Featured Post

Welcome to the Forensic Multimedia Analysis blog (formerly the Forensic Photoshop blog). With the latest developments in the analysis of m...

Monday, October 29, 2012

Government Organizations can also be Sanctioned for Spoliation of Evidence

This from exterro.com: "The threat of evidence spoliation doesn’t only affect private parties but also extends to government organizations, such as cities or municipalities. Case in point is DMAC LLC and Fourmen Construction, Inc. v. City of Peekskill (S.D.N.Y Sept. 12, 2012). The district court ruled that the defendant, City of Peekskill, spoliated evidence by deleting relevant emails. This failure was due largely in part to the defendant not maintaining a “formal e-mail retention policy,” which left “sole discretion” to the defendant’s employees to decide for themselves whether to keep or dispose of emails. Along with awarding the plaintiffs, DMAC and Fourmen Construction, with costs and fees arising from bringing this motion, the court granted an adverse inference instruction, which allowed jurors to infer “that the City (defendant) negligently destroyed e-mails similar in nature to the ones produced, and that said e-mails would have been favorable to plaintiffs’ case.”

In this case, the plaintiffs brought suit against the defendant for stopping their real estate project allegedly due to illegal political reasons. During the discovery process, the defendant informed the plaintiffs that they had no formal email retention policy in place. As a result, a majority of the defendant’s employees had deleted pre-litigation emails concerning the subject matter relevant to the case. In response, the plaintiffs made discovery requests to third parties that surfaced several relevant emails from the defendant. Based on this finding, the plaintiffs filed a motion for sanctions against the defendant for spoliation of evidence under Federal Rules of Civil Procedure (FRCP)."

"The court deemed a failure to maintain a “formal e-mail retention policy” as de facto negligent. But beyond this, the court ruled that the defendant was grossly negligent because (1) the defendant ignored its obligation to preserve relevant emails when the duty to preserve was triggered, and (2) even with the defendant’s assurances that a legal hold was implemented when litigation began, testimony from one of the defendant’s employees refuted that claim. The employee stated that “at no time was she ever advised to preserve communications, including e-mails.”

Read the whole story here.

Friday, October 26, 2012

Adobe Camera Raw - no Win8 support yet

If you are an ACR user, and you want to upgrade to Windows 8 ... you'll have to wait a bit. Adobe's compatibility site shows no support for ACR for Win8 users. Additionally the ".com" stuff isn't supported yet. Neither is Flash (for those that develop demonstratives in Flash Pro).

So, stay tuned. It's always this way when a new OS hits the market.

Thursday, October 25, 2012

What you should know about Windows 8 security features

If your lab is considering upgrading to Windows 8, or looking to start the validation process, here's an article that outlines the new security features of Windows 8.

Considering that many of the students in my classes are still on XP, I wonder how many will jump straight to 8 - or simply stay with XP and hope for the best.

Wednesday, October 24, 2012

Image Processing Fundamentals

I'm heading down to San Diego to attend the annual LEVA conference and present a lecture on Image Processing Fundamentals. My topic doesn't concern a specific piece of software, or a new piece of hardware - it's about the science that underlies forensic video analysis and how to talk about it in everyday terms.




So from convolution (it takes a village) to why night vision shots are always green, we'll have a good time talking about the science behind the work that we do. Along the way, we'll meet some of the giants of the science world like Joseph Fourier (or Joey Sine Wave - as he's called in NYC) and Anil Jain.

I hope to see you there.

Tuesday, October 23, 2012

Learn new Photoshop features in a click



Created with Adobe Configurator 3, the Photoshop Features panel lets you easily explore, try out and learn the new and enhanced tools and features in Photoshop CS6 and Photoshop CS6 Extended. Arranged in a series of tabs, from the panel you can check out the new tools and features, access the timeline tools and capabilities for video and frames, go to video tutorial websites and if you have Photoshop Extended use all the major 3D tools and functions.

The panel is free and exclusively available on Adobe Exchange. To download it you will need the Adobe Exchange panel which currently works with 9 different CS6 applications.

Monday, October 22, 2012

U.S. Customs Workers to Switch to iPhones From BlackBerrys

Having a small hand in the cellphone forensics side of the DME business, I don't see the move to the iPhone as a good thing. I would hope that, rather than take the "fan boy" route, agencies fully validate the phones in terms of security, and just what the phone captures about the users' daily activities. I know what I can get from an iPhone - at the local police level using tools like Cellebrite and FinalMobile. I can imagine what the national security side looks like. Not good.

Friday, October 19, 2012

Creative Cloudy

Ok. This isn't right. I've just finished downloading all the CS6 apps via the Creative Cloud. Now, understand, I don't technically have internet up here on the ranch. Verizon's switch was fully populated for the mountain communities before I moved in, so I get internet through a cellular 3G link. So, I downloaded all the apps via cellular. Ouch.

But, it gets worse. When I finished downloading everything (about 2 gigs worth), and fired up Bridge CS6, the check for updates functionality kicked in and found another 700Mb in updates? Updates? I just downloaded the latest stuff from the Cloud. Why should there be updates? Ugh.

I'll click the update button and go to bed. In all, it'll take about 24 hours to download, install, and update the CS6 apps via 3G.

Have a great weekend.

Wednesday, October 17, 2012

Meet Amped Software at the LEVA Conference

This just in from Amped Software:

We are happy to announce that we’ll be present at the Law Enforcement & Emergency Services Video Association (LEVA) 2012 Annual Training Conference on October 22-26, 2012 at the BAHIA Hotel in San Diego, California.

We will be demonstrating and showcasing the new 2012 version of our popular Amped Five Professional forensic video enhancement software. VideoScanner, our new product for forensic video e-discovery, will be shown in action at our booth. This is a new tool that can save countless hours for investigators looking for video evidence on a suspect’s computer.

Training conferences like LEVA are very important for us: with respect to other kind of events, here we have the possibility to be in touch with our actual end users and meet with world class forensic video analysts. Here we can present our technology to experts who can fully understand its potential and give concrete feedback for its further improvement. For this reason we are presenting here not only our popular software for forensic video analysis, Amped Five, but also our latest projects.

In particular with VideoScanner we created a very simple tool which can save hours looking and inspecting video files in digital forensic cases. VideoScanner allows the investigator to quickly extract few representative frames to all the videos found on a device for a efficient inspection. As a bonus it add several forensic facilities, such as the possibility to calculate the hash code on all the analyzed files and the automatic creation of the analysis report.

We are using this conference to show a preview of Authenticate, our new project which for digital photo authentication. Authenticate will incorporate an innovative workflow concept into a ground-breaking software for image authentication within a feature-packed, but easy to use, user experience. We see this as a critical tool for prosecutors and investigators in states such as California in light of the recent Beckley court ruling on requirements for digital evidence authentication. Evidence is being challenged in courts on the basis of authenticity and Authenticate will provide several tools for evaluating the originality of an image. We are offering several types of tools in Authenticate and have combined several different techniques, from simple metadata and quantization table analysis to actual pixel value inspection and cutting edge techniques used to specifically match an image to a camera or device.

At LEVA, Amped Software will be in booth 122 in the main exhibit hall. We have donated a VideoScanner tool for the LEVA Door Prize Drawing. You have to be present to win, so we'll see you there!

Tuesday, October 16, 2012

I'm now an Adobe Creative Cloud subscriber

OK. I did it. I finally did it. I signed up for Adobe's Creative Cloud services. I'd like to say that I did it for work, but that's not entirely true. I did it for school. For all the things that I'm doing in my school work towards my PhD, it just made sense. Plus, the special offer that they made through the school was too hard to pass on. So, I did it. I'm in the cloud.




Wish me luck.

Monday, October 15, 2012

Art vs. Science

I'll be in court today as a spectator, watching two "experts" testify as to their work on the authenticity of a particular piece of evidence. These two people both "examined" a VHS tape. Each came to a separate conclusion as to the authenticity of the evidence. One has a process, a system, a set of tools that is recognized by his peers as valid, and institutional backing. The other, seemingly worked by feel - trusting his gut that things just didn't look right. One has a stack of notes that can be used to re-create his work. The other has several pages that only make sense to him. The scene is set ...

I'll have my smart phone at the ready, Tweeting live as interesting things come up. Follow me @jimhoerricks.

Wednesday, October 10, 2012

FourMatch in an Image Authentication Workflow

Four and Six recently posted the latest in a series of blog posts placing their new FourMatch authentication tool in context within the larger image authentication workflow.

" ... The biggest strength of FourMatch is its ability to provide compelling evidence that an image file has not been modified since it was first captured. However, FourMatch is not designed to tell you whether an image is untruthful. It merely tells you whether the photo remains in the pristine state it would be in coming direct from the camera. That means that many files that fail the FourMatch test may still be truthful images. Perhaps someone just cropped the image without altering the remaining photo content. Or perhaps someone just re-saved the photo using a higher degree of JPEG compression in order to make the file smaller to upload to the Internet. Both of these changes would cause the resulting file to fail the FourMatch test, even though the actual content of the file is still reliable ..."

" ... Let’s start with considering FourMatch as a standalone authentication measure. Particularly within a legal setting, there are many times when people may need assurance that an image can be trusted, particularly given the ease with which images can be manipulated with modern software ..." Two things come to mind, is it possible that an image is authentic, completely untouched by software, yet fail the test? Meet the black swan. Even though their database is quite robust, it still needs updating regularly. Thus, the software - given the tremendous head start - will play catch up as new phones and cameras come out. Not finding that black swan depends on keeping your subscription up to date, keeping your local database up to date, and Four and Six keeping their end up to date. Also, as it's software and it's database driven, can it be spoofed? Hmmm.

At this point, I think it's abundantly clear what FourMatch is and isn't. The question now is ... is it worth the initial price + on-going subscription (+ off-line surcharge for those folks who have an un-internet-connected lab) for what it provides? Given that a lot of folks haven't upgraded from Photoshop CS3, this cost also includes upgrading Photoshop as well.

Tuesday, October 9, 2012

Problems with CCTV evidence in court

This from Walesonline.com illustrates the problems in dealing with CCTV evidence: "... Jason Richards, 38, and Ben Hope, 39, are on trial accused of his murder and the attempted murder of his parents who had tried to stop their son from being attacked.

They both deny all the charges against them.

The jury had previously heard that that eight and a half years worth of CCTV material had been recovered during the investigation into the 17-year-old student’s death.

Earlier in the week DC James told the court he had viewed CCTV images from all over the city as part of the investigation.

The jury had also heard that around 100 to 120 cameras had been involved in the investigation and included images from public houses, private houses and commercial premises.

As part of the cross-examination of DC James which began today, Mr Rees pointed out that two clips taken from a camera at Talybont student accomodation couldn’t follow each other as the one later in sequence happened earlier in adjusted real time.

During the hearing DC James explained to the court how some differences in timings could occur.

He said it could be the case that an officer has rounded it down to the minute or up to the minute.

DC James added: “We try to be as accurate as we possibly can.”

The court heard that council cameras were treated as being accurate as they run to the atomic clock.

Mr Rees also read out in court a number of premises which had been asked to download their CCTV as part of the investigation.

He said Talybont student accommodation had been asked to do so on April 19 - eight days after Aamir had been killed.

Mr Rees said when the person responsible for doing this downloaded the images and checked it against the speaking clock they found CCTV was running 15 seconds faster than the speaking clock.

The court heard that when the North Star public house downloaded their CCTV and checked the timings they found the CCTV was running one hour and five minutes slower than the speaking clock.

DC James told the court that he would assume an officer would have been writing these timings down at the time.

He had also told the court that the CCTV team “can only work with the timings given [when the CCTV] was recovered”

The trial continues ...

Saturday, October 6, 2012

Understanding ISO, Shutter Speed, and Aperture


Check out this awesome exposure triangle graphic found in this Exposure Guide tutorial on the fundamentals of exposure.

"When these three elements are combined, they represent a given exposure value (EV) for a given setting. Any change in any one of the three elements will have a measurable and specific impact on how the remaining two elements react to expose the film frame or image sensor and how the image ultimately looks. For example, if you increase the f-stop, you decrease the size of the lens’ diaphragm thus reducing the amount of light hitting the image sensor, but also increasing the DOF (depth of field) in the final image. Reducing the shutter speed affects how motion is captured, in that this can cause the background or subject to become blurry. However, reducing shutter speed (keeping the shutter open longer) also increases the amount of light hitting the image sensor, so everything is brighter. Increasing the ISO, allows for shooting in lower light situations, but you increase the amount of digital noise inherent in the photo. It is impossible to make an independent change in one of the elements and not obtain an opposite effect in how the other elements affect the image, and ultimately change the EV."

If you’re just starting out in photography, do yourself a favor and work through the Photography Basics page over on Exposure Guide. It’s a fantastic resource.

Find more cool stuff at PetaPixel.

Friday, October 5, 2012

How do we store/manage all this digital media/data?

On October 23rd, LEVA is opening the doors of our exhibit hall and presentation rooms for our Digital Asset Management Expo at the Bahia Resort Hotel in San Diego. From 8:00 am to 6:00 pm, all law enforcement officials are encouraged to join us absolutely free of charge. Visit with our twenty-six exhibitors and attend presentations on the latest digital asset management technologies for law enforcement. The goal of this event is to help agencies everywhere answer the question, “How do we store/manage all this digital media/data?”

Topics presented will include;

· Digital audio enhancement & clarification
· 3D laser scanning for crime scene mapping & documentation
· Network based surveillance video systems
· Cost effective digital asset management platforms
· High definition in-car video recording
· High definition body-worn video recording
· Forensic video analysis solutions
· File based media movement & storage

Rooms at the Bahia hotel are still guaranteed available at the government rate ($133 per night) for a limited time. A lunch buffet will be served in the exhibit hall for $10 for those law enforcement professionals joining us for the day. If your agency has questions about handling, managing or storing digital evidence or data in its many forms, this is the place to be!

Please feel free to contact LEVA President Blaine Davison at president@leva.org or Training Vice President Jan Garvin at training@leva.org with any other questions regarding the event.


Thursday, October 4, 2012

Free J2K plugins

j2k is a free Photoshop and After Effects plug-in set for reading and writing the JPEG 2000 file format, the successor to JPEG.

Also known as JP2, JPEG 2000 uses wavelet compression as opposed to the DCT compression used in standard JPEG. The end result is "better image quality" in a smaller file. JP2 also includes mandatory metadata such as information about an image's color space.

The After Effects and Premiere Pro versions have the ability to Auto Proxy, meaning that when working at half or quarter resolution j2k will only need to read in a fraction of the file, resulting in dramatic speedups.

Find out more by clicking here.

Enjoy.

Wednesday, October 3, 2012

Why don't cameras capture dynamic range as our eyes do?

Here's an interesting discussion on human vision, perception, and equipment.

Enjoy.

Tuesday, October 2, 2012

Get a look at the new Acrobat XI

Click here to register for the webinar and get introduced to Adobe's newest version of Acrobat (XI). From what I've heard, it's gonna rock your presentations.

NYPD to boost gang unit over social media violence

Interesting timing, but this just in from WRAL (New York), " ... The New York Police Department is planning to double the size of its gang unit to 300 detectives to combat teen violence fueled by dares and insults traded on social media. ... Under the new plan, the NYPD gang unit will work more closely with other divisions that monitor social media for signs of trouble. ... Kelly cited a recent case in which investigators used Facebook to track a turf war between two Brooklyn crews named the Very Crispy Gangsters and the Rockstars. The case resulted in dozens of arrests for shootings and other mayhem ..."

Eventually, these cases will make it to court ... Images will need to be authenticated, processed, etc. Something to consider.

Enjoy.

Monday, October 1, 2012

Interesting development - authentication of images

Here's an interesting development in the on-going struggle to scientifically authenticate images for use in court.

Last week, I took a look at the Four and Six product. Over the weekend, Amped Software announced a product specifically aimed at the context/content issues raised in authenticating digital images for use in court. Amped's Authenticate product looks to be what we've all been waiting for - a multi-pronged approach to examine the range of authentication questions in an scientifically supported way. If their other products are any indication of how this one will eventually shake out, you'll get a comprehensive report that features academic references/sources - an essential part of Frye and Daubert.

If you're wondering who's behind all the science and technology, check out this list. It continues to grow as they reach out further into the academic circles of the countries in which they sell their products. Nevertheless, it's quite impressive.

So, since this is a restricted product, if you're interested in learning more, you'll have to reach out to Amped directly through your LE e-mail account and face a little screening.

No word yet on pricing, so stay tuned ...

Enjoy.