Thursday, July 18, 2013

Forensic Video Acquisition Field Kit?

So, I get an e-mail from my friends at Ocean Systems announcing their "Forensic Video Field Acquisition Kit." From reading the piece, I'm a bit worried that inexperienced folks and uninformed command staff might be confused as to what this is and what this isn't.

First of all, what is it? It's a nicely put together kit for your extremely last resort option of grabbing digital evidence out of the analog video port of a DVR. Yes, I had to say it. This is not a option of first choice, but one done when all else fails.

The Best Practices for the Retrieval of Video Evidence from Digital CCTV Systems (DCCTV Guide), also known as the red flip book, notes on page 1 that you should be after the data - "the retrieved video data should be retained as the master evidence." Note the word, data. This kit is designed/sold to grab signal, not data. (I guess you could use it to network to the DVR, but that isn't listed as a feature and you could just as easily buy a cheap laptop and a cross-over cable on Amazon to do that part).

Remember, DCCTV retrieval is the collection of relevant video data and associated metadata from a digital video recording system. In every class that I've ever taught on the subject of the retrieval of DCCTV evidence, I've focussed on securing the data and metadata as the master evidence. Again, this kit grabs signal, not data / metadata.

Page 25 of the red flip book notes that not all DVRs have a digital output option. For these systems, the book advises the investigator to consider seizing the DVR as the master evidence. If that's not possible, it then advises an analog signal capture as a last resort option. I know that the book says it, but why is seizing the box important? If I have a DVR with no digital output options, and I have the DVR in my lab, I can do whatever it is that I do for the case. I can turn the DVR over to opposing council's expert, and they can do whatever it is that they do - from the same piece of master evidence. With this kit's output, the opposing expert can only work from my output, not from the original evidence (with the DVR in continued service, it's likely that the original data will be long gone before trial ever starts).

Additionally, the statement "Now first responders and experienced analysts alike can go on scene with confidence that they will walk away with an uncompressed copy of the evidence they need to investigate the case" is a bit misleading. You aren't getting a copy in the classical sense of the word. If you were, you'd get a copy of the data - but you aren't. The evidence is the data and the metadata. The signal is a nice picture of the data, but it's just that, a visual representation of the data. It's like taking a picture of a pistol and trying to do ballistics.

Added to that is the fact that it's a less than real time option. Yes, I said it. It's less than real time. You have to play it back in real time, then wait for Omnivore to save it in its native Omnivore format, then convert it to something usable for your editor. So, it's less than real time - not "instantly previewed, saved or exported to common formats" as the marketing page states. What happens if you have multiple cameras, or multiple hours to capture? Is this something that you want to do in the field, or would you consider seizing the DVR and doing this back in the lab? In cases where I can get the data, that's my preference. If the data/player doesn't support the creation of a file that my attorney needs (.avi, .wmv, .mov) for his/her presentation, I can use my Omnivore to speed that along. But, I still have the original data. In many cases, like with .264 or .re4 files, I can quickly convert the proprietary files with FIVE and thus skip the real time Omnivore option (though I like the Omnivore's frame speed detection better for doing screen captures).

Another worry is that folks will use this, but not understand the underlying technology behind what's going on in this digital to analog to digital conversion. Remember, this is being marketed to First Responders. In the world of Melendez-Diaz, the accused can/will call the first responder to quiz them on their decision matrix, SOPs, choice of tools, familiarity with the tools/tech, and etc. Is this something that your command staff wants to have happen? Let's say that the recording was done in the DVR at 720x240 and the frame rate was variable ... but around 7 frames per second. Your linux based DVR has only a VGA output and you capture it using this system. How does the DVR put 720x240 into VGA and come out even? Was anything lost? What was lost? Was your process validated and is it reliable? With the many recorded frame sizes out there, are you comfortable with your first responders facing these questions under cross? I know a few "experts" who would have trouble articulating the answers in a way that the Trier of Fact would understand.

So, as an Omnivore owner, would I consider this an upgrade? I'm not sure. It seems like a logical update to the StarWitness Field Agent concept. Knowing the folks involved in making it, I'm confident that it will work well for what it actually does. But, I just wince at the marketing of it and the way it's portrayed. But, that's my unvarnished opinion.

No comments: