Knogin
[Developers]

Quarantine

When a detective uploads body camera footage from a crime scene, that file does not go directly into the evidence store. It lands in quarantine first, where malware scanning runs and an administrator reviews the result b

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainscompliance

Overview#

When a detective uploads body camera footage from a crime scene, that file does not go directly into the evidence store. It lands in quarantine first, where malware scanning runs and an administrator reviews the result before approving the file for production use. The Quarantine domain manages exactly this holding area: uploaded files that arrive with uncertain provenance wait here until they are either cleared for storage or permanently destroyed. Each file carries its scan status, uploader identity, and upload timestamp through the whole process. Access is restricted to administrators, and every decision is recorded.

Key Features#

  • Automatic quarantine of uploaded files pending review
  • Malware and content scanning integration with status tracking
  • Temporary secure download URLs for admin file preview
  • Approval workflow to move clean files to production storage
  • Permanent deletion for infected or suspicious files
  • Multi-tenant support with organisation-scoped file isolation
  • Upload metadata preservation including uploader identity and timestamps
  • Scan status tracking across pending, scanning, clean, suspicious, infected, and error states
  • Admin-only access control for all quarantine operations

Use Cases#

A file quarantine system applies any time untrusted content enters a controlled evidence environment. Common industries and scenarios include:

  • Law enforcement and criminal justice: Holding uploaded evidence files in quarantine until malware scanning completes before they reach the case record
  • Healthcare and insurance investigation: Reviewing scan results and previewing file contents before approving medical records or insurance documents for production use
  • Financial services compliance: Permanently removing infected files while maintaining audit records to satisfy regulatory evidence-handling requirements
  • Managing quarantine workflows across multiple tenants with isolated file access

Integration#

The Quarantine domain connects with evidence storage, file management, audit logging, and access control systems.

Open Standards#

  • GraphQL (June 2018 specification): All quarantine operations, listing held files, generating preview URLs, approving, and deleting, are exposed as typed GraphQL queries and mutations, giving clients a single, self-describing endpoint.
  • JSON Web Token (RFC 7519) with RS256: Every quarantine request is authenticated by verifying a JWT signed with an RSA key fetched from a JWKS endpoint, ensuring only authorised principals can act on held files.
  • AWS S3-compatible REST API (S3 protocol): Quarantine and production storage buckets are managed via the S3-compatible object-storage API (boto3 client targeting Cloudflare R2), covering list, copy, delete, and presigned-URL generation operations.
  • AES-256 (FIPS 197): Server-side encryption is enforced on every object at the point of upload and on promotion from quarantine to the primary bucket, using the SSE-S3/AES256 algorithm.
  • Pre-signed URL pattern (AWS Signature Version 4): Temporary, time-limited download URLs issued to administrators for in-place file preview are generated using the SigV4 signing scheme, scoping access to a single object for a configurable expiry window.
  • Digital forensics chain-of-custody (ACPO Good Practice Guide / SWGDE principles): Every approve and delete decision is written to an immutable audit log with actor identity, timestamp, and action type, preserving the evidential chain of custody required for court-admissible digital evidence.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.