Friday, May 30, 2008

Forensic Crossover

There are many parts of our jobs that cross over from one discipline to another. Latent Print Examiners and Questioned Document Examiners, for example, may also consider themselves Forensic Image Analysts inasmuch as they analyze the images used within their workflow. The same might be said of the crossover between Computer Forensics and Video / Image analysis as it pertains to digital CCTV.

There are, of course, some pitfalls in looking at this crossover. Pulling the power cord may be recommended in a computer forensics investigation ... but pulling the power cord on many Linux based DVRs can/will result in the loss of all data as the file structure may be stored in volatile memory (RAM) and not on the hard drive - until the appropriate shut down procedure is performed.

With this in mind, many agencies are trying to get more from less and tasking folks across these disciplines ... for better or worse. With that in mind, it's always best to know the technical and legal aspects of your work before jumping headfirst into a case.

Here's a hypothetical: an image analyst and photoshop user has been tasked with the retrieval of digital CCTV evidence from a crime scene. The system has no usable outputs and someone decides to seize the hard drive (not the entire unit). The analyst's unit does not have funding for the forensic examination of computer drives, but does have a little petty cash ... so someone runs out and buys Ghost at the local electronics store. Good idea or bad? I'd say bad. Here's why.

Computer Forensics is it's own universe, complete with best practices and citable cases. There are plenty of available software and hardware combinations out there, EnCase, FTK, and the associated hardware, write blockers, and so forth. Although Symantec may claim that Ghost can be used as a forensic tool, there is way too much disagreement on that for my comfort level. Click here and here for the discussion on Ghost from a Computer Forensics point of view. (Ghost is great for creating imaged clones in the corporate world, but when lives and careers are at stake ...)

IMHO, you may sacrifice credibility as an "expert" in your field when you take such risks. An expert seeks mastery and looks to understand the why of his/her process before undertaking the work. If the expert skips steps and allows expediency to rule in one aspect of the case, who's to say that he/she hasn't taken other shortcuts along the way. It opens the door to too many questions for my comfort level.

If you really want to work in that other field, get proper training, get proper procedures, and certainly get proper funding. There are too many sharks swimming around these days. Shortcuts are not worth the risk to your cases. 

Have a great weekend.

Wednesday, May 28, 2008

Lightroom eSeminar



You are invited to join the good folks at Adobe for this eSeminar on Adobe Photoshop Lightroom this Friday, May 30th, at 1pm PST.

Click on the image below for the details on how to access the Connect session. I am curious to see how well attended this session will be. Based on attendance, we may schedule other Connect sessions in the future.


Tuesday, May 27, 2008

quick fix with self blends



One of the things that photography students are taught is to correctly light the subject matter, thus saving time later by not having to fix the shot in Photoshop. But, when you are not the photographer ... what do you do?

Forensic Photography classes are becoming more popular these days. Proper placement and choice of light sources is a key topic within these classes. But what do you do if you aren't the photographer and you received images that need some work? Is there a quick way to bring out the detail in this image and reveal the tyre track? Of course there is ...

With the Forensic Photoshop workflow as your guide, begin working this image as any other, addressing focus and any global colour issues. Then address the local colours to bring out the detail of the tracks.

In this case, a Color Burn self blend can be employed to drive up contrast. Remember, Color Burn lightens the whites and darkens the blacks. Follow this up with a Curves adjustment to fine-tune this contrast enhancement and the details really jump off of the screen.


In just a few seconds of work, you'll have brought out the details in this image. And, you can save the results of the Curves adjustment for use in any other images that may have come with this one ... speeding up your work even more.

CCTV in the news

More CCTV news out of the UK.

The Scotsman.com asks, "Does CCTV actually work?" And, the BBC has a similar story that seems to answer the question, "CCTV boom failing to cut crime."

Monday, May 26, 2008

SAS vs. SATA

A question from a reader asks about the difference between Serial Attached SCSI (SAS) and Serial ATA (SATA) and which is better for our types of applications.

Tech On-line has a great article that explains these two technologies. Check it out by clicking here. The site does require registration, but it's free. And ... once in, you'll have an outstanding resource at your disposal.

"In general, SAS drives are used in systems which require the highest performance in terms of data transfer and reliability, and SATA drives are used in systems where cost is a more important factor than performance."

"SAS systems are designed to operate in full-duplex mode, meaning that data can be transmitted
and received to and from the drive simultaneously, compared to the half duplex mode supported with SATA, where communication can only take place in one direction at a time. In addition, SATA systems are designed to support connectivity with 1m cables to a single drive with a host port. SAS was designed to support connections with up to 8m cables, and can support the use of expanders which allow for connection to multiple SAS drives to a single host port."

SAS looks like the winner ... 

Friday, May 23, 2008

electronic copies of the book?

At a recent class, members of my local Sheriff's Dept. played a nice practical joke on me, handing me a disk that contained "my book." My facial expression said enough as what little colour I have drained out of my face. Thankfully, the disk was blank.

I have had a few requests for electronic copies of the book. I am, however, reluctant to produce something that is so easily pirated. I feel a little vindicated (in my decision not to do an e-version) by David Pogue, my favourite NY Times writer, in his latest article. Pogue is also the author of several "Missing Manuals," including the "Switching to Mac" manual that I used as an aid in dumping my HP.

Besides, you already have a free resource ... this blog.

National Fingerprint Database - coming soon?

"... earlier this week, a measure creating a federal fingerprint registry totally unrelated to national security passed a U.S. Senate committee almost without notice. The legislation would require thousands of individuals working even tangentially in the mortgage and real estate industries — and not suspected of anything — to send their prints to the feds. The database and fingerprint mandates were tucked into housing and foreclosure assistance bills that on Tuesday passed the Senate Banking Committee by a vote of 19-2."

Want to read more? Click here for the rest of the article.

Thursday, May 22, 2008

Forensic Image Analysis - from Interpol

In response to a European reader's question, I dug this old link out of the archives. It's a document produced by Interpol back in 2001. Even though it's a bit dated, the references and the definitions are still valid and quite helpful.

As far as the question, it had to do with measuring the height of a person using Photoshop CS3's measurement tools. Problem: the suspect was in motion throughout the entire clip. Getting the "true height" can be tricky. Check out Figure 9 in the linked document.

Colour correcting with Vivenza?



A friend of mine asked me to look at Nik Software's Vivenza, their newest offering for enhancing images. Vivenza promises to assist the user in controlling colour, light, and tonality. All noble goals. Let's take a look at how they did.

If you are a photographer and shoot with Nikon (using CaptureNX) you will be familiar with Nik's U Point technology. U Point utilises control points to dial in corrections. The scope of these points is adjustable.

From a technology standpoint, I love what they've done. As a photographer (using Fuji cameras) and a power user, I plan on using this new plug-in for my photo work. In looking at it's use for image enhancement, I'm a bit nervous. It's not that I think the plug-in doesn't work or any other such failing. I like the way it works. I think that users without a solid background in photography or some very good hands-on training in the use of this style of correcting may have trouble documenting and explaining their process effectively (forensics as oration and debate).

As such, if you are a photographer ... you'll love it. If you are a image enhancement power user ... you'll love it too. If you are just getting started ... have someone with experience with Vivenza give you some very good hands-on training before you incorporate this plug-in in your workflow.

Nik offers a 15 day trial, so you have the opportunity to get your feet wet and see if this will work for you before paying the $249.95 retail price.

If you've downloaded the trial or are using the full version, I'd be interested in hearing about your experiences with Vivenza.

Wednesday, May 21, 2008

Forensic Photoshop in Government Video Magazine

A few months ago, Government Video conducted a short interview with your humble host. The interview can be found in this month's print edition and on-line. Click here to read the interview.

If you are not familiar with Government Video, it's a excellent source of information. The fact that they offer LE pros and others in the industry a complimentary subscription makes it all the better.

Tuesday, May 20, 2008

Annotating PDFs

Apple users, here's another reason to jump for joy ... annotating PDFs in Leopard's Preview. Want to learn how? Click here for a short video from Apple's web site.

Annotating files can be a great way of communicating case needs with a diverse and dispersed staff. It's also one of the case management strategies that I am exploring since I dumped Windows.

Monday, May 19, 2008

Digital Asset Management

The topic of Digital Asset Management has come up from time to time. How does one manage digital assets in a small agency? How about a large enterprise? What role does metadata play? What do you (meaning me) use in your workflow?

Some agencies incorporate their images in their overall record management system. But, in talking with folks from large and small agencies, as well as privateers, there seems to be no single solution that works for everyone.

I'm looking at Adobe's Lightroom from the standpoint of it's Library functionality. I'm also looking at Bento, Filemaker's personal database application (Mac only). You might be familiar with Lightroom, but who's heard of Bento outside of the small Mac community? The more I look into Bento, the more I like what I see.

With that in mind, what do you use to manage all of your assets? I'd be interested in knowing what else is out there.

Friday, May 16, 2008

Color Management Module

I received a question asking, "what's the Color Management Module and what does it do?"

Fair enough. The Color Management Module, sometimes called the Color Management Engine, is used to translate colours from one known colour space to another known colour space. It uses ICC profiles to manage this transition.

You can find the available modules in the Convert to Profile dialog and the Color Settings dialog.

Wednesday, May 14, 2008

Computer Forensics Seminar

This was sent in by a reader of the blog. Many thanks for sharing this with us.

Panel of Experts.
You'll hear a panel of distinguished experts, with over 30 years of combined experience in the field of computer forensics, talk about the current challenges and opportunities in their field. They will also discuss why the Mac is their preferred choice for doing this type of work. 

The panel includes:
  • Detective Mark Honken, L.A. County Sheriff's Department. Forensics investigator and member of the Southern California Hi-Tech Task Force
  • Marko Kostyrko, CEO of Subrosasoft. Developer of tools for law enforcement such as MacForensicsLab and MacLockPick
  • Derrick Donnelly, CTO of BlackBag Technologies. Developer, trainer, expert witness, former Canadian Law Enforcement Officer (computer crime)
Best Practices, Tips and Tricks
You'll learn recommended procedures, best practices, and tips and tricks for undertaking a forensics examination

You'll Learn:
  • How to perform triage at a crime scene to capture evidence
  • How to prepare for a forensics examination and protect the integrity of the evidence
  • How to use several tools to identify and capture evidence from a suspect system
  • How Mac OS X Leopard provides unique and powerful capabilities for forensics examinations
Who should watch:
Law Enforcement, Intelligence and Security-focused I.T. Professionals who perform computer forensics and e-discovery examinations

Click here to join the fun.

Bootlegs and the problems that they cause

"An internal Federal Bureau of Investigation presentation states that counterfeit Cisco routers imported from China may cause unexpected failures in American networks. The equipment could also leave secure systems open to attack through hidden backdoors."

So begins this interesting article on the ZDNet blog.

Monday, May 12, 2008

Evidence Ready CCTV Standard Launched in the UK

From the Forensic Video Analysis Group, London, UK:

"The Evidence Ready CCTV standards licensing programme has been designed to help the police retrieve evidence quickly and easily by providing them with all the information they need to export and view the evidence."

Click here to read more about this interesting development. Pay particular attention to the specifications in the agreement. The first questions that I asked myself is, "how can 'Export of recorded footage without the appropriate playback software onto Compact disc (CD) and/or digital versatile disc (DVD) and/or universal serial bus (USB) device' be considered evidence ready?" Won't you need the player to play back the footage in it's native form?

Forensic Photoshop a Indie Excellence Finalist

This just in:

Forensic Photoshop, the book, has been selected as a finalist in the 2008 Indie Excellence Awards.

"The Indie Excellence Book Awards are dedicated to
celebrating and promoting the outstanding work of
independent publishers and authors."
-Dan Poynter, author of The Self Publishing Manual
and 100 other books

Thursday, May 8, 2008

Zoom Level for Sharpening

Many Forensic Video Analysts are now stuck working with images from video that are in the CIF and QCIF range. Sharpening these images can be an exercise in futility.

But what about multi-megapixel images? When dealing with images that are over 2000 pixels in any one direction, try dialing back the zoom level to 50%. At this level, you'll get just the right amount of detail (though you may want to jump up to 100% to check noise in the midtones/shadows and back again).

Private browsing

Many folks share computers and don't want their browsing history open to prying eyes. Enter Safari, Apple's cool web browser.

Simply turn on Private Browsing from the Edit menu and things like auto-fill and page history are not saved between sessions.

You can download Safari for Windows or Mac for free. Click here to get your copy today.

Wednesday, May 7, 2008

Best Seller Again


Forensic Photoshop on Blurb's Best Seller List

The book continues to do well. There was a brief time where the book was knocked off of the best seller list. But, thanks to continued strong sales ... it's back!

Thanks again for all of your support!

Cross examination questions

Here is a link to an excellent piece on questions that you may face in court during cross examination.

The list is fairly long and the folks at SEAK have done well in putting together such a comprehensive list. It's better to be prepared than caught unaware.

Enjoy.

Be careful what you say in court

A reader sent some links to expert witness depositions that ended up on YouTube. When you are done, check out the others that are linked to the ones listed below. It's a great time waster.

Click here for the first.

Click here for the second.

Enjoy.

Tuesday, May 6, 2008

Best Practices for Forensic Video Analysis

This just in from SWGIT:

"The Scientific Working Group on Imaging Technology (SWGIT) has just released a NEW draft document for public comment and feedback:

Section 18 - Best Practices for Forensic Video Analysis

The document can be found here.


We would appreciate your comments and feed back. To submit feedback please see the "Instructions for sending feedback".


Enjoy.

Tool Presets

A question came in about tool presets, mainly what are they and what are they used for.
A Tool Preset can speed up your workflow because it can contain all of a tool's options. As an example, you can create a brush tool for working on your adjustment layer masks that includes brush size, blend mode, opacity, and flow. The next time you need this brush, simply select it from the Tool Presets palette. No need to input all the settings again.

To create a Tool Preset, configure the tool to suite your needs. Then, click on the downward facing arrow next to the tool icon on the Options bar, then click on the pop-up palette menu and select New Tool Preset. Give your new preset a descriptive name and click OK.

Once you get used to using them, you'll wonder how you managed without them.

Enjoy.

CCTV boom has failed to slash crime, say police


Police officers monitor CCTV screens in the control room at
New Scotland Yard in London.
Photograph: Kirsty Wigglesworth/AFP/Getty images

From the Guardian, UK: "Massive investment in CCTV cameras to prevent crime in the UK has failed to have a significant impact, despite billions of pounds spent on the new technology, a senior police officer piloting a new database has warned. Only 3% of street robberies in London were solved using CCTV images, despite the fact that Britain has more security cameras than any other country in Europe.

The warning comes from the head of the Visual Images, Identifications and Detections Office (Viido) at New Scotland Yard as the force launches a series of initiatives to try to boost conviction rates using CCTV evidence."

Read on by clicking here.

"Billions of pounds has been spent on kit, but no thought has gone into how the police are going to use the images and how they will be used in court. It's been an utter fiasco: only 3% of crimes were solved by CCTV. There's no fear of CCTV. Why don't people fear it? [They think] the cameras are not working." - DCI Mick Neville, MPS

Sounds familiar to me ...

Monday, May 5, 2008

JPEG and compression - is there a safe way?

A question came in about using JPEGs in field photography. The agency's rules prevented the photographer from shooting in RAW and he wanted to package a bunch of JPEG files in an e-mail. His question was, "would adding these files to a zip file ... thus compressing them ... hurt my images?"

JPEG compression and compressing JPEGs are slightly different concepts. I sent him a copy of this white paper that explains it better than I ever could. Check it out and see for yourself.

Friday, May 2, 2008

Disabled Layer Masks



A reader writes, "Help. I've got red X marks on my layer masks. What did I do and how can I get rid of them. My masks aren't working."

Those red X marks, recreated for you in the above image, are a visual reminder that your masks are disabled. Here's how it works.
  1. Click on Layer>Layer Mask>Disable ... or
  2. Shift+Click the layer mask thumbnail (disable and enable) ... or
  3. Ctrl+Right Click on the mask and select disable/enable layer mask from the context menu.

As with many things in Photoshop, there is more than one way to do the same thing.

I know that the red X marks can be a bit shocking. Hopefully, this will help if you've accidentally disabled your masks.

Enjoy.

Thursday, May 1, 2008

OS X on an OQO?

Can it be? An OQO hacked to run Leopard?

Check it out by clicking here.

Don't throw away your old Roxio discs

Happy May Day.

ADS customers beware. Don't throw away your old Roxio discs and rush out to buy Roxio 10. It seems that Drag-to-Disc, a must have in transferring recordings from your ADS hardware, is gone. Why, you ask? Vista.

Click here for the forum discussion at Roxio.com. Click here to search for alternatives at Burnworld.com

At this point, it seems that Vista's packet-writing scheme won't help much either. Stay tuned for developments.

Enjoy.