Wednesday, December 31, 2014

Happy New Year


Wishing you and yours a healthy and happy new year (free from the Y2K hysteria of years past :) ).

Monday, December 29, 2014

A rebuttal to the case against encryption

In an article over on SC Magazine UK, a senior Met investigator argues against the use of encryption.

"In any democratic society we need to provide law enforcement with a right to obtain information authorised by a judge, based on a clear suspicion, in cases involving serious crime or terrorism. This applies to the offline world and should also apply to the online world."

“Full encryption of communication and storage online will make life very easy for the criminals and terrorists and very difficult for law enforcement and law abiding citizens. We have to find the right balance between security and freedom - and this balance has to be set by citizens in a political and ethical discussion on the trade-offs.”

Remember, of course, that in the UK there's a completely different legal system than here in the US.

In the US, you have the right to remain silent, including the right not to present evidence which may incriminate you (5th Amendment).

"The Fifth Amendment creates a number of rights relevant to both criminal and civil legal proceedings. In criminal cases, the Fifth Amendment guarantees the right to a grand jury, forbids “double jeopardy,” and protects against self-incrimination. It also requires that “due process of law” be part of any proceeding that denies a citizen “life, liberty or property” and requires the government to compensate citizens when it takes private property for public use."

We also enjoy protection against unreasonable searches and seizures (4th Amendment).

"The Fourth Amendment originally enforced the notion that “each man’s home is his castle”, secure from unreasonable searches and seizures of property by the government. It protects against arbitrary arrests, and is the basis of the law regarding search warrants, stop-and-frisk, safety inspections, wiretaps, and other forms of surveillance, as well as being central to many other criminal law topics and to privacy law."

Put these two together.

You have the right to remain silent and to protect yourself from self-incrimination. Encryption can be seen as a digital affirmation of that right.

You have the right to be protected against unreasonable searches and seizures. The problem with setting up weak protection schemes, or "trap doors" that law enforcement can open when it deems necessary is that it is simply weak protection. Hackers can and do exploit weak protection.

"Now just as then, the FBI is trying to convince the world that some fantasy version of security is possible—where "good guys" can have a back door or extra key to your home but bad guys could never use it. Anyone with even a rudimentary understanding of security can tell you that's just not true. So the "debate" Comey calls for is phony, and we suspect he knows it. Instead, Comey wants everybody to have weak security, so that when the FBI decides somebody is a "bad guy," it has no problem collecting personal data.

That's bad science, it's bad law, it's bad for companies serving a global marketplace that may not think the FBI is always a "good guy," and it's bad for every person who wants to be sure that their data is as protected as possible—whether from ordinary criminals hacking into their email provider, rogue governments tracking them for politically organizing, or competing companies looking for their trade secrets."

If you run a business, you must keep your customer data private and protected from being distributed against your customers' wishes. Think about the data breaches that happened to Target, Home Depot, and Sony for an example of how weak physical and digital security combined to negatively affect millions of people's lives.

So where does that leave us? Here's an analogy. California passed a law recently created a "civil right to clean drinkable water." Many believed that this meant they'd never have to pay their water bills again. After all, water was now a human right. But, the law mandates that water delivered must be clean and safe. The law did not create a civil right to "water pressure." The law did not mandate that water be delivered to you, just that if it was delivered that it be safe and clean.

Courts may order that data be seized. So take it. Use it as is. If you can crack the encryption, great. If not, (for the time being) the US Constitution sill allows me to remain silent and to choose to not incriminate myself. Given that we in the US are innocent until proven guilty, once you remove the 5th Amendment's protections you might as well be done the concept of freedom as we know it. Without the 5th Amendment's protections, we will be living in a "police state." I'm not about to go down that road willingly.

Just like you can't be a little bit pregnant, you can't encrypt a file just a little bit. Thus, I say full encryption is great. Encryption protects freedom of communication. Encryption protects property. Encryption was a proper response to government and industry's mishandling of private data.

Tuesday, December 23, 2014

Hackers and Conspiracies

A few people have asked me about my opinion of the Sony hack, the Interview, and the prospect that we may be in the beginning stages of a Cyber War with North Korea. I don't really have an opinion, as such. So, I'll offer my version of a conspiracy theory as a response.

Here it is:

It is no secret that Sony has a history of being hacked. It is no secret that the bilge that Hollywood is generating isn't putting butts in seats like it used to. It's no secret that the big movie stars make a ton of money. So, if you were the CEO of Sony (the one in Japan, not the one here who made inappropriate e-mail comments about our President), what would you do if you were hemorrhaging money, had a horribly sophomoric/moronic movie that would likely not break even, and wanted to cut a few stars loose? Blame North Korea.

Maybe someone hacked Sony, maybe they didn't. Blaming North Korea means no one will know for sure. That's beside the point now. With the on-again / off-again release notices about the Interview, the media has assured us that it's our patriotic duty to go out and see this film ("up yours Kim!"). With this duty in mind, Sony will reap much better revenues on this film that it ever would have with a "normal" release. Win - Sony.

The "hard to work with" hollywood stars will also have their incomes readjusted. They'll also get to cut a bit of dead weight at the top of Sony US corporate with the release of a few e-mails to the media. Win - Sony.

There'll be a few settlements of law suits, but now Sony is the "victim" of the dreaded North Koreans.  How can you blame the victim? Win - Sony.

I'm sorry if this seems like a B-Movie screenplay, but it all seems too convenient.

Monday, December 22, 2014

PhotoDetective - first look

A few weeks ago, I alerted you to a Kickstarter campaign around a new image authentication product called PhotoDetective. Well, I've put my copy through a few tests and it's time to share the results.

The program is quite simple to use. It has a very clean/lean interface - almost too lean. It has a few of the basic authentication algorithms that you've come to expect. But, nothing fancy. No reporting. What you see is what you get.


Your basic Exif tools are there. You can export the info to a text file.


It's all menu driven.


Some of the filters are self explanatory, some aren't (if you're unfamiliar with the science of authentication). There's no title to the results - if you want to screen capture your resulting images.


There's also no comparative function. Sure, it gives you a basic look at the QT - but you'll have to do the work to make sure it's right.

Now, the results:
  • For my cut/delete/paint over tests - it found the problems rather easily as long as they were blatant. For my more subtly changed images, I found what I was looking for only because I knew where I was looking. I could probably fool the average user into a false negative (a false conclusion of no evidence of tampering).
  • For my cut/paste tests - again, it did well with the blatant examples and not so well with the subtle ones.
To be sure, there's nothing wrong (per se) with the program. It's very basic in its functionality. The problem will come when people buy this as their only tool. As I noted above, it could lead to a lot of false negatives when wielded by an untrained user.

In all, limited but not bad for $30 when used by a trained analyst. In untrained hands ... OMG.

Friday, December 19, 2014

Restoring stripped EXIF data

There's an interesting discussion happening over on Forensic Focus. It deals with the recoverability of stripped EXIF data. I get this type of question often, can stripped EXIF data be recovered? Here's a good explanation to add to your arsenal:

"If data are stripped, they are stripped, and gone to the heaven of bytes, wherever it is, forever, may they R.I.P.

Seriously, you can consider the JPEG format as a sort of "zip archive" with inside it a number of files, of which some are mandatory and some are optional:

  • the actual image compressed data is mandatory
  • the thumbnail preview is optional (and can be stripped)
  • the EXIF data is optional and contains in itself any number of (still optional) metadata fields (can be stripped selectively or "as a whole")

Typically an EXIF stripper does remove the actual bytes containing the data (if you prefer after having gone through an EXIF stripper usually the filesize becomes smaller, so there is no way that they can be recovered).

BUT there are tens or maybe hundreds of tools that are said to "strip metadata" and the "some sort of EXIF stripper" is way too vague to allow for an actual answer, it is entirely possible that the one or the other tool "leaves behind" some data, and as well it is possible to add to an image "custom" metadata and one (or the other) tool may simply miss them."

Thursday, December 18, 2014

OSAC Subcommittee on Imaging Technologies

The OSAC subcommittees have announced their membership rosters. The Imaging Technologies Subcommittee's list can be found here. It's my privilege and quite the honor to be selected to serve on this subcommittee. I'm sure that there'll be a ton of work to do.

Wednesday, December 17, 2014

NIST Forensic Science Standards Inventory Now Available Online

This just in from NIST: "NIST’s Organization of Scientific Area Committees (OSAC) is taking the first steps toward developing an OSAC Registry of Approved Standards and an OSAC Registry of Approved Guidelines.

Independent scientific working groups, standards development organizations, professional organizations and government entities have developed many standards and guidelines for use by the forensic science community. In order to capture and build upon this work, NIST Forensic Science Program staff members have compiled an inventory of these existing documents. The inventory is available to download from the OSAC Catalog of Standards and Guidelines web page as a sortable Excel spreadsheet file. It contains the titles and source information for 730 standards, guidelines and related documents. The inventory also lists web addresses for documents that are available online.

This inventory is intended to serve as a resource to the forensic science community and a foundation for the future work of the Organization and Scientific Area Committees. The current version is the result of a scan of all known forensic science organizations, associations and standards development organizations, in addition to the results of a data call to each of the 21 independent forensic science scientific working groups. The catalog contains all applicable forensic science standards, guidelines, best practices, protocols and policies.

OSAC subcommittees will review each document's relevance and validity to its forensic science discipline. The subcommittees will make recommendations on which of the existing documents should be adopted, in part or whole, by OSAC. They will also identify gaps for which new standards and guidelines should be developed.

Subcommittee recommendations will be discussed during the first public meetings of OSAC's five Scientific Area Committees, to be held Feb. 16 and 17, 2015, during the annual meeting of the American Academy of Forensic Sciences, in Orlando, Fla.
Go to the OSAC Catalog of Standards and Guidelines web page for more information and to download the spreadsheet file.

Tuesday, December 16, 2014

BPG - a New Image Format

This just in from Petapixel.com: "JPEG is a remarkably resilient file format. Despite having many upstart formats attempt to dethrone it over the years — including JPEG 2000 and Google’s WebP — the JPEG is still used by nearly 70% of websites and is holding strong in popularity.

Now there’s a new competitor in the ring. It’s called BPG (Better Portable Graphics), and it’s a format designed and advocated by notable French programmer Fabrice Bellard (creator of FFmpeg and QEMU).

One of the big advantages BPG has over JPEG is its ability to deliver similar image quality as JPEG at about half the file size.

Bellard created BPG after a Mozilla study concluded that the video encoding standard HEVC (i.e. H.265) outperformed other technologies. BPG is based on a subset of HEVC technologies.

One of the challenges with introducing new formats is getting browser developers on board with built-in support. So far, developers interested in using the .bpg format will need to use some special Javascript code to load the images.

If Bellard has his way, we may one day be opting for BPG when saving our files, just like PNG is now the preferred format for certain static graphics rather than GIF."

Click here to see the examples and comparisons of this new format.

Monday, December 15, 2014

Nothing can be created from nothing


The folks at Amped Software just posted this awesome article over on their blog about the myths vs. science of video enhancement. Check it out by clicking here.

Friday, December 12, 2014

The dubious fitness of photographic evidence

Forensically Fit presents this interesting article on photographic evidence.

"For decades the admission of imagery as exhibits has been practically rote.

Within the last 10 years the accession and propagation of digital, optical, and color sciences has generated more informed and exhaustive analysis of visual artifacts, but those disciplines are yet in their infancy within the legal industry.

The chilling component of these developments is that each of the underlying sciences are monstrously complex and esoteric. The stimulant is that there are prodigious advantages available for early adopters.

Vision is our dominant sense, but human vision and cognition are wildly variable-even in a specific individual at barely distinguishable moments in time. Since we don't intimately participate in each other's visual experiences we only presume common conclusions, but that is a preposterous expectation.

No less problematic is the eminently clever but wholly synthetic production of digital imagery. The apparatuses and conventions of the digital realm do not replicate human visual experiences: they simply attempt to produce believable artifacts. In honoring digital protocols, images are systematized and manipulated in ways that devastate the actual scene to accommodate computational restraints, even to the point of discarding color, luminance, and spatial information generalized to be below a threshold noticeable by a "Standard Observer."

They are illusory.

Because we are not typically trained to recognize its various corruptions and liabilities, we habitually accept imagery as definite and proper. Because of the incredible complexity and technical depth of imagery's underlying sciences, we honor an overwhelming sentiment to ignore those issues and simply consume whatever makes the fewest and lightest demands on our reasoning.

All of those predispositions are profoundly counterproductive and contrary to our appetite for justice and fidelity."

Continue reading the article by clicking here.

Thursday, December 11, 2014

Consider a Career in Forensic Photography

f/stop spot recently interviewed George Reis about careers in Forensic Photography. Click here to read the interview.

Wednesday, December 10, 2014

Why Does Every Camera Put Photos in a DCIM Folder?

The How-To-Geek answers the question, why does every camera put photos in a DCIM folder?

"Every camera — whether it’s a dedicated digital camera or the Camera app on Android or iPhone — places the photos you take in a DCIM folder. DCIM stands for “Digital Camera Images.”

The DCIM folder and its layout come from DCF, a standard created back in 2003. DCF is so valuable because it provides a standard layout.

Meet DCF, or “Design rule for Camera File system”

DCF is a specification created by JEITA, the Japan Electronics and Information Technology Industries Association. It’s technically standard CP-3461, and you can dig up the arcane standards document and read it online. The first version of this standard was issued in 2003, and it was last updated in 2010.

The DCF specification lists many different requirements with a goal to guarantee interoperability. The file system of an appropriately formatted devics — for example, an SD card plugged into a digital camera — must be FAT12, FAT16, FAT32, or exFAT. Media with 2 GB or larger of space must be formatted with FAT32 or exFAT. The goal is for digital cameras and their memory cards to be compatible with each other.

The DCIM Directory and Its Subfolders

Among other things, the DCF specification mandates that a digital camera must store its photos in a “DCIM”directory. DCIM stands for “Digital Camera Images.”

The DCIM directory can — and usually does — contain multiple subdirectories. The subdirectories each consist of a unique three-digit number — from 100 to 999 — and five alphanumeric characters. The alphanumeric characters aren’t important, and each camera maker is free to choose their own. For example, Apple is lucky enough to have a five-digit name, so their code is APPLE. On an iPhone, the DCIM directory contains folders like “100APPLE,” “101APPLE,” and so on.

So Why Does Everyone Follow This Specification?

DCF is a “de facto” standard, which means that enough digital camera and smartphone makers have adopted it that it’s become a consistent standard in the real world. The standardized DCIM format means digital camera picture-transfer software can automatically identify photos on a digital camera or SD card when you connect it to your computer, transferring them over.

The DCIM folders on smartphones serve the same purpose. When you connect an iPhone or Android phone to your computer, the computer or photo-library software can notice the DCIM folder, notice there are photos that can be transferred, and offer to do this automatically."

Click here to read the whole article over on How-To-Geek.

Tuesday, December 9, 2014

Image Conscious Investigations

In the first edition of the new The Forensic Investigator publication, Amped Software looks at the growing world of digital multimedia evidence and the challenges investigators face in gathering evidence.

"Everywhere we go, we see people taking photos or recording videos on their mobile phones. There is an increased use of surveillance cameras by governments, businesses and private house owners. The use of drones and satellite video is expanding. There is also an increase in the number of officers wearing body-worn cameras. Car manufacturers are also participating in this digital multimedia world by installing video cameras in vehicles. The positive effects of this is that there is a high probability that someone caught a crime on camera so investigators have a lot of evidence to work with. The bad thing is that many times that evidence cannot immediately be analyzed and used. Keeping aside the privacy and social issues that evidence coming from these devices may cause, there are often several technical issues that do not permit investigators to use the photo or video evidence immediately."

Read the full article here.

Monday, December 8, 2014

Deciding to Use Body Worn Video

With the recent troubles around the country, many agencies are declaring their intent to purchase body worn video cameras for their officers. While this might quiet down some folks cries for transparency, the devil's always in the details.

Prices for good recorders range from $300 - $1500 per unit for the initial purchase. If the agency has 100 officers on patrol at any one time, do the math. Then, do you only equip patrol units, or do detectives and other police representatives need units? What about those who want a camera on every police employee? The point - each camera costs money to buy and deploy. That money has to come from somewhere. For agencies with a lot of "risk management problems," these cameras will help the agency save money initially. For those with good community relations - where will the money come from for the purchase?

Remember that technology has a life span. Thus, the tech will need to replaced/refreshed every 3 to 5 years. This means that the initial purchase price will likely be due every 3 to 5 years.

For every piece of police equipment, there's an associated maintenance cost. There's the actual work of repairing/replacing defective units and there's the fee that the manufacturer charges for "maintenance" - usually somewhere between 5% and 20% of the original purchase price - for the life of the program. This is where agencies usually skimp. This is why camera programs tend to have a three year life span - no money for maintenance. The sad fact is that there's always money somewhere to initiate a program - it looks good for the voters. No one ever got re-elected for paying for a maintenance program.

Every minute of recorded video has to be stored somewhere. That too has a cost. Some agencies have policies prohibiting the use of cloud services. These agencies will need to store the video locally. Some have questions about the ability to access evidence stored with could-based providers if the agency decides to change providers. Servers, discs, cloud storage - they all have a cost. The agency's retention policy + the amount of units in the field + the quality settings for the video will dictate the annual storage costs.

If the agency decides to skimp on recording quality, then the requests for "enhancement" will be increased. If the agency has forensic video analysts, their workload will increase significantly. The agency, facing backlogs, will either have to accept the backlogs or spend money on overtime and/or more staff.

Agencies will need to deal with requests for copies of the recordings from the public, internally, and from the courts. Again, this is not without cost - even for small agencies. Remember, staff and salary costs are recurring. Adding staff in tough economic times can be a tough sell.

But, as agencies rush to purchase equipment, there needs to be a rational policy behind the use of these recorders. When to record. What to record. Who gets cameras. Who doesn't. Recording quality. Storage policy. Retention policy. Release policy. As the above linked story from Tyler, Tx, illustrates, the City Council approved the purchase before a policy is in place. That might quiet the public, but it puts the police in a bind down the road. Without a policy, how does the agency know if the initial purchase is enough? What about allocating money for the other parts of the puzzle?

The final piece of the police side of this complex issue is a stable funding source. Agencies like Omaha (see above link) that choose to fund cameras with "asset forfeiture funds" may run into trouble if those funds run low. It's better to fund these types of programs from a regular budget item - but that might not be possible politically in many cities.

So, the bottom line will be - how much are the taxpayers willing to spend and what will they get for that "investment?" As with everything, you get what you pay for.

Friday, December 5, 2014

PhotoDetective Kickstarter

The other day, I received a nice email from a doctoral student about a project he's working on.

I am a doctoral student and researcher at the University of Illinois. I am a very passionate about digital forensics, and I follow your blog regularly and am glad someone is covering the literature and news as you are in this field, because there would be a depsrate shortage without it.

I have recently made a forensics computer program that might be of interest to you.

The software can provide insight into whether or not an image has been manipulated or altered. It does so through a simple graphic interface and uses over a dozen algorithms from the digital forensic literature (many of which you are probably already aware of).

If you are interested in seeing what the program and results look like, here is a link to a Kickstarter page that gives more detail and contains screenshots.


https://www.kickstarter.com/projects/413912001/2025927735

Well, of course I'm interested. You might be too. From the looks of the Kickstarter page, the program will offer some of the basic tests for image authentication. He'll also ship an instruction manual to describe each test. Not a bad deal.

I would encourage you to check out the Kickstarter page, and if you're so inclined, help with a small contribution towards its development.

As always, when I get my copy I'll put it through its paces and let you know what I think.

Enjoy.

Thursday, December 4, 2014

Police Uses of Force

With yesterday's ruling in Staten Island related to the in-custody death of Eric Garner, I've received quite a few requests for comment on the video from various media outlets and bloggers. I've declined them all.

Here are just a couple of reasons why I've decided to decline their requests.
  • Most requests suffered from presuppositional bias. Use of the words "chokehold death," presupposes a cause of death that is not in evidence. I'm not a lawyer, but I've been around these types of investigations for quite some time and they're usually called either an "arrest related death" or an "in custody death."  The reason this is important is the need for consistency in terms. (The Deaths in Custody Reporting Program (DCRP) collects data on deaths that occur in the process of arrest, or while inmates are in the custody of local jails or state prisons.) This is how the federal government terms what happened, and how they track in custody deaths nationwide. Depending on when the death occurred in the custody process determines if it's an "arrest related death" or an "in custody death."
  • Most requests referred me to a link to view a redacted or otherwise edited copy of the video. As you know, from reading this blog over the years, we analysts generally only work on first generation video. 
I have my own opinions on the death of Mr. Garner. I keep those to myself. If asked questions about the video, I would conduct the appropriate scientific tests and report the results. As a scientist, I go where the evidence takes me.

Wednesday, December 3, 2014

Police Body Camera Videos in San Diego Will Stay Private — at Least for Now

With all the news about police use of force, it's important to discus the use of body worn video in the context of the individual agency's policy. As a San Diego news outlet recently found out, just because there's video doesn't mean you'll ever get to see it.

"We filed a public records request for the videos. The department declined to release them, saying they were part of an investigation. The department said it didn’t have to release them even after the investigations ended, and gave no indication the footage would become public.

That raises a significant question: How useful could the cameras be at reassuring the community about serious police incidents when no one’s allowed to see what they capture?"


That was several months ago. In recent days, the policy hasn't changed. SDPD says, affirmatively, that the cameras are for evidence and not for transparency. This is consistent with SDPD's policy.

It seems, from the news reports, that the folks down there sold the public and the politicians on the concept of body worn cameras as a transparency tool.

"Indeed, transparency was a major argument when Zimmerman’s predecessor, William Lansdowne, began his public push for the cameras.

“What the camera does is a visual and verbal recording of contacts between the Police Department,” Lansdowne said in January. “Everybody gets to look at them and find out if they’re acting correctly and properly. It protects the officers as well as the citizens.”


The public wanted a transparency tool. They got an evidence recording device. As always, the devil's in the details.

Tuesday, December 2, 2014

FIVE gets updated again

Amped Software announced some really cool additions to their flagship program, FIVE.

Build 6636 includes the following new stuff and fixes:

  • New filter. Correct Aspect Ratio: doubles the height of an image which appears vertically squeezed because of an incomplete deinterlacing process or other issues in the decoding. Only one line every two will be interpolated, while the others will be kept at the original pixel values. (this was done with the Deinterlace filter before. This change makes it easier to explain your work)
  • New filter. Add Text: adds textual annotations including dynamic project variables which are automatically printed as (frame number, file name, filter name, video length...) As with any other filter, you can use this many times over. Thus, you can tag and track multiple objects with ease.
  • New filter. Add Shape: adds geometric shapes to the image, such as rectangles, circles, lines and arrows. They can change across the video, for example to track a moving target. Again, you can use this filter as many times as necessary to track objects.
  • New Filter. Change Frame Rate: changes the frame rate of a video, for example when set incorrectly in the original file.
  • Deinterlace: now the frame rate of the player is automatically updated when doubling the number of frames.
  • Remove Duplicates: now the frame rate can be changed, either manually or automatically, depending on the number of frames which have been discarded.
  • GUI: when commands that require at least a filter are called on an empty project, an error message is displayed.
  • GUI: current frame and total number of frames displayed on the status bar.
In all, this is great news. The annotation features will certainly help on a case I have active right now. 

Enjoy.

Tuesday, November 18, 2014

Critic of Polygraph Tests Accused of Teaching People to Lie to Government

When I read this story about a man who teaches people how to pass a polygraph test, I thought of my own multiple experiences with being polygraphed.

Regular readers know that I preach reliable / repeatable science. Polygraph exams are not scientific, they're art forms. They're investigative tools. I remember my last test. Here I am, all 6'7" and 345 lbs, with a blood pressure cuff that doesn't fit so it's down around my wrist, pneumo-tubes that are stretched beyond belief around my very large chest, and squirming in a special chair that I don't fit. I'm thinking, if the apparatus makes me this uncomfortable, and I can't sit comfortablly, how is this reliable or repeatable?

It's a game. It's a trick. The device is not a "lie detector." It just registers your biorhythms. It's the examiner who chooses to quiz you and drill down into certain questions. It's an investigative tool - nothing more.

To me, training someone to pass a polygraph is the same as those books that teach novice Photoshop users to pass the Photoshop ACE exam. It's hard for me to take the government seriously on this. Polygraph exams are tricks, nothing more. They play their games, and the examinee plays his. Fair's fair, I guess.

Monday, November 17, 2014

Shooting Incident Reconstruction

Over the weekend, I was honored to be invited to attend a Shooting Incident Reconstruction seminar taught by local firearms expert, Dr. Bruce Krell, PhD. I wasn't sure if I could spare the time to make it to the class, but the course announcement really got me interested. Here's a snippet:

During the morning, we will be in an air conditioned classroom.
During the afternoon, we will be out on a private shooting range.

NOTE: We don’t take a lunch break. The range does not have food facilities.
Bring your own lunch and plan to eat during the last half hour of the lecture.

The afternoon session may be hot and may also be windy.
My guess right now is that shorts and t-shirt might be appropriate.
But, bring a sweater in case you are too cold in the classroom.

Wear tennis shoes or hiking boots.

Please bring sun block and a baseball cap or a hat.

Bottled water would also be a good idea.

If you have shooting ear muffs, please bring them.
If not, don’t worry. We will have plenty of the soft ear plugs.

Some of you will be participating in some of the measurement tasks.
Some of you will be participating as actors in some of the reconstructions.
Some of the reconstructions may involve being on the ground, so if
you might be willing to volunteer, dress so that you don’t’ mind getting dirty.

We will be discussing some of the strategies for photo perspectives.
So, I will be taking photos of some sections of the reconstructions.


The first half of the course featured a ton of slides on the math and stats of trajectories, ejector patterns, ricochets, and so forth. He walked the class through several old cases, demonstrating how reconstructions are performed using all of the available reports and on-scene work. Then the class moved up to the range for some practical exercises.

In all, it was an enjoyable class.

If you're in the Los Angeles area and can make it to one of Dr. Krell's classes, you'll get a ton of useful information. Plus, you'll never look at a shooting incident in the same way again.

Friday, November 14, 2014

How Courts Miss Bad Forensics

As a follow-up to yesterday's post, I received a link to this story - How Courts Miss Bad Forensics.

This story will really piss you off. It pissed me off. Here are some excerpts:

"Despite Hayne’s impossible workload (over about 20 years he performed on average 1,200 to 1,800 autopsies per year, by his own admission), his lack of board certification, and the fact that he has on multiple occasions given testimony that other medical examiners have said ranged from implausible to malpractice, to date no court has rejected Hayne as an expert witness. While some courts have overturned a handful of convictions that were based on his testimony, they’ve only done so in the most egregious instances. Where Hayne has given plausible testimony, or even implausible-but-not-completely-nutty testimony, the courts have generally refused to intervene.

But if Hayne isn’t a credible witness, he isn’t a credible witness. If he has shown that he’s willing to say outrageous things in a few cases, has lied about his certification, and has been shown to be sloppy and unprofessional in his work, the cases in which he gave plausible but debatable testimony (and was opposed by a more competent medical examiner) should be seen just as tainted as those in which his testimony was transparently ridiculous."

"So far, the courts haven’t agreed. But a two-word phrase makes last week’s ruling different than all of the others.

The evidence shows the witness for Louisiana, Dr. Steven Hayne, a now-discredited Mississippi coroner, lied about his qualifications as an expert and thus gave unreliable testimony about the cause of death.

To my knowledge, this is the first time a court has acknowledged that Hayne has been broadly “discredited.” The acknowledgment is significant because of what the panel does next. Under federal law, in order to obtain a new trial based on newly discovered evidence, a convicted person must show that the evidence is either new or could not have been discovered at trial, that had the evidence been available at trial the jury would likely have convicted, and must file his petition based on the new evidence within a year of when the evidence “could have been discovered through the exercise of due diligence.”

The essence of the ruling in this case is that because the defendant missed a deadline, it simply doesn’t matter that Hayne may not be a credible witness. Shocking and sad.

Read the whole article. See for yourself what happens when the courts fail to police themselves.

Thursday, November 13, 2014

George Reis and the Frye Hearing

Along the lines of who are these people anyways, George Reis writes about his experiences with one of the members of the LA County Superior Court's list.

"That ‘expert’ has testified 25 times in the past, but has had no training in Forensic Video Analysis or in any Comparative Science. His work experience was only peripherally related to video analysis. He does not have any certifications in video analysis, photographic analysis, or anything related to these fields.

His methods in video analysis and in comparisons are not considered best practices by any peers, any forensic organization, or in any publications. Additionally, his comparison method is a method that the Facial Identification Scientific Working Group (FISWG) specifically states is not appropriate for comparisons. Further, he identified artifacts as being features, which the Scientific Working Group for Imaging Technology (SWGIT) points out is something that should not be done."

...

"So, the next time a public defender in Los Angeles needs an expert, he or she will take a look at the approved list and see this expert’s name. That public defender may not have the time to search out the background of that expert, but instead may just assume that because he is on the list, he must be competent. It is a frightening situation. I hope that the LA Superior Courts will review the criteria used for placing (and retaining) individuals onto their experts panel."

...

Wow. Where do we start with the needed reforms?

Wednesday, November 12, 2014

It's free, but ...

On Monday, I wrote about Ski's article on reducing JPEG artifacts. As a follow up, I went to the Foray web site and downloaded their free ForayJPGArtifactReductionTool. It's a saved action file that you can load into Photoshop that automates the steps outlined in Ski's article.

When I loaded the action file, I noticed a few things about the steps that I want to share with you.

  • All of the work is done to the Background layer. Can you articulate why this is a bad idea?
  • The image is resized. Can you articulate why?
  • Since all the work is done to the Background layer, how are you controlling the complimentary color artifacts that result from Unsharp Mask? I would have expected that the script would create a copy of the layer and changed the blending mode, or worked in LAB mode and just worked on the L channel.
  • You already know how I feel about Auto Adjustments
I would have hoped that the Layers Panel looked something like this when the action was completed.

Sadly, it wasn't.

So, caveat emptor. Just because it's free doesn't mean you should use it. 

Tuesday, November 11, 2014

A Toast to the Flag

"A Toast to the Flag"
by John J. Daly - 1917

Here's to the red of it--
There's not a thread of it,
No, nor a shred of it
In all the spread of it
From foot to head.
But heroes bled for it,
Faced steel and lead for it,
Precious blood shed for it,
Bathing it Red!

Here's to the white of it--
Thrilled by the sight of it,
Who knows the right of it,
But feels the might of it
Through day and night?
Womanhood's care for it
Made manhood dare for it,
Purity's prayer for it
Keeps it so white!

Here's to the blue of it--
Beauteous view of it,
Heavenly hue of it,
Star-spangled dew of it
Constant and true;
Diadems gleam for it,
States stand supreme for it,
Liberty's beam for it
Brightens the blue!

Here's to the whole of it--
Stars, stripes and pole of it,
Body and soul of it,
O, and the roll of it,
Sun shinning through;
Hearts in accord for it,
Swear by the sword for it,
Thanking the Lord for it,
Red White and Blue!

To all the readers who have served their nation in armed service in the cause of freedom, many thanks from a grateful populace.

Monday, November 10, 2014

Mitigating Artifacts of JPG Compression in Digital Images

Over on Forensic Magazine, Foray's David “Ski” Witzke attempts to tackle the subject of crappy JPEG images. After reading his very long treatise on using older versions of Photoshop to try and reduce the many problems you'd run into with JPEG images, I'm so glad for my copy of FIVE.



The Deblocking filter works great in reducing the appearance of JPEG blocks. Using FIVE means that I don't have to go through a tortured series of steps as described in Ski's article, with the accompanying mess trying to explain the steps to a jury.


Remember, with FIVE, you get the plain English explanation, the details, the parameters, and the academic reference from which the process/filter is derived all in your report. With FIVE, your report is built in the background as you go.

No offense to Ski. His company sells Photoshop plug-ins (among other things), so he's going to be bound to what Adobe gives him to work with. But, reading Ski's article reminded me how happy I am that I've switched from Photoshop to FIVE for my forensic science work.

Friday, November 7, 2014

Think and Live

Those that know me well know that I train Krav Maga. Krav Maga is the official self defense and hand to hand combat system of the Israeli Defense Forces (IDF), and has evolved to include training for use by Special Forces and paramilitary teams, as well as police and law enforcement, in addition to the general public. The principles that define Krav Maga allow students of all ages, ability, and walks of life to quickly and effectively learn the techniques and skills necessary to deal with violent encounters. Krav Maga’s principles allow an individual to adapt to situations ranging from combat and fighting to street attacks under high levels of stress.

Founded on real world experience and demands, Krav Maga is primarily focused on the use of natural movements and reactions for defense. The goal of Krav Maga is to bring individuals, both men and woman of all body types and physical abilities, to a high level of proficiency in a short amount of time. The natural and intuitive nature of Krav Maga leads to high retention of learned skills, and natural, almost reflexive, deployment in stressful situations. Physical fitness and strength are also part of Krav Maga training, preparing the body and mind for dealing with life threatening situations, and everyday life. Krav Maga is the most effective system that focuses on defending yourself while quickly and effectively devastating your opponent.

It's true that violence is everywhere in our society. The amount and frequency of violent crimes in our big cities are staggering statistics. Awareness is key - being aware of your surroundings. Those of us in law enforcement may get a little self-defense / hand-to-hand training. But, how many continue that training beyond the Academy?

To that end, a friend of mine is producing a set of films to help spread the word about the prevalence of violence in our society and the importance of simple common sense techniques to assure that you're not the next statistic. I encourage you to visit the site featured below. At a minimum, watch the first movie. You'll be glad you did.


If you find it in your heart to do so, join me in supporting this worthy cause. Let's help increase awareness and help prepare folks to face a society that's growing more violent each year.

Thanks.

Thursday, November 6, 2014

NCMF - Sean Coetzee Memorial Scholarship

This just in from the National Center for Media Forensics:

Sean Coetzee Memorial Scholarship

We are making progress in our fundraising efforts for the Sean Coetzee Memorial Scholarship. So far, $3,500 of the $10,000 goal has been raised from the generosity and effort of many individuals. But we still need your help to meet our goal by extended deadline of December 10, 2014! Tax deductible donations can be made in any amount, and every dollar counts.

This is our first scholarship campaign in honor of our student and colleague Sean Coetzee, who passed away quite suddenly in August 2013. We would be very grateful for your gift to support students who will carry on Sean's legacy. You may use the online donation form at www.cufund.org/SeanCoetzee.

Sean Coetzee was committed to the field of media forensics and his accomplishment during his time in the graduate program at the University of Colorado Denver was outstanding. It was clear to everyone who interacted with Sean that his dedication to and knowledge of the field was not only strong - it was contagious. The Sean Coetzee Memorial Fund has been established at the University of Colorado Denver to support students who demonstrate an appreciation for ethics in media forensics and to carry on the legacy of Sean who cared deeply about the field and helping others to achieve their best.

Thank you for your generosity in helping make the Sean Coetzee Memorial Scholarship a reality!

READ MORE

Friday, October 31, 2014

Court Rules Police Can Force Users to Unlock iPhones With Fingerprints, But Not Passcodes

This just in from MacRumors.com, "A Circuit Court judge in Virginia has ruled that fingerprints are not protected by the Fifth Amendment, a decision that has clear privacy implications for fingerprint-protected devices like newer iPhones and iPads.

According to Judge Steven C. Fucci, while a criminal defendant can't be compelled to hand over a passcode to police officers for the purpose of unlocking a cellular device, law enforcement officials can compel a defendant to give up a fingerprint.

The Fifth Amendment states that "no person shall be compelled in any criminal case to be a witness against himself," which protects memorized information like passwords and passcodes, but it does not extend to fingerprints in the eyes of the law, as speculated by Wired last year."

Keep reading the article by clicking here.

Monday, October 27, 2014

Strengthening Forensic Science in the US

The Organization of Scientific Area Committees (OSAC) began sending out letters to subject matter experts a few weeks ago. OSAC is part of an initiative by NIST and the Department of Justice to strengthen forensic science in the United States.


Of particular interest to the readers of this blog, the IT/Multimedia Scientific Area Committee (SAC) has named and published its committee Chairs. The IT/Multimedia SAC consists of the Speaker Recognition, Imaging Technologies, Digital Evidence, and Facial Identification subcommittees.


I've been telling you that this is coming since the NAS report was published a few years ago. Well. Here it is.

The next press release from the OSAC should contain the names of the subcommittee members as well as the dates/locations for the first SAC meetings.

Enjoy.

Friday, October 24, 2014

Amped FIVE Update: new tutorials, DVR formats, and more

Amped Software announced another update today. "First of all the IFrame seek added in the previous version has been improved to work on all filters (with the exception of Frame Selectors).

As usual, we had a lot of our users requesting the conversion of specific DVR formats. In this update we added 3 new DVR formats (PAR, MGV, DRV). PAR and DRV, were already supported but we added a new sub-type as many times files with the same extension actually come in many different flavors. Thanks a lot to everybody who is contributing to the development with requests!

We’ve also included the DVR Screen Capture tool to make it easier to grab the selection of the area.

A lot of our users don’t do actual casework on workstations connected to the Internet. For this reason we just added a message in the menu item Help > Check for Updates On Line which will give you the link where to check if your version is up to date from the browser on another PC.

Finally, we’ve added and updated tutorials to include screenshots from the latest version. Amped FIVE has come a long way since they were written!"

Enjoy.

Thursday, October 23, 2014

LEEDIR in use in Pumpkin Riot Probe

This just in from the AP: "Police in New Hampshire are using a relatively new application to collect photos and videos they hope will lead to arrests following weekend chaos at a pumpkin festival.

More than 80 people were arrested after parties got out of hand Saturday in Keene, leading to property destruction and injuries. Police in riot gear used tear gas and pepper balls to control crowds as large as 2,000 people.

Keene police have created a LEEDIR account, or Large Emergency Event Digital Information Repository, where people can send images and videos directly from their smartphones to police.

More than 100 people have already sent files as the investigation by several police agencies continues.

LEEDIR is an online and mobile app that can be activated after a major emergency."

Wednesday, October 22, 2014

FIVE updated

The recent update to Amped Software's FIVE brings a welcome refresh of the Filters panel.


As you scroll down the filter group (left side), the individual filters move along with you - justified to assure that they're in view when you highlight a specific group.

I know, it's a little thing. But it's the little things that make life worth while.

Use the Check for Updates feature to make sure that you have the latest version. There's usually the inclusion of new file format support as a wee bonus.

Enjoy.

Tuesday, October 21, 2014

Codes of Ethics

Given Sunday's post about the many people out there claiming to be experts in Forensic Video Analysis, I began wondering if the courts could/should enforce a Code of Ethics.

I think many of the organizations out there for people that do what we do have some sort of statement about ethics or an actual Code of Ethics. The IACIS, for example, has theirs on their membership page.

IACIS Code of Ethics
IACIS members must demonstrate and maintain the highest standards of ethical conduct.

IACIS members must:

  • Maintain the highest level of objectivity in all forensic examinations and accurately present the facts involved.
  • Thoroughly examine and analyze the evidence in a case.
  • Conduct examinations based upon established, validated principles.
  • Render opinions having a basis that is demonstratively reasonable.
  • Not withhold any findings, whether inculpatory or exculpatory, that would cause the facts of a case to be misrepresented or distorted.
  • Never misrepresent credentials, education, training, and experience or membership status.
How incredibly refreshing.

But, can an examiner accurately present the facts involved if they don't understand the science behind the tools and techniques that they employ? Can an examiner thoroughly examine and analyze the evidence if they don't have the appropriate tools - or those tools are out of date? Can "it just doesn't look right to me" be an established and valid principle? Is demonstratively reasonable too much to ask? Does your inclusion on the Superior Court's list of experts sufficient proof of your training, experience, and education?

To pull something like this off at the Superior Court level, it would take a court panel and judge that invests a bit of time to see what's out there in terms of gear, what the science says, who's doing what, and etc. 

I understand that the Courts are massively overworked. But, if you put a list out there, it should mean something. Sadly, the video/image section of LA County's list needs a bit of trimming.

Monday, October 20, 2014

Turning a filter on or off in Amped FIVE

At a recent training session, the topic of what to do with filters if you've used them but don't want to have them influence what's being displayed - but you still want them on your report.

Obviously, you can throw filters away. But, in doing so, the filter's settings won't appear on the report.


In the Filter Settings box (top right) you'll see a small check box. This is the On/Off button. Check in the box, the filter's on and the settings are reflected in the workflow. No check in the box, and the settings are not reflected.

Where this comes in handy is when you're using an edge detection filter, like Sobel, and you don't want your image/video looking like a modern art masterpiece. Once you've found your edges and performed task that required knowing the location of the edges (like Measure 1D, etc), turn the filter off. In this way, your filter use is reflected in the report.

Think of this like turning on/off layers in Photoshop.


Many thanks to John U. from the SLC PD for taking the initiative to install and try the program ahead of the training, and for actually reading the support documentation and watching the training videos. Also, thanks to John for making my time at SLC run smooth. It's always nice to hit the ground running.

BTW, if you're interested in bringing a training session to your agency, just send a note. 2015 is going to a busy training year, but there's still some openings in my calendar.

Friday, October 17, 2014

New Partnership Provides Law Enforcement With Digital Evidence Solution

Homeland Security Today recently featured a story on the partnership between MediaSolv and Amped Software. Whilst it's true that no single vendor provides an end to end solution for our digital evidence needs, this new partnership gets really close. When you factor MediaSolv's work with Cellebrite into the equation, MediaSolv looks even better. Check out the article here.

Wednesday, October 8, 2014

Forensic Focus asks Amped Software, can you get that license plate?

This just in from Forensic Focus: "We find ourselves analyzing new surveillance videos almost every day, and in most cases we can either solve the problem very quickly or understand (even quicker) that there is no information to recover in the video. In special cases though, where something very specific and strange happened, or the problem is very complex, it can take a lot of time.

As always… Pareto principle: you solve 80% of the cases in 20% of the time, and, well, 20% of the cases takes 80% of the time. In our own work, the right numbers are probably 95% to 5%, but the idea still holds.

With our experience in working on several thousand cases, we can estimate whether an image or video contains some information and is worth processing, or not, very quickly. In this article, we will describe some of the tests that can be done to quickly tell if you can get that license plate!"

Continue reading the article over on Forensic Focus.

Tuesday, October 7, 2014

New SWGDE Draft Posted for Public Comment

This just in ...

The Scientific Working Group on Digital Evidence (SWGDE) is pleased to announce the posting of a new draft document for public review and comment: "SWGDE Best Practices for Handling Damaged Mobile Devices" at https://www.swgde.org/


In accordance with SWGDE policy, draft documents will be posted for a minimum of 60 days for public comment. The first page of each draft document gives instructions on how to submit feedback to our Secretary via an email to secretary@swgde.org mailto:secretary@swgde.org All feedback received prior to our next meeting in January 2015 will be reviewed by the appropriate subcommittee at that meeting.


At the conclusion of our last meeting, SWGDE voted to release the following documents as Approved versions after considering and incorporating feedback received during the public comment period. However, as noted on the cover page of each document, "SWGDE encourages stakeholder participation in the preparation of documents. Suggestions for modifications are welcome and must be forwarded to the Secretary in writing at secretary@swgde.org"

Digital and Multimedia Evidence (Digital Forensics) as a Forensic Science Discipline v2
SWGDE Best Practices for Computer Forensics v3.1 SWGDE Best Practices for Handling Damaged Hard Drives v1 SWGDE Capture of Live Systems v2 SWGDE Focused Collection and Examination of Digital Evidence v1 SWGDE Mac OS X Tech Notes v1.1 SWGDE Recommended Guidelines for Validation Testing v2 SWGDE Best Practices for Forensic Audio v2 These recently approved documents are available for download on the Current Documents page of the SWGDE website: https://www.swgde.org/ documents/Current%20Documents

We appreciate your participation as SWGDE continues its mission to bring together organizations actively engaged in the field of digital and multimedia evidence to foster communication and cooperation as well as ensuring quality and consistency within the forensic community. Anyone interested in receiving regular updates via email is encouraged to sign up for the SWGDE NewsBytes newsletter here: https://www.swgde.org/ newsletter/newsletterSignUp

Thank you,

David Hallimore
SWGDE Outreach Committee Chair
SWGDE https://www.swgde.org/

Wednesday, October 1, 2014

Are law enforcement agencies tone deaf?

Over at the Washington Post, there's been a series of articles quoting various current and former law enforcement officials and politicians predicting doom, gloom, and madness if Apple and Google go through with their plans to include encryption into their next generation of operating systems. In the latest article, the outgoing US Attorney General essentially asks companies to do it for the children. "Attorney General Eric H. Holder Jr. said on Tuesday that new forms of encryption capable of locking law enforcement officials out of popular electronic devices imperil investigations of kidnappers and sexual predators, putting children at increased risk."

The do it for the children card has been so over-used that folks are tired of hearing of it. Here's why regular folks want encryption:

  • It has been documented that law enforcement agencies in the US have downloaded the contents of mobile phones or otherwise searched the phones during routine traffic stops. 1 2 3 4 5 6 7 8 9
  • What is the retention policy of the data police acquire at a routine traffic stop? If you aren't charged with an offense, if no ticket is issued, what happens to the data? How long do they keep it? Do they merge the data into a massive government database? 1 2 3  Ask your local PD. Call a few times. See how different each response is.
  • How secure is your personal data once it's in the hands of law enforcement? 1 2 3
Again, ordinary folks are concerned about their privacy and the protection of their personal information. The fact that the DOJ and other agencies don't understand this, or don't care, further worries the average person. 

In the US, the person is sovereign and free. Our Constitution places limits on what our government can do to us. The people have the power and our Constitution binds the government, limiting it to only those authorized activities.We're innocent until proven guilty. Not providing your mobile phone to law enforcement during a routine traffic stop is not proof of guilt, or even cause of reasonable suspicion. When the agents of the government make big moves outside of their Constitutionally limited areas, folks are going to seek a way to protect themselves. It's simple, actually.

Before pulling the do it for the children card, LE agencies should have solid policies governing when/how data collection can take place, what's going to happen to the data, and how the data will be protected - as well as a way for a citizen to appeal to have their data removed from the system without expense. 

But right now, folks just aren't buying what the DOJ is selling. They will, however, be buying what Apple and Google is selling.

Tuesday, September 30, 2014

GM's new high-tech recorder is illegal in many states

Earlier this year, I reported that GM had added a DVR to its venerable Corvette. It seems that GM was a little shy about the details of their system in the initial marketing of the system. Now, RT.com is reporting that GM is warning owners of the car in several states that they might be committing a felony by activating the system. The problem: it also records audio.

“Federal wiretapping laws generally require only one party to consent to a recording of an interaction," Ars Technica reported. “But in California, Connecticut, Delaware, Florida, Hawaii, Illinois, Louisiana, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, and Washington, all parties involved in the recording must either consent to a recording or at least be aware that the recording is happening, depending on the state. So if a Corvette owner turns on Valet Mode in California and turns the car over to the unknowing attendant, that Corvette owner could be committing a felony.”

“If they do use the Valet Mode, they should (i) notify any occupants of the vehicle that they will be recorded while in the vehicle, and (ii) obtain their consent to this recording. It is very important that you explain this to each customer at the time of delivery.”

GM is “evaluating several scenarios for the software update – for example disabling the audio recording in Valet Mode, but keeping the video recording active,” Monte Doran, a spokesperson for Corvette, said to Forbes.

Ryan Calo of the University of Washington School of Law explained that the audio – not video – recording is the legal sticking point of the technology.

“It’s really the interior audio that triggers various wiretap laws,” Calo said. “But not if the owner warns, thereby defeating the expectation of privacy.”

OOPS!

Monday, September 29, 2014

Project NOLA - a public private CCTV partnership

You've heard that the NYPD has blanketed areas of NYC with CCTV cameras. Ditto for Chicago and a few other metropolitan areas. These efforts have been funded and run by the local police agencies. But, in an interesting twist, ProjectNOLA has the public buying and installing their own CCTV systems, then turning over control to the New Orleans PD - and paying the NOPD for the privilege.

"Part of a sprawling surveillance strategy dubbed “Project NOLA,” citizens’ security cameras would be integrated with footage shot from other law enforcement cameras already installed around the St. Bernard Parish area near New Orleans, and would give the sheriff’s department the ability to tap into those cameras at a moment’s notice.

“All you have to do is, you can go to a map and click on an icon for that camera in that area and pull up that camera and it’ll give us a live feed from that area,” St. Bernard Sheriff Jimm Pohlmann told CBS affiliate WAFB, adding that access to cameras on private property would eliminate the need for police to visit homes in person. “I think the more cameras out there, the more successful the program will be.”

"A $10 monthly fee is required for residents interested in granting police access to their existing home camera systems, but those who don’t yet have cameras can purchase entire kits from [ProjectNOLA's founder] for $295. For another $150, you can also get those cameras professionally installed.

“This is great for NOPD,” writes Jules Bentley for AntiGravity Magazine, “firstly because [the Police won't] have to pay for any of this—the costs are borne by the home or business owner and the increasingly grant-funded Project NOLA nonprofit—and secondly because private cameras can do things the government’s not allowed to.”

There's no indication that the ProjectNOLA system is actively monitored by LE officials. Rather, it seems that the residents are expected to report the crimes as usual with the police having the access to retrieve the CCTV footage remotely. The technical/procedural details about the system are rather thin at this point. Still and all, it's an interesting development.

Friday, September 26, 2014

FBI blasts Apple, Google for locking police out of phones

The war of words has ramped up over Apple's / Google's plans to encrypt handsets. Law Enforcement spokespersons are taking to the media to voice their frustration over the decision.

"FBI Director James B. Comey sharply criticized Apple and Google on Thursday for developing forms of smartphone encryption so secure that law enforcement officials cannot easily gain access to information stored on the devices — even when they have valid search warrants.

His comments were the most forceful yet from a top government official but echo a chorus of denunciation from law enforcement officials nationwide. Police have said that the ability to search photos, messages and Web histories on smartphones is essential to solving a range of serious crimes, including murder, child pornography and attempted terrorist attacks.

“There will come a day when it will matter a great deal to the lives of people . . . that we will be able to gain access” to such devices, Comey told reporters in a briefing. “I want to have that conversation [with companies responsible] before that day comes.”

"Los Angeles police Detective Brian Collins, who does forensics analysis for anti-gang and narcotics investigations, says he works on about 30 smartphones a month. And while he still can successfully crack into most of them, the percentage has been gradually shrinking — a trend he fears will only accelerate.

“I’ve been an investigator for almost 27 years,” Collins said, “It’s concerning that we’re beginning to go backwards with this technology.”

The new encryption initiatives by Apple and Google come after June’s Supreme Court ruling requiring police, in most circumstances, to get a search warrant before gathering data from a cellphone. The magistrate courts that typically issue search warrants, meanwhile, are more carefully scrutinizing requests amid the heightened privacy concerns that followed the NSA disclosures that began last year.

Civil liberties activists call this shift a necessary correction to the deterioration of personal privacy in the digital era — and especially since Apple’s introduction of the iPhone in 2007 inaugurated an era in which smartphones became remarkably intimate companions of people everywhere."

Read the whole story by clicking here.

Thursday, September 25, 2014

VisionBase's Previs vs. Ocean Systems' Field Kit

Not to be outdone by Ocean Systems, long time vendor VisionBase (UK) recently announced the release of their Portable Recording of Evidence, Viewing and Investigation System (Previs). The best comparison of the two companies' products would be if Ocean Systems' Field Kit was based on their Hurricane Mobile Video Editing system.

VisionBase loses me with this claim on the product's data sheet, "DVR’s exporting via USB instead of CD/DVD present the risk of transferring viruses or malware. DVR hardware in most instances are capable of recording and displaying a much clearer and sharper image when viewed via video, VGA and HDMI, PREVIS takes advantage of this fact allowing recording of the audio and video in original high-resolution at up to full HD 1920x1080 pixels." It's like a firearms examiner saying that a picture of a gun is better than the actual gun for forensic examination cause their hands might get dirty. Seriously? I'd rather have the data, the actual evidence, than a picture of that evidence - as I've said many times on this blog.

Then there's this:


Create Evidence in uniform format? Are you kidding!? Create evidence!? Come on folks.

From the looks of it, Previs allows for the user to load all of VisionBase's software and perform clarifications and case management in the field. The laptop version of Previs breaks the capture device out as a separate piece of hardware, like the Field Kit. Both companies have bags of cables and connectors that ship with the units. VisionBase adds a handy trolly - your tip that the full version of Previs might be quite heavy.

No hint at pricing. But, as they're a UK based company, they probably can't compete too closely with the field kit on price. Also a factor for US agencies is the ability to buy and get service from a US vendor. When last I dealt with VisionBase US, there were just a few employees in Florida ... and no technicians outside of the UK. Perhaps that's changed. Nevertheless, its something to consider.

Wednesday, September 24, 2014

Experimental Feature Manager in Photoshop CC

Photoshop's new Experimental Feature Manager now has experimental (beta) features that you can enable and try out. As these features are in beta, you might want to refrain from using them for case work. For example, many folks are now using tablet PCs with touch screen support. To enable the experimental features, do the following:

Select Preferences>Experimental Features.


Select the experimental feature that you want to enable.


Click OK.

Restart Photoshop.

Enjoy.

Tuesday, September 23, 2014

Video Evidence May Increase Our Biases, Especially When We Look Too Closely

This just in from MedicalDaily.com, "You’ve grown up on a steady diet of TV and movies. Whether you’ve watched very little or excessively, you were born in a media saavy era so most likely you are wise in the ways that a videotape can be manipulated, and probably, too, you have some understanding of how any recorded scene affects you. Now, a new study points to possible gaps in our knowledge about how we watch videotape and how the attention we pay to it influences our decisions. When watching recorded evidence from a court case, a new study finds, people focus on the defendant for different amounts of time, and this influences them — increasing their biases — when it comes time to deciding on punishment. Even when we see evidence "with our own eyes," then, we may not be able to be objective.

How We Observe Makes A Difference
Are you aware of how much you focus on some details and not others while watching a movie or TV? The following series of experiments conducted by a team of researchers from New York University and Yale University suggest there may be wide differences in how we watch media. To understand the impact of videotaped evidence, the team began by gauging how much 152 participants identified with police officers by presenting a series of statements (e.g., “Your background is similar to that of most police officers”), which the participants then rated on a seven-point scale of agreement/disagreement.

Next, participants watched a 45-second video clip, minus the sound, depicting an actual though amibiguous altercation between a police officer and a civilian. On the tape, the officer attempts to handcuff a resisting civilian; after struggling, the officer pushes the civilian against his cruiser; the civilian bites the officer’s arm; then, the officer hits the back of the civilian’s head. Meanwhile, as participants watched the video, the researchers used eye-tracking technology to gauge how much of the time participants' gaze fixated on the officer. Afterward, participants learned facts that incriminated the police officer, and then they imagined themselves as jurors and answered how likely they would be to punish and fine him.

What did the researchers discover? How much each participant identified with police in general influenced how little or much they punished the particular officer only if they had focused their attention on him while watching the videotape. For instance, participants who looked frequently at the police officer punished him far more severely if they did not identify with him. By contrast, those participants who did not identify with him yet looked at him less often while watching the tape were less severe when punishing him."

Click here to continue reading this interesting story.

Monday, September 22, 2014

Encryption as evidence of obstruction of justice?

This just in from Wired.com: "Silicon Valley’s smartphone snitching has come to an end. Apple and Google have promised that the latest versions of their mobile operating systems make it impossible for them to unlock encrypted phones, even when compelled to do so by the government. But if the Department of Justice can’t demand that its corporate friends unlock your phone, it may have another option: Politely asking that you unlock it yourself, and letting you rot in a cell until you do.

In many cases, the American judicial system doesn’t view an encrypted phone as an insurmountable privacy protection for those accused of a crime. Instead, it’s seen as an obstruction of the evidence-gathering process, and a stubborn defendant or witness can be held in contempt of court and jailed for failing to unlock a phone to provide that evidence. With Apple and Google no longer giving law enforcement access to customers’ devices, those standoffs may now become far more common ..."

This will get messy. Using the 5th Amendment has had mixed results. My guess is that this will eventually end up at the supreme court. In the mean time, Apple and Google get a bit of free advertising.

Friday, September 19, 2014

Digital forensics method validation: draft guidance

The UK Government Forensic Science Regulator has released a new draft document for comment. The document, Digital forensics method validation: draft guidance, is a rather interesting read. Comments should be sent on the feedback form provided to FSRConsultation1@homeoffice.gsi.gov.uk and should be submitted by 31 October 2014.

It's more concerned with areas known in the US as computer forensics, but it does have a section for audio analysis and speech recognition. It does not concern itself with DME analysis or authentication.

Enjoy.

Thursday, September 18, 2014

Apple will no longer unlock most iPhones, iPads for police, even with search warrants

This just in from the Washington Post, "Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information.

The move, announced with the publication of a new privacy policy tied to the release of Apple’s latest mobile operating system, iOS 8, amounts to an engineering solution to a legal quandary: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company — or anyone but the device’s owner — from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.

The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails and recordings. Apple once maintained the ability to unlock some content on devices for legally binding police requests but will no longer do so for iOS 8, it said in the new privacy policy.

“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” Apple said on its Web site. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”

As the new operating system becomes widely deployed over the next several weeks, the number of iPhones and iPads that Apple is capable of breaking into for police will steadily dwindle to the point where only devices several years old — and incapable of running iOS 8 — can be unlocked by Apple.

Apple will still have the ability — and the legal responsibility — to turn over user data stored elsewhere, such as in its iCloud service, which typically includes backups of photos, videos, e-mail communications, music collections and more. Users who want to prevent all forms of police access to their information will have to adjust settings in a way that blocks data from flowing to iCloud.

Apple’s new privacy policy comes less than five months after the Supreme Court ruled that police in most circumstances need a search warrant to collect information stored on phones. Apple’s action makes that distinction largely moot by depriving itself of the power to comply with search warrants for the contents of many of the phones it sells.

The move is the latest in a series in which Apple has sought to distinguish itself from competitors through more rigorous security, especially in the aftermath of revelations about government spying made by former National Security Agency contractor Edward Snowden last year.

Although the company’s security took a publicity hit with the leak of intimate photos of celebrities from their Apple accounts in recent weeks, the move to block police access to the latest iPhones and iPads will thrill privacy activists and frustrate law enforcement officials, who have come to rely on the extensive evidence often found on personal electronic devices.

“This is a great move,” said Christopher Soghoian, principal technologist for the American Civil Liberties Union. “Particularly after the Snowden disclosures, Apple seems to understand that consumers want companies to put their privacy first. However, I suspect there are going to be a lot of unhappy law enforcement officials.”

Continue reading the story by clicking here.