The collection process forms the foundation of digital forensics. Evidence is gathered from open sources such as social media platforms, websites, and publicly accessible environments, as well as from external organizations, human rights defenders, journalists, and testimony accounts. Analysts meticulously identify and retrieve data while ensuring no compromise to its integrity during acquisition. Advanced techniques and tools are often employed to capture content in its original state, preserving critical metadata and contextual details essential for analysis.
A structured approach to cataloging is vital to maintain a clear chain of custody. The chain of custody refers to the documented and unbroken process by which digital evidence is handled throughout its lifecycle, from collection to presentation in legal or investigative contexts. Maintaining an unbroken chain of custody is critical to ensure the evidence remains admissible in court and retains its integrity.
Key steps in managing the chain of custody include:
Each piece of evidence is assigned a unique identifier for traceability and organized in a Master Catalog. This catalog includes details like Case ID, Evidence Type, Source, Device Details, Creation Date, and Metadata. Maintaining this system ensures evidence is accessible, categorized, and preserved effectively throughout the forensic investigation process.
The verification and analysis process begins after the initial steps of collecting and preserving digital evidence. At Tech Global Institute (TGI), meticulously examine the content for additional clues to uncover what is happening, why it is happening, and who is involved. Using open-source techniques, analysts strive to verify as many details as possible, ensuring accuracy and reliability.
Frame-by-frame analysis meticulously documents observations in video or image evidence. Analysts record details like individuals, security forces, and their actions, noting crowd dynamics, gestures, or equipment use. Significant events are corroborated with media or social media footage, ensuring precise identification of law enforcement and high certainty in findings.
Geolocation identifies incident locations using visual cues like landmarks, billboards, or environmental features. Analysts examine details such as clothing, language, or structures, using Google searches and Reverse Image Search to match locations. Articles, captions, and social media comments are reviewed to confirm the exact place of the event.
Chronolocation determines event timing when metadata is missing. Analysts use shadow analysis, timestamps from related posts, or environmental changes to approximate time. Synchronizing with news reports or corroborative footage enhances precision, with investigation context guiding tool use for accurate temporal verification.
Establishing Body Detection and Crowd Estimation
Body detection verifies image and video authenticity before counting casualties. Enhancement tools clarify details, with frame-by-frame reviews identifying movement, wounds, or incapacitation. Crowd counting tools estimate numbers, while direct counting is used for smaller groups, distinguishing injured from deceased.
Post-analysis, evidence undergoes a thorough review by external experts, such as weapon specialists, lawyers, and human rights representatives. Conducted under strict agreements, this multidisciplinary process confirms the accuracy and reliability of findings. It ensures ethical presentation and prepares evidence for responsible dissemination in investigative or legal contexts.
Reconstructing events is key to understanding large-scale incidents like uprisings. Analysts systematically document dates, locations, individuals, security forces, and their actions to reveal connections and implications. This structured approach tracks multiple incidents and outcomes, offering a comprehensive view essential for forensic analysis and accountability.
Sharing digital evidence with third parties requires strict protocols to protect sensitive data. Access is restricted, and formal contracts outline usage limits and security measures. This ensures responsible handling, preserves privacy, prevents misuse, and aligns with legal and ethical standards, safeguarding all individuals involved.
Digital forensics demands ethical rigor in handling sensitive evidence. Analysts must maintain integrity, confidentiality, and respect for those involved, avoiding bias and harm, especially with graphic content. Transparency and impartiality uphold the investigation’s credibility, ensuring protection for all parties and reinforcing the forensic process’s trustworthiness.
Determining a Location
Pinpointing incident locations is challenging, especially in poorly mapped areas. Tools like Google Maps or Street View often lack detail in conflict zones, forcing reliance on visual cues like landmarks, billboards, or shadows. Corroborating with media reports or crowdsourced data helps, but ambiguity persists, making the process iterative and time-consuming.
Counting Human Bodies
Counting individuals in chaotic, low-quality videos is complex. Blurry visuals, poor lighting, and overlapping figures obscure casualties in protests or conflicts. Frame-by-frame analysis and crowd estimation tools aid, but precision is elusive. Cross-checking with eyewitness accounts or additional footage is often necessary, yet not always available.
Tracing Time, finding metadata, and low-quality media
Tracing event times is difficult without metadata, often stripped by social platforms. Analysts use timestamps, shadow analysis, or event sequences for approximation, but low-quality, pixelated media complicates detail extraction. Compression artifacts distort visuals, requiring cross-referencing with reports or testimonies, a labor-intensive process demanding precision.
Violent Content
Analyzing violent content is emotionally taxing, with graphic videos causing fatigue. Repeated exposure to death or injury footage strains analysts, especially during large-scale events with high video volumes. Psychological support, like debriefing or mental health resources, is essential to maintain focus and ensure accountability.
We archive materials including:
Digital files (e.g., video, audio, and photo) that document daily acts of resistance against the oppressor and human rights violations by law enforcement, military forces, and pro-government parties during the uprising.
Interviews and eye-witness accounts of the events surrounding the uprising, including the use of lethal force against demonstrators, extrajudicial killings, and mass casualties.
Documents related to legal, personal, and medical matters of the deceased and injured victims for potential use in investigations.
Audio, video, and photo collected from open sources (e.g., social media, news media, and articles).
Important website links associated with our research and investigations.
Reports and articles from investigative journalism and publications by human rights organizations, such as the UN Fact-Finding Mission in Bangladesh.
In our open-source investigative process and developing the manual, we adhered to the Berkeley Protocol on Digital Open Source Investigations and the methodology of Bellingcat & the Global Legal Action Network.
