Featured Post

Welcome to the Forensic Multimedia Analysis blog (formerly the Forensic Photoshop blog). With the latest developments in the analysis of m...

Monday, July 30, 2012

AmpedFive works with native Milestone files

Amped software recently announced an update to Five that adds native Milestone support. What does that mean? "Now Five allows working on native Milestone export format (.PQZ) as if it was a standard video file. No further exporting and conversion is needed, thus ensuring the maximum available quality." Where's Milestone? City CCTV, police surveillance ... everywhere. They've got huge market share. Now, we've got a way to work native. How cool is that?!

Tuesday, July 24, 2012

Best Practices for the Analysis of Digital Video Recorders - my public comment

First off, let me say that I'm not representing any "agency," as defined by the SWGs, in my comments. The following comments and observations come from me - a practitioner. As the document was published in public, I'll give my comments in public. Consider this me talking out loud as I read it - asking questions and noting observations as I go along ... If I sound confused about this document, it's because I am. Sorry.

My first observation is this - the rapid shift from "retrieval" in the beginning of the document to "analysis" later on. This is an important distinction. Evidence my be retrieved by one employee and analyzed by another. The person doing the analysis may have no access to the crime scene and therefore must rely on the accuracy and completeness of the retrieved information/data. Again, this is part of my confusion - retrieval vs. analysis.

Secondly, this document seemingly proposes a "bag it and tag it" approach, seizing the DVR and processing it as evidence. The workflow mainly reads as a quasi-computer forensic (CF) procedure. I'm not arguing that the workflow is necessarily bad - but confusing. Once you've performed the CF functions of opening the case, cloning the drive, putting the clone in, and turning the DVR back on - you're right back to where you were with the TSWG book, checking settings and etc. Should this new procedure replace the one in the TSWG book - or supplement it only when getting the data on scene is problematic?

Many agencies will have issue with this move to equip retrieval agents with CF drive cloning gear and etc. Others may have an issue with cracking the DVR case and performing this procedure in the field, and will opt simply to bag/tag when they didn't previously. Either way, there will be a big shift in the way many agencies process DVRs at crime scenes (or not, and they'll have to explain why under cross?)

Thirdly, the technical considerations were learned by practitioners over time, often the hard way (loss of data). Often, DVRs are so poorly designed/documented that you won't know that these are issues until it's to late - you've already pulled the HDD and it want's to format it for first use when you put it back in. Moving from a retrieve in place method, to a bag and tag CF method, may prove problematic when an agency lacks proper funds/staff/training to perform the CF part effectively.

Finally, given that you move back to the TSWG book's retrieval procedure as soon as you put the clone in place, are you actually "analyzing" the DVR? What does it mean to you when you hear the term "analysis of Digital Video Recorders?" I think, researching chips, compression schemes, indexes, etc - not doing a CF drive clone to facilitate a retrieval. Again, confusion on my part?

I guess that my comments can be summed up as confusion as to why? Why merge CF functions with DME retrieval in the same document? Why call it DVR analysis when you're not really analyzing what makes the DVR do what it does? (How many agencies have engineers that could do an analysis of chips, boards, OS, etc?) Why did SWGIT feel it necessary to write this draft? What issue were they trying to address that isn't adequately covered by the TSWG book? Why is this a SWGIT document and not a SWGDE document? This document seemingly fits better with SWGDE's mission.

Again, the discussion draft is public, so I chose to make my initial thoughts public. I know that many privateers aren't included in the various list-serves and discussion groups - so I'm trying to get the public to be as inclusive as possible.

Enjoy.

Monday, July 23, 2012

Tag it and bag it

The Scientific Working Group on Imaging Technology (SWGIT) has released a new document for public comment until September 14th, 2012.

Section 23 Best Practices for the Analysis of Digital Video Recorders can be found at www.swgit.org or at http://theiai.org/guidelines/swgit/index.php

Instructions for providing feedback can also be found at the above web sites.

SWGIT greatly appreciates your feedback, so please take a few minutes to review the new guidelines and provide them with your comments.

Wednesday, July 4, 2012

Smartphone App used to Secretly Record Police Stops

This just in from CBS New York: "New Jersey’s branch of the American Civil Liberties Union has taken its mission of policing the police to smartphones.

The ACLU has released an app called “Police Tape” that lets users secretly record police stops.

The ACLU’s Alexander Shalom said the app is easy to use.

“There’s really only three buttons that the user needs to deal with,” Shalom said. “There’s a know your rights button that educates the citizen about their rights when encountering police on the street, in a car, in their home or when they’re going to be placed under arrest, and there’s a button to record audio and a button to record video.”

Read the whole story by clicking here.

Be careful out there.

Tuesday, July 3, 2012

Photoshop Facebook poll

A recent poll on Facebook illustrates my point about Adobe's direction with Photoshop.

Here's the post from Photoshop's Facebook page:

"On Friday you shared with us more than 750 features you would add to Photoshop! We greatly appreciate your feedback and want you to know that the most requested feature is already a newly added feature in Photoshop CS6. You can find it under Preferences>File Handling.

----

Also added to Photoshop CS6:
Type styles is a newly added feature in CS6: http://bit.ly/LsqPV4
Relight: You can relight images using the brand new Lighting Effects in CS6: http://bit.ly/JPvJv3
Bokeh blur: The new Blur Gallery in CS6, in addition to the Lens Blur filter, can also achieve bokeh effects: http://bit.ly/OdetU2

----

The following features have been available in Photoshop for multiple versions:
Longer history: Choose Preferences>Performance to add up to 1000 undos/history states
Spell check: Spell checking is already there. Edit>Check Spelling.
Canvas rotation: http://adobe.ly/LKUy9R
Remove dust: You can open multiple raw images in Camera Raw, remove dust from the same location via the spot healing brush and synchronizing the setting across all images to batch spot remove.
Edit keyboard shortcuts: You can add a shortcut to any command you like. Edit>Keyboard Shortcuts.
Comment tool: http://adobe.ly/NevWZp
Easy button: Try Photoshop Elements, which has options for "Full" "Quick" and "Guided" ease levels."

You see, the types of features most demanded by its fans aren't really applicable to forensic work. Still and all, I'm taking a wait and see approach to this.

Monday, July 2, 2012

Small towns adjusting to life without police depts.

This just in from PoliceOne.com: "It's a crime what City Hall did last month, some residents of this town say.

But eliminating the entire police department — chief and all — is just a sign of these penny-pinching times, according to law enforcement experts.

That's little comfort to Cleo Brewer and other townsfolk, many of them retired and living on fixed incomes.

"No one wants to say their town doesn't have a police force. It's an invitation for trouble," said Brewer, owner of the Western Cafe, a popular eatery that has been tempting patrons with its catfish plate specials for 25 years.

Other residents of this relatively quiet town of 1,100 say the city simply had no choice.

For several years now across the country, rural towns like Kemp have been disbanding their police departments because they can't afford them anymore. While the overall number of law enforcement agencies in the nation went up from 2004 to 2008 — the latest years for which national statistics were available — smaller departments with fewer than 10 officers dipped about 2.3 percent, according to data from the U.S. Bureau of Justice Statistics ..."

To continue reading the story, click here.