Design camera-footage upload with custody chain

System design prompt

You’re building a backend service for uploading recorded body-camera / dashcam footage from client devices (often on unreliable networks). Uploaded videos may later be used as legal evidence, so the system must support large files, security scanning, and a tamper-evident chain of custody.

Core requirements

1. Large blob uploads
   • Video files can be multiple GBs.
   • Upload must be resumable and tolerate flaky connectivity.
   • Clients may upload in chunks .
   • Assume you cannot fully trust the cloud provider’s built-in multipart “finalization” (i.e., you must be able to prove server-side what bytes were received and assembled).
2. Malicious content detection
   • Newly uploaded blobs must be treated as untrusted.
   • Run security checks (e.g., malware scan, file-type validation) before making content available to users or downstream systems.
3. Chain of custody
   • You must produce an auditable, tamper-evident history of all actions on a piece of footage (upload, scan results, moves, access/download/export, retention/legal hold changes, deletion).
   • The system should help prove that footage was not altered.

What to cover

• APIs and data model (upload session, chunk tracking, metadata)
• Storage layout (quarantine vs public/evidence)
• Background processing pipeline (assembly, scanning, promotion)
• Integrity verification approach (checksums/hashes)
• Chain-of-custody design (immutable audit log)
• Access control and security considerations
• Key tradeoffs and failure/edge cases