Best Practices for Maintaining the Integrity of Digital Images and Digital Video: Scientific Working Group on Imaging Technology (SWGIT)
Integrity ensures that the information presented is complete and unaltered from the time of acquisition until its final disposition. Files that are copied from storage and processed result in new files. These files also must have their integrity maintained.
Integrity differs significantly from authentication. Authentication is the process of substantiating that the content is an accurate representation of what it purports to be. For example, authentication of a digital image of a gun on a table could be authenticated by a person at the scene stating that the picture fairly and accurately represents the gun on the table. The integrity of the image can be established by methods covered in this document. For further information on image authentication, see SWGIT's Best Practices for Image Authentication in this issue.
This document covers the issues that can affect the integrity of digital media files. It does not cover extraction of digital media files from devices.
The integrity of a digital image or video file is best demonstrated through a combination of methods. This document discusses specific methods and provides examples of how those methods can be applied. Maintaining integrity requires both documentation and security of the files throughout the work flow. A standard operating procedure (SOP) should describe the work flow.
Maintaining and Demonstrating Integrity
When working with digital image and video files, one needs to maintain the integrity of the files and also demonstrate that the steps taken were effective. Maintaining integrity requires security of the files during transport and storage. Demonstrating integrity uses methods to show that the file has not changed.
The diagram (Figure 1) shows a generic work flow. The arrows and the boxes indicate security measures used to protect the file integrity, and the circles indicate means used to demonstrate that integrity has been maintained. The variety of methods for securing files are explained in Section 2.1.
When a digital image or video file is obtained, a reference is created for future demonstrations of integrity. The reference can be accomplished in a variety of ways, which are described in Section 2.2.
The file is then transported to a storage device or location. When it is removed from storage for use, the integrity is demonstrated by the method used to create the reference.
[FIGURE 1 OMITTED]
Methods for Maintaining Integrity
The following is a list of some of the more common methods of maintaining integrity and is not exhaustive.
* Written documentation: SOP documenting the steps required to properly maintain security. This documentation may include chain of custody, if required by agency policy.
* Physical security/environment: Mechanical or physical systems for preventing unauthorized access to data or loss of data, e.g., door locks, security guards, personal control, fire-suppression systems, isolated computer systems.
* Redundant physical copies: Duplicates of files kept in an alternate location to prevent loss of files in the case of disaster.
* Logical security (WAN [wide area network]/LAN [local area network]): Operating system or software-based devices to prevent access to files, e.g., password protection, firewalls.
* Third-party escrowing: This requires transferring files to third parties, which relinquishes control. Although it may be appropriate under certain circumstances, the agency must have a viable method for demonstrating integrity that is independent of the vendor, and an appropriate contract that clarifies the vendor's obligations should be in place before any files are transferred.
Methods for Demonstrating Integrity
The following is a list of some of the more common methods of demonstrating integrity and is not exhaustive.
* Hashing function: An established mathematical calculation that generates a numerical value based on input data. …