Featured Post

Welcome to the Forensic Multimedia Analysis blog (formerly the Forensic Photoshop blog). With the latest developments in the analysis of m...

Thursday, November 27, 2008

Giving thanks

Giving thanks
George Washington 1789

Whereas it is the duty of all Nations to acknowledge the providence of Almighty God, to obey his will, to be grateful for his benefits, and humbly to implore his protection and favor -- and whereas both Houses of Congress have by their joint Committee requested me "to recommend to the People of the United States a day of public thanksgiving and prayer to be observed by acknowledging with grateful hearts the many signal favors of Almighty God especially by affording them an opportunity peaceably to establish a form of government for their safety and happiness."

Now therefore I do recommend and assign Thursday the 26th day of November next to be devoted by the People of these States to the service of that great and glorious Being, who is the beneficent Author of all the good that was, that is, or that will be -- That we may then all unite in rendering unto him our sincere and humble thanks -- for his kind care and protection of the People of this Country previous to their becoming a Nation -- for the signal and manifold mercies, and the favorable interpositions of his Providence which we experienced in the tranquility [sic], union, and plenty, which we have since enjoyed -- for the peaceable and rational manner, in which we have been enabled to establish constitutions of government for our safety and happiness, and particularly the national One now lately instituted -- for the civil and religious liberty with which we are blessed; and the means we have of acquiring and diffusing useful knowledge; and in general for all the great and various favors which he hath been pleased to confer upon us.

And also that we may then unite in most humbly offering our prayers and supplications to the great Lord and Ruler of Nations and beseech him to pardon our national and other transgressions -- to enable us all, whether in public or private stations, to perform our several and relative duties properly and punctually -- to render our national government a blessing to all the people, by constantly being a Government of wise, just, and constitutional laws, discreetly and faithfully executed and obeyed -- to protect and guide all Sovereigns and Nations (especially such as have shewn [sic] kindness onto us) and to bless them with good government, peace, and concord -- To promote the knowledge and practice of true religion and virtue, and the encrease [sic] of science among them and us -- and generally to grant unto all Mankind such a degree of temporal prosperity as he alone knows to be best.

Given under my hand at the City of New York
the third day of October in the year of our Lord 1789.

George Washington

... and thanks to you, the readers of this humble blog, for a great and bountiful year.

Wednesday, November 26, 2008

Information about your image

One of the cool features of Matlab is its ability to gather info about image files. Using the imfinfo command we can get a ton of info ... some of it useful, some of it ... not so much.


Using the command on a JPEG image produces the above information. I used the imshow command to bring up the figure in the foreground. We get file size, bit depth, the modified date, and so on.

ans =

Filename: [1x45 char]
FileModDate: '19-Oct-2008 20:46:58'
FileSize: 74848
Format: 'jpg'
FormatVersion: ''
Width: 600
Height: 397
BitDepth: 24
ColorType: 'truecolor'
FormatSignature: ''
NumberOfSamples: 3
CodingMethod: 'Huffman'
CodingProcess: 'Sequential'
Comment: {}


A Tiff image yields so much more information. We can get compression info, resolution details, and Byte order (which we can match to the hex dump (49 49 = "little endian") ... among other things.

ans =

Filename: [1x40 char]
FileModDate: '02-Oct-2006 10:48:00'
FileSize: 94710
Format: 'tif'
FormatVersion: []
Width: 294
Height: 294
BitDepth: 8
ColorType: 'grayscale'
FormatSignature: [73 73 42 0]
ByteOrder: 'little-endian'
NewSubFileType: 0
BitsPerSample: 8
Compression: 'Uncompressed'
PhotometricInterpretation: 'BlackIsZero'
StripOffsets: 8274
SamplesPerPixel: 1
RowsPerStrip: 294
StripByteCounts: 86436
XResolution: 72
YResolution: 72
ResolutionUnit: 'Inch'
Colormap: []
PlanarConfiguration: 'Chunky'
TileWidth: []
TileLength: []
TileOffsets: []
TileByteCounts: []
Orientation: 1
FillOrder: 1
GrayResponseUnit: 0.0100
MaxSampleValue: 255
MinSampleValue: 0
Thresholding: 1
ICCProfileOffset: 7874

This info can be helpful in preparing reports or for verifying other people's work.

Matlab is a great program on its own. Even better, you can use it to control Photoshop (more on that later).

Parallels Upgrade ... the saga concludes

After trying their download server at all hours of the day and night, and after getting auto-responses from their tech support ... my money was refunded today.

I'm not sure if I will upgrade to version 4 or if I'll switch to VMware. If I decide to upgrade, it will be with discs in hand ... that's for sure.

For those that made comments on the blog and sent e-mails, demand a refund if you still can't get through on their servers. This type of behaviour is unacceptable from a software company.

Tuesday, November 25, 2008

Hex Dump

Many folks are getting hex dumps from various computer and cell phone forensic software packages. One question came in about reading the header of an image file and what the stuff means. The question was related to determining if the image contained a thumbnail. So, here it goes.

Here's the hex dump of Rick's famous underground auto show pic.



Most people refer to these pictures as simply JPEGs, but it can also be referred to as an image file containing JPEG-compressed data. To be proper, it can be referred to as a JFIF image - JPEG File Interchange Format (notice the JFIF in the top row - right). The JFIF definition allows the file to contain a thumbnail version of the image - which many programs "carve" out of the larger file.

So, look at the header to see if the image contains a thumbnail:
Bytes 0-1 = the start of the image marker = always FF D8
Bytes 2-3 = the application maker = always FF E0

... with these two verified - we've got an image file with JPEG compression (a Tiff would start with either 4D 4D or 49 49, a BMP would start with 42 4D, and so on), we move forward ...

Byte 18 contains the thumbnail width and byte 19 contains the thumbnail height. In our case, the values are 00 and 00 (third and fourth from the left on the second row), meaning there is no thumbnail.

If you are running into these questions a lot, you may want to invest in Graphics File Formats: Reference and Guide by Wayne Brown and Barry Shepherd.

Friday, November 21, 2008

What is Adobe Drive CS4?

I got a short e-mail from a reader that asked a simple question, "what is Adobe Drive CS4?" My guess is that she saw it on the install list for Photoshop CS4 Extended and wasn't too sure what to do with it.

In a general sense, Adobe Drive helps you to connect to Version Cue servers. Version Cue helps larger workgroups manage working on files, sharing assets, and much more. With Adobe Drive, the mounted drive looks and acts like any other mounted hard drive.

I don't know of too many law enforcement agencies that use Version Cue. Most people doing forensic analysis of images and video are working on stand-alone systems. For this type of user, Version Cue really doesn't have a part to play. For large labs or photography departments, Version Cue can be a life saver. Adobe Drive just makes it easier to work with Version Cue servers.



Click here to see what Adobe has to say about the subject.

Thursday, November 20, 2008

Configurator 1.0 Available!

There's good news out there. Adobe announced that they've finished the Configurator and it's available for download. Now that its available, I'll be creating a custom Forensic Photoshop panel to share. I'll announce it when it's ready and post it to the book's secure site.

It always takes a little time to shake things out once a new release becomes available. Getting my hands on Configurator is an awesome development.

Enjoy.

Wednesday, November 19, 2008

Fun with math

An e-mail came in asking about predicting file storage requirements and its implications for future analysis. The reader wants to know how the math works. So ... here's a good example.

704 x 480 is a common frame size for digital CCTV. Let's assume that we're dealing with a colour system. With colour, you have 3 channels - red, green, and blue.

704 x 480 x 3 = 1,013,760 bytes = 1,013.76 kb = 1.014 Mb/frame

Then, divide by the compression (remember - compression = loss) factor. Some companies compress at 5:1 - some 60:1 - some 240:1 (ouch).

5:1 = 200 kb / frame - the computer discarded over 800 kb of data.
60:1 = 16.9 kb / frame - the computer discarded almost 1 Mb of data.

Once you've arrived at your frame size, simply multiple the size by the frames per second.

16.9 kb x 30 (fps) x 60 (sec/min) x 60 (min/hour) x 24 (hours/day) = 1 day's storage requirement.

0.0169 x 30 = .507 Mb
.507 x 60 = 30.42 Mb
30.42 x 60 = 1.825 Gb
1.825 Gb x 24 = 43.8 Gb

44 GB / day = 1.3 Tb / month (30 days)

So how do they get more time on the drive? Compress even further, reduce the frames / second, record only on motion, record only during business hours, and so forth.

As far as the implications are concerned, the more that's thrown away combined with the choice of what's discarded will determine the usefulness of the recorded frames for future analysis.

Monday, November 17, 2008

Thumbnails and JPEGs

This link was sent in by Stephen from Australia. It's  an Adobe Forums discussion regarding JPEG images from a Canon PowerShot camera and embedded thumbnails - in a court case. Imagine the fun arguing this one.

Many thanks to Stephen for the heads up.

Friday, November 14, 2008

Definitions

We often times get engaged in a debate over definitions and the usefulness of certain words. Image Enhancement is one of those terms that gets people riled up.

I was in an e-mail exchange with a reader seeking to wrap his head around the problems of using the term in testimony. He had heard elsewhere that analysts avoid using the term because of the various implications associated with it. Some use the term Clarify instead of Enhance. Let's take a look at the issue.

Alasdair McAndrew, in his book Introduction to Digital Image Processing with Matlab, gives the following definitions:

Image Enhancement: processing an image so that the result is more suitable for a particular application. 

He then lists the following image processing algorithms associated with Image Enhancement:
  • sharpening or deblurring an out of focus image,
  • highlighting edges,
  • improving image contrast or brightening and image, and
  • removing noise.
Image Restoration: an image may be restored by the damage done to it by an known cause, for example:
  • removing the blur caused by linear motion,
  • removal of optical distortions, and
  • removing periodic interference.
My advice to the reader was to tell his story using words he was comfortable using, to not sound contrived or to talk above himself. If he's comfortable using the word enhanced, then so be it ... just so long as he knows the definition and is comfortable explaining it in real world terms. McAndrew, as a PhD and an imaging educator, is quite a good source to draw from. There are others out there, to be sure.

Congratulations to Gen. Dunwoody


Congratulations to Gen. Ann E. Dunwoody on becoming a four-star General (a first in US military history).

I've always said to my daughters, there's nothing stopping you from achieving your goals. Just be the best at what you do, and let the rest take care of itself. It looks like there was nothing stopping Gen. Dunwoody either.

Read the article here.

Look ... up in the sky ...

Many folks claim to have seen UFOs in the sky. Some insist that the government is hiding proof of alien contact with us deep in some bunker somewhere. What's that got to do with Photoshop? Good question ... I've recently concluded work on yet another UFO project. I have found that people aren't content with simply documenting what they see, they feel the need to create the story somehow ... and Photoshop is a great tool to do it with. Thankfully, Photoshop is also a great tool to spot the fakes.

This latest project was brief but fun. The folks at Creative Differences put in a lot of time and effort to present this interesting subject in a balanced light, calling me in to break a tie between two experts. See for yourself how it turns out. Please tune in to see investigations from around the world on "UFOs Over Earth," airing on the Discovery Channel.

Monday, November 24th, 2008
9-10 pm ET/PT -- Mexico Episode
10-11 pm ET/PT -- Bucks County, Pennsylvania Episode

I won't give too much away, but from teaching and critiquing compositional work you learn to quickly spot problem areas in an image. There's a couple of easy tells to look for ... nature doesn't really like straight lines and unexplained changes in the size of compressed groups of pixels ... which leads you to think that proper care wasn't taken when pasting one image into another.

Enjoy the show.

Tuesday, November 11, 2008

Parallels Upgrade - version 4.0 released - sort of

Relying so heavily on being multi-platform, I was pleased to find a spam from Nova Development announcing that Parallels had been upgraded. I use Parallels to run XP virtually on my Mac. 

I read about the promised improvements with a keen interest, and found the purchase price for the upgrade quite worth the effort of installing more software. But that's where the good part of the story ends.

I paid the fee and was re-directed to an empty shopping cart. I later figured out how to log-in to the software developer's site to view my purchases. I was greeted with more trouble.

Notice the italics - I've reloaded the page for hours ... 
still no software.

It seems that their server is getting swamped with requests, or some other sort of trouble. Either way, I've paid for a piece of software that I can't get to. An e-mail of concern to the sales address got first an auto-reply, then a kind note from "Kimberly C," restating the download instructions from the invoice (that only arrived after I found a link on the download page to have one sent).

If you are a Parallels 3 user, I'd say hold off on accepting the upgrade offer - or pay the extra fee for ground shipping. As for me, I'm waiting for them to sort out their servers ... or waiting for the 48 hours necessary for them not to before I can reverse the charges (with my chosen method of payment) for non-delivery of goods.

Stay tuned.

An Interesting Development

The Supreme Court heard arguments on Monday (11-10-2008) in a case that could have broad implications for how prosecutors present evidence from crime laboratories at trial.

Many states allow reports from crime laboratories to be submitted to juries through written certifications rather than live testimony. That practice is convenient, but it may run afoul of the Sixth Amendment’s “confrontation clause,” which guarantees criminal defendants the right to confront the witnesses against them.

Several justices seemed to struggle to find the dividing line between the kinds of information that must be presented through live testimony and those that are routine, reliable or tangential enough to require only a written certification. The justices also indicated that they were aware of recent scandals at major crime laboratories involving the flawed analysis of blood, hair, ballistics and other evidence.

Justice Stephen G. Breyer cited a supporting brief filed by the National Innocence Network in the case, Melendez-Diaz v. Massachusetts, No. 07-591. The brief, Justice Breyer said, “is filled with horror stories of how police labs or other labs have really been way off base and moreover really wrong.”

Read the rest of this article from the New York Times by
clicking here.

really really low frame rate

In an earlier post, I mentioned that there was a way around Premiere Pro's frame rate choices for times when you need to create a file with a really low frame rate. Many folks sent e-mails asking for a way that doesn't involve hacking the project file in a text editor.

Fair enough ... here's a way around it. To do this, you'll need to upgrade your QuickTime player to QuickTime Pro. Once you've installed it ... try this. This method works with those DVRs that save individual images, as opposed to video files. You'll want to make a video file to play back these images smoothly. You'll need to know the frames per second setting from the DVR. Armed with this info, it's off we go.

Save the images in a folder. They should be numbered in a sequence. In QuickTime Pro, click on File>Open Image Sequence.



Point QuickTime Pro at the first image in the sequence and click OK. From the Image Sequence Settings pop-up, choose the appropriate setting. In this case, the camera was a low priority ... recording a frame every 4 seconds.



Click OK and enjoy the quick and easy results. Even better, you can save the file without adding more compression. You can even open up this new movie file in Photoshop.

Sunday, November 9, 2008

silly accident

"Act your age ... " is a popular refrain in elementary schools. Those of us who have advanced a bit beyond that point would do well to remember that little bit of instruction. 

I'm sitting at the keyboard, left hand in a fiberglass cast ... and its taken far too long to get this little bit of text typed out.

I'll be spending time, the next three weeks to be exact, getting slowly up to speed on some new and emerging technology. I've also got a dissertation to write in order to finally finish my degree in Organizational Leadership (the 33 degrees of Scottish Rite Masonry as a progressive course in leadership). I'll be hitting the blog sparingly during this time. When I come back, we'll be doing some fun things with MATLAB and the new Photoshop CS4.

Until then, you can find the new self-paced Forensic Photoshop e-learning class by clicking here.

Wednesday, November 5, 2008

Books, books, and more books

An e-mail came in today asking about a book reference from the LEVA class in Orlando, and Deke's new book arrived in the mail ... all on the same day. Coincidence? 

The references from the class were:
Deke McClelland's Adobe Photoshop CS4 one-on-one arrived in the mail, as I mentioned.  Deke's done his usual stellar job with this installment in his one-on-one series. The "read, watch, do" format has always worked for me. It's very similar to the instructional model taught in POST instructor's school, "see one, do one, teach one." As always, you'll have to dig a little deeper to tie some of the lessons into the type of work that we do, but the journey there will be well worth it. Deke puts together such an incredible product line, he'll always be on my must have list. You can also find his videos on lynda.com or download his dekepods.

Tuesday, November 4, 2008

Resize Smaller Part 2

Ok, so the question came in. Why resize smaller? There's a number of reasons, most having to do with getting rid of one kind of noise or another. In the print world, we scan at the max optical resolution of our scanners, then reduce by half in this way. The resulting image tends to be less noisy, largely due to the interpolation method's decision as to what stays and what goes.

Try it and see the results for yourselves. It's not a bad trick to have in your bag. It works on images of all sizes, just remember that the really small pics will end up even smaller.

Now, about the math:



The image here starts with a pixel dimension of 1024 x 1024. To find the number of pixels, just multiply one side by the other. 1024 x 1024 = 1,048,576. 

In the Width box, enter 70.7 and change "pixels" to "percent." Make sure that Constrain Proportions is checked. Click OK and you should get the resulting dimensions, 724 x 724.

724 x 724 = 524,176. 

524,176 / 1,048,576 = .499 - or (for all intents and purposes) half of the pixels that you started with.


Try it yourself. Bit depth has no part to play in this equation, it's simply looking at pixels. Remember to choose Bilinear as your interpolation method here - so as to not introduce additional sharpening.

Perform your corrections as specified in the workflow, then either interpolate up in Photoshop, or let your printer do it for you (optimal for newer printers).

Keep the questions coming. And, don't forget the new self-paced e-learning Forensic Photoshop class available from the American Institute of Forensic Education.

Monday, November 3, 2008

Resize Smaller?

I got a note asking about the magic numbers for resizing smaller, and thus improving the signal to noise ratio within an image. Here they are:
  • 71% (.707) halves the number of pixels
  • 50% gives you a quarter of the original pixels
Remember: use the Bilinear interpolation method so as to not introduce any sharpening at this stage.