not exactly what I'm looking for.

Actually, some of the digital forensics stuff may be important, as that field often talks about chain of custody and non-repudiation, both of which would be important for what they're looking to do.

The National Institue of Justice has a (now almost 6 year old) document "Digital Evidence in the Courtroom: A Guide for Law Enforcement and Prosecutors" that might be useful:

	http://www.nij.gov/pubs-sum/211314.htm

You might also want to talk to your local IT department -- when I worked at a university, we'd regularly get requests from law enforcement and student judicial affairs asking us to maintain copies of all email for someone under investigation.  We'd also have other times when they wouldn't tell us who the user was, and we'd have to pull all of our backup tapes and lock them up so they could potentially restore someone's e-mail.  It's possible that they may have experience & procedures for dealing with digital evidence.

Most of the FERPA stuff that Mark mentioned is in regard to privacy, not standards for evidence, but if you're at a university, you may want to get an opinion from the university's legal department -- they likely don't count as 'educational records' per Section 1232g(a)(4)(b)(ii), but that is for records 'maintained by a law enforcement unit', and having the data stored at the library and *not* with the university's police department may void that exemption.

...

And you might want to look at security cameras for sale -- see if they mention any certifications that have, as that could give you a clue to standards bodies that deal with this field.

-Joe

More information about the RDAP mailing list