Recently, IAPE and FileOnQ did a joint presentation in a webinar called “Best Practices for Safeguarding and Managing Digital Evidence.” Hundreds of people signed up to learn how to enhance their expertise in handling digital evidence effectively. The training covered essential techniques for law enforcement officers, investigators, prosecutors, evidence techs, and IT specialists.
There was a LOT of ground covered in an hour, including:
- Overview of the growth of digital evidence.
- Discussion of file formats.
- Why video evidence is eclipsing all other evidence.
- How to quickly review and process video evidence.
- Is it important to keep the original files?
- Best practice resources for handling digital evidence.
- Q&A participant engagement.
Because it was one of the most well-attended webinars we’ve ever done, we decided it should be available in written form for anyone to access and use as a resource. Let’s jump into the webinar…
Cheryl (the FileOnQ webinar facilitator): Good morning, everybody. We’re glad to have you with us today. In this webinar, we’re going to be talking about best practices for managing digital evidence. This is a joint presentation with FileOnQ and the International Association for Property and Evidence (IAPE).
You guys are really lucky, we have some great presenters with us today. Most of the time, you’ll be working with Steve Paxton. He’s a retired police officer and detective of 26 years. Thirteen of those years were in digital forensics. And he now works with us at FileOnQ.
We also have Dr. Alexis Grochmal with us. She recently received her doctorate in cybersecurity.
She’s a board member of IAPE, and she’s also the accreditation manager for IAPE. She’s had 17 years of experience with the Prince George Police Department in Virginia. She specializes in property and evidence management and is a digital evidence management specialist.
And we have a special guest. Joe Latta is the executive director of IAPE. He will be with us to answer any questions you may have, and he will talk about upcoming evidence management training dates.
We have so much information for you, so we’re going to go through the presentation rather quickly. Let’s get started so we can get through everything. Steve, I’m handing it to you.
Steve: Thank you, Cheryl. I appreciate it, and I really appreciate IAPE having us in this joint webinar. I think this marks the 32nd anniversary for IAPE. They’ve been teaching property and evidence best practices since 1993, and they have instructed well over 25,000 property and evidence professionals throughout the United States and Canada.
They offer some really fantastic two and three-day training classes on property and evidence handling and have a huge assortment of resources on their website that you can check out.
These are some of the classes that they have coming up this year. I highly recommend that you check them out.
So, we’re here to talk about best practices for managing digital evidence. At a high level, these are the topics we’re going to go through.
This is a ton of information. I always do this to myself. I pack too much information into a one-hour webinar, so I’m going to have to go really fast.
This is a condensed version of a six-hour in-person training course that we offer police departments. We’re going to go over a high-level introduction to digital evidence, and we’re also going to zero in on video and how that’s becoming a huge source of evidence for police departments.
I’m going to do a quick overview of standard versus proprietary file formats, which is a struggle for many investigators trying to deal with proprietary files that don’t play. And I’m going to show you a quick solution for how to play tricky surveillance
Then we’re going to go to the deep end of the pool and talk a little bit about data integrity – specifically verification, authentication, chain of custody, and file hashing.
So this is meant to be a high-level intro course on looking at best practices for managing digital evidence. Even if you’re someone who has some experience with digital evidence, hopefully you’ll find some of this really useful.
Let’s just start out with the state of the problem here… we have a lot of digital evidence coming in nowadays.
When I came on as a police officer/detective, it was in 1986. At that time, there was no digital evidence to speak of. We were dealing with regular evidence. And then slowly, digital evidence came in as time went on.
When I came in as a police officer, we had 200 officers at the police department that I worked at – the Everett Police Department in Washington state – serving a population of about 100,000 people. And if you fast forward to today, the number of officers that they have really hasn’t changed much. They have just a little over 200 officers.
But what’s changed is that officers deal with mountains of digital evidence, as do other police departments. And it affects every aspect of the department. Everybody is impacted by it. Property room folks are struggling with all of the hard drives and thumb drives that are coming in. Your average patrol officers and detectives are having to deal with the digital evidence that’s coming in.
What you’re seeing on the screen here are studies that show over 90% of crimes today have a digital element. We really don’t need a study to tell us that, though. That’s why you’re here today, we are all overwhelmed with digital evidence.
Just about every single crime has a digital element to it because we’re all carrying mobile devices. And so there’s a really good chance that there’s going to be some kind of evidence, whether it’s a misdemeanor crime or a more serious felony crime, it’s going to have digital evidence on it.
And what we’re looking at (above) is that there are a lot of different types of evidence formats out there, and you can break them out into two broad categories: standard and proprietary file formats.You can think of standard file formats as those files that typically open or play in Windows. When you click on them and they open – like a picture, video, Word document, or PDF – those are standard file formats that we’re accustomed to.
There are quite a few proprietary file formats that are non-standard, however. I think most of us, especially investigators, have dealt with a situation when we click on some surveillance videos and they don’t play. There’s also a lot of digital forensic evidence that is proprietary and requires a special player or codec to play it.
If you take a step back and look at all of the digital evidence that we have coming in, I would say well over 50%, probably upwards of 60-plus percent, is video evidence. So, video evidence is really the elephant in the room for most police departments. They’re struggling with all the videos that are out there. And surveillance video is the front-runner.
Fifteen years ago, usually only commercial businesses had surveillance video systems installed because they were expensive. Typically, they were wired, and that required someone to come in and install the system.
Now fast forward to today, there are countless wireless camera systems that you can get at Costco and Walmart or on Amazon: Ring, Blink, and Arlo camera systems, and they’re very affordable, right?
Now, you can get into a four-camera Blink system for under $100 on Amazon. They’re also very easy to install, so you don’t have to be very technical to install these wireless camera systems. They are showing up in neighborhoods everywhere.
When I was a police officer and I was going to a vehicle call or a burglary complaint in a neighborhood, even in the 2000s, there was a very low likelihood that there was video of that incident.
Nowadays, there are wireless camera systems on houses in nearly every block. They’re everywhere. And then, of course, virtually everyone has a smartphone. We’re all recording video everywhere we go. We’re also seeing a lot more dashcam video that’s coming out.
Even as I retired in 2021, I was doing cases that involved dashcam video incidents on the road. It could be road rage, or it could be related to these hit-and-run fraud incidents that are happening. A lot of people are installing those on their cars, so that’s a really good source of evidence, potentially.
And social media, of course. We all know that a lot of stuff is being shared on social media. There are quite a few criminals who are willing to share their criminal activity on social media. But, you also have just regular everyday people who are sending messages back and forth. You may have a domestic violence incident between a couple that includes threatening text messages going back and forth. So, of course, some of that is video-related.
Buses are also a huge source of video evidence nowadays. That includes school buses, city buses, and county buses. Most of these buses now have cameras on the front and sides recording as they drive around. So, if the bus is involved in an accident, video can be a very helpful source of evidence, including investigations where you may want to see who may have been on the sidewalk and the street during the time the bus was driving by.
I had a case where we discovered a homeless person was killed in a parking lot, which was in our downtown corridor. He was in the parking lot and was killed sometime in the middle of the night. A passerby, who was walking in the early morning hours, found him and called us. We came out, and it was clear that it was a homicide. But we didn’t really have a lot of evidence. We didn’t even know who he was.
One of the first things that my team did was make contact with our city and county buses and request access to the videos they captured driving down that main street where this guy was located. That was super helpful in this case.
When I go out and do training, I talk to many police departments and ask if they have body-worn camera video systems. I might be in a class with 30 police departments, and well over half usually have BWC Systems. So it’s becoming much more common to have BWC Systems and in-car camera systems.
There’s also drone video, which is great, but it records in 4K and has to be stored somewhere. Traffic cams, lots of license plate reader stuff springing up from Flock Safety and even Axon are putting out systems where they can record video in various corridors in downtown.
Real-time crime centers are springing up everywhere around the United States. One just opened one in the city where I live, and they’re recording lots of different locations throughout their city.
So these are all sources of video that most of us are familiar with. A new category of device we’re starting to see is augmented reality glasses or goggles, like Ray-Ban Meta Frames and Apple Vision Pro goggles. The people wearing them can record and stream HD video.
The Ray-Ban Mata frames are pretty compelling. They’ve been out well over a year. It’s a partnership between Facebook and Ray-Ban. They have different styles of these frames, and they are very discreet. You can listen to audio, you can make phone calls, and you can make video calls.
They have two cameras on the front, and then two open-ear speakers on the sides, so it’s very discreet for listening. If you’re listening to music or if you’re talking on the phone -there are five microphones – and they do live stream video recording in HD video at 30 frames a second, and it has 32 gigabytes of storage. So it can record quite a bit of video.
The point is that devices continue to get released that can record video, and this is having a significant impact on law enforcement. These Ray-Ban Meta frames are just starting to trickle out, and you may come across them at some point soon.
It’s hard to imagine where we’re going to be in three, four, or five years. I think there’s going to be other vendors, other companies that are going to release similar augmented reality devices.
This slide is the video evidence that we recovered at my police department beginning in 2013.
We had a four-person detective unit that worked on digital evidence, and I managed the evidence that came in. I was tracking our video as it came in, and in 2013, we only had 331 video files that we recovered that year, at 20 gigabytes.
Fast forward to 2024, and they recovered well over 123,000 videos at five terabytes, and that does not count body-worn camera video.
Where I worked, we had an Axon BWC system, and that’s counted separately and is probably half as much. So the overall storage at my police department is currently at 71 terabytes. That’s a pretty massive amount that the police department has to manage and store. And it’s increasing year after year.
One thing that I thought was really striking was the case that happened at the end of last year, where the CEO of United Healthcare was fatally shot outside of Hilton Hotel in New York City. The suspect was identified as Luigi Mangione.
He was captured on quite a few surveillance camera systems throughout New York. As you can imagine, cameras are everywhere in New York City.
The investigators said they did a massive camera canvas to try to identify who this guy was.
And it turned out that it was a Starbucks video that became the key to identifying him. It looked like he was flirting with a barista and had a really good video of his face, but they ended up recovering thousands of hours of surveillance video in this case.
And that is a really common thing… camera canvases. I’m sure that investigators, even in smaller towns, are doing this. Essentially, you have a crime scene like the homicide I described earlier, and investigators canvass all of the businesses and residential locations around that scene.
That’s exactly what we did in that case. So we spread out, and the four of us went door to door for two weeks and hit approximately 88 locations looking for video. We found approximately 35 systems that had surveillance video. It was a huge amount of footwork, but also managing all of that video – reviewing it, sharing it, and storing it – is very challenging.
Changing topics… I wanted to talk briefly about file sizes for folks who are a little bit uncomfortable with megabytes, gigabytes, and terabytes, because this is foundational to understanding our digital evidence landscape.
At the top, one hour of HD video weighs in at about four to eight gigabytes. So what does that mean? At a mathematical level, what that means is that about a thousand megabytes is a gigabyte, and about a thousand gigabytes equals a terabyte. But that doesn’t really provide us with very much context.
If we look at that in comparison to physical storage containers, like disks, which have been the most common way to store digital evidence for years, and there are agencies still doing this. Here’s the problem. Your disks don’t have enough capacity, right?
The CD that we used to use has under one gigabyte of storage, and there’s clearly not room for very much video on a CD. And you certainly can’t fit very much on a DVD either.
At 4.7 gigabytes is just not enough space.
So you bump up to a Blu-ray disc and you’re able to put a couple hours of video on there and we know that from the fact that we purchase movies on Blu-rays and we put them in our Blu-ray player and we watch full feature movies that are usually up to two or three hours in length. So you can store one, two, or three hours of video on a Blu-ray. However, who has a Blu-ray disc tray on their computer to play those?
Most police departments and prosecutors’ offices do not have a Blu-ray player on their computers. So it doesn’t make a lot of sense to store digital evidence on discs anymore. So, many departments have turned to storing their evidence on a variety of different portable media devices, thumb drives, and other storage containers.
The Ray-Ban Meta frames that we were talking about earlier have 32 gigabytes of storage. That would allow the person who has these frames to store hundreds of video clips in HD. That could potentially be a source of evidence, right?
Then, if we jump up to just a modern iPhone or an Android Samsung S25, you can get up to one terabyte of storage on these devices. That’s an enormous amount of video that potentially could be stored.
When I was processing mobile devices as a detective, I would process phones that had three or four years’ worth of media stored on them, including photos and videos. We use our phones like a library for managing and storing digital evidence.
Alexis, I’m going to tap you in for just a second. Do you have any comments or thoughts on what I’m talking about?
Dr. Alexis: Some of the research that I’ve done is showing that police departments are now at petabytes of data, which not too many people have heard of, obviously, but that’s going to be the next factor after terabytes. That amount of storage is costly for a lot of departments, because then you’re on the lookout for an enterprise-level or maybe a hyper-scale solution.
The devices are just going to continue to grow in size and require more storage. Definitely a big thing that we’re all incurring with costs.
Steve: Just like with physical evidence, it’s important that we manage digital evidence in a way that we can eventually get rid of it. You’re not going to get rid of all the digital evidence that you recover. For example, a department may have homicide evidence that you’re going to keep indefinitely.
As with physical property and evidence, you can have digital evidence coming in without a retention manager for purging. And the retention manager is going to be a system that allows you to purge digital evidence when the time comes, and we’ll talk a little bit more about that in just a few moments.
Switching gears, I’m going to do one poll here… The poll question is: Where are you storing your digital evidence?
I’m watching this in real time. Looks like we have over 30% a mix of disks, thumb drives and portable drives, about 10% on a traditional file server, 32% across multiple systems, and we have 16% in a digital evidence management system. It looks like it’s a tie between a mix of disks and across multiple systems.
Dr. Alexis: That’s typically what you see, right, Steve? I think you could concur with that. That’s typical for most agencies that we see right now.
Steve: Yes. And it’s striking to me that this is still a struggle that agencies are running into, because there is a solution for this, and it doesn’t have to be super expensive.
This is challenging in a number of other ways. Investigators have to drive to the property and check out the digital evidence. The thumb drives, the disks, the hard drives – they’ve got to check those out in order to review the evidence, which is burdensome.
There’s also only one copy of the evidence, so it could be copied and or destroyed by accident, and that does sometimes happen. I had a detective in our major crimes unit cut and paste a video off a thumb drive onto his desktop. Later, when we went back to the thumb drive, it was gone, and it’s like what happened?
So that’s a problem. And as equally important, none of this is tracked for chain of custody very well. The thumb drives get passed around, and there’s no redundancy in your storage. There are no backups.
The other one is a traditional file server. This solution weighed in at nine percent. This is going to be that traditional X drive, or the P drive, or whatever drive you store your digital evidence on. This is a better solution for sure because it’s backed up. But it also has lots of the same problems. It is hard to access. You don’t have a lot of tracking. Evidence integrity is not being ensured to make sure that nothing changes.
The next solution weighed in at 33% – stored across multiple systems. And I see this a lot. You have your photos and your Word documents, your PDFs in an RMS system like Spillman.
And maybe some of your video goes into the BWC system. Other videos stay on thumb drives. And then it gets stored on a server.
Storing digital evidence across multiple systems makes it really challenging for investigators. They have to figure out where everything’s at and then just imagine if you get public disclosure requests and you’re trying to find digital evidence across multiple systems. You have to bring it all together to review and redact it. And then you have to save it and make it available to the requester. There are many problems and challenges with that, including purging when the time comes.
So the ultimate solution is gonna be a unified system, a Digital Evidence Management System, a DEMS, is what we call it. A single source of truth. You can think of this like a virtual property room. You have a property room for all your physical evidence. This is a virtual property room for all your digital evidence. You can manage digital evidence very similarly.
There are some different things that we do in a DEMS system that you don’t do in a property room, but it’s managed in a very similar way, where you have permission-based access control that ensures files are being checked out appropriately.
The reality is clear—digital evidence is no longer a niche responsibility for just a few specialized units. It’s central to nearly every investigation, every day, in every jurisdiction. From doorbell cams to dashcams, BWC Systems, to surveillance footage, the volume and complexity of digital evidence are only increasing. That’s why webinars like this one—featuring practical insights from experts like Steve Paxton and Dr. Alexis Grochmal—are so important.
Whether you’re trying to make sense of tricky file formats, figure out where to store your growing mountain of video evidence, or looking for tools to streamline your workflow, the knowledge shared here can guide your next steps. Digital evidence management is evolving fast—but with the right tools, training, and best practices, your agency can keep pace.
To learn more about FileOnQ’s software solutions for Physical, Digital & Forensic Evidence or our Property and Asset Management platforms, click the links you’re most interested in. To book a demo, visit this page.