Thursday, July 31, 2014

Can you match a photo to the discrete camera it was taken with, without metadata?

Over on Quora, a user asks the following question: "Are there enough digital and/or analog difference in individual cameras/houses/lenses that photos will have fingerprint of sorts?

When, or in what circumstance could a photograph be linked not only to a lens/house model or manufacturer but to one specific camera, distinguished from any other camera of the same model?" Essentially, can you match a photo to the discrete camera it was taken with, without metadata?

Amped Software's CEO answers the question.

The short answer

Yes, it is possible to match a photo to the discrete camera it was taken with (without metadata) and it is also pretty reliable. The technique is readily available in a few software products, one of those is Amped Authenticate, produced by Amped Software (disclaimer: I am the company CEO and Founder).


The basic idea

The basic idea is that every single device leaves a different “noise fingerprint” on each photo it produces. This component is called PRNU (Photo Response Non-Uniformity) and it has been widely studied in literature. It has been shown to be:

  • constant over time
  • constant over temperature
  • independent of other camera settings (exposure, focus, etc…)
  • fairly robust to recompression (up around JPEG quality 5-60%)
  • fairly robust to intensity and color adjustments (contrast, brightness…)
  • fairly robust to local modifications (i.e. if a part of the image has been tampered, the picture as a whole is still recognized as coming from a specific camera)

However, it does not work properly in these situations:

  • if the image has been cropped or has digital zoom, since it would take only a part of the sensor and not its whole area (this could be solved, but then it wouldn’t be robust to resize)
  • for very strong enhancements
  • for very dark or very bright images, since the noise is not present in these areas)


Click here to continuing reading.

Tuesday, July 29, 2014

The Impact of Surveillance on the Practice of Law

Here's an interesting article on the impact of surveillance. "... For lawyers, large-scale surveillance has created concerns about their ability to meet their professional responsibilities to maintain confidentiality of information related to their clients. Failure to meet those responsibilities can result in discipline through professional organizations, or even lawsuits.

Lawyers also rely on the free exchange of information with their clients to build trust and develop legal strategy. Concerns over government surveillance are making it harder for attorneys – especially, but not exclusively, defense attorneys – to build trust with their clients or protect their legal strategies. Both problems corrode the ability of lawyers to represent their clients effectively.

As with the journalists, lawyers increasingly feel pressure to adopt strategies to avoid leaving a digital trail that could be monitored. Some use burner phones, others seek out technologies designed to provide security, and still others reported traveling more for in-person meetings. Like journalists, some feel frustrated, and even offended, that they are in this situation. “I’ll be damned if I have to start acting like a drug dealer in order to protect my client’s confidentiality,” said one.

The result of the anxieties over confidentiality is the erosion of the right to counsel, a pillar of procedural justice under human rights law and the US Constitution, Human Rights Watch and the ACLU found ..."

Click here to read the whole article.

Monday, July 28, 2014

The Complete Workflow of Forensic Image and Video Analysis

This just in from Forensic Focus, "In this article we’ll describe the complete workflow for image and video forensics. In fact, just like computer forensics is not only simply copying and looking at files, forensic video analysis is broad and complex and there are many steps that are commonly missed and rarely taken into account. It can be quite overwhelming if we think of all the tasks related to analysis. As a forensic video analyst, it is important to be aware of all the possible steps needed for a really complete analysis. This way, you can stay organized and minimize the possibility of skipping or missing steps. Also, if you do have to go to court, you have an outline that serves as the basis of your presentation.

It is important to remember that the job of a forensic video analyst does not start and end with viewing and enhancing a video. It’s more complex than that. You must identify the data, decode it properly, document the process, compare it with other material, and then go to court. Since digital data is really just a collection of bits, below is an outline of a process around working with these bits what you need to do with the bits ..."

Click here to continue reading the story.

Thursday, July 24, 2014

DVR Export Results

It looks like Spready's taken a road trip to IFSEC 2014. His follow-up post is an excellent review of the issues that face us all. Check it out here.

Wednesday, July 23, 2014

Have politics and personalities influenced decisions in police controlled labs?

I recently received a head's up about an open letter written by an LE commander for whom I used to work.

This letter has stirred up some strong emotions and heated comments. You can read the letter, so without speaking to the specifics of his allegations, it does raise some very interesting questions for LE agency laboratories. If politics and personalities can (allegedly) make their way into internal investigations and sway outcomes, can they also make their way into criminal proceedings?

Remember that the NAS Report called for moving forensic science labs outside of police or prosecutor control. More stories like this will only serve to move us faster toward that eventuality.

Tuesday, July 22, 2014

Storage medium vs. acquisition time


Discs and drives just keep getting bigger and cheaper. You can now get a 64gb card for your phone or camera for less than $30. Pop quiz: if you do a physical acquisition of a 64gb drive / card, how much storage will you need for the resulting file? Bonus question, how will you share / distribute the results?

Next question, how long will it take to acquire that file? If you're moving 64gb through a diagnostic port, it'll take days. If you're moving that much data through USB 1, it might take a day. Most devices haven't moved beyond USB 1 speeds. Thus, you'll need to account for the fact that your acquisition device will be tied up for a while. It might be time to budget for a second, or a third capture tool.

What about billing? Do you bill for machine time? Is it billed separate from technician time? If your machine is working on a single acquisition for 2 days, it can't work on anything else. Do your billing policies reflect this reality?

Finally, many agencies have written policies / procedures that call for storage / distribution on WORM discs. Great. What are you going to do with that 64gb .bin file?

If you haven't updated your SOPs and billing policies to account for the increases in media size, it's time.

Monday, July 21, 2014

Video as Evidence: To be evidence, what does video need?

There's an interesting conversation going on over at New Tactics in Human Rights about using video as evidence. Here's the question that kicked it off:

Welcome to the discussion! We want to start this discussion by exploring what we mean by "evidence" and why it's important in seeking justice. Consider these questions below when sharing your comments in this discussion topic:

  • The term evidence is used often (and somewhat broadly) in the human rights world. What does it take to ensure video documentation is legal evidence? In other words, how can we ensure video that activists sometimes risk their lives to capture, could be admitted into a court of law?
  • At what stages of the criminal justice process can investigators and lawyers use video evidence?
  • How do investigators and lawyers use video captured by activists in their process to seek the truth and secure accountability?
Head over to their site and see how the conversation is progressing.

Thursday, July 17, 2014

Money for nothing

Marijuana decriminalization is all the rage these days. Regardless on where you stand on this issue, the movement is gaining momentum. Arizona law enforcement recently passed a resolution against decriminalizing pot in Az. The arguments are largely the same as those given in the days leading up to the end of alcohol prohibition.

But, the real - underlying issue isn't safety or health, it's money. According to many studies, asset forfeiture is a huge business. Just about every law enforcement agency has some asset forfeiture fund from which to draw for big ticket purchases. Unfortunately for them, it looks like this honey pot is going away soon.

How does this relate to the topic of DME and forensics? Simple. Our budgets are about to shrink big time - if they haven't already. Access to the easy money of asset forfeiture funds is about to go away, if it hasn't already. LE managers will have to think seriously about their purchases of gear, service contracts, and total cost of ownership.

Vendors like Adobe and Avid are moving to a subscription based software-as-service model. But our forensic tools aren't necessarily priced as such. They're usually very expensive. Those vendors with lower pricing may win out. But, either way, it's time to get frugal.

Wednesday, July 16, 2014

Marketing vs. news you can use

This month, I received a renewal notice for Evidence Technology Magazine. It went straight into the trash. Why? It's not really about cutting edge technology from the standpoint of learning a technique that can add value to your workday - at least from a DME Forensics standpoint. It's a marketing device for manufacturers to get their tools shown in a positive light. I should know, I've written one of those articles (about Ocean Systems' ClearID).

This month's edition features an article titled "Advanced Video Forensics." I'm not sure what's so "advanced" about a tools that are fairly old. Consider the last update to the Omnivore was in May of last year, dTective's last update was more than 2 years ago, and the recent update to ClearID offers "No new features" (it just updates the installer to work with the new Creative Cloud versions of Photoshop. Sure, the Field Kit is "new." But, the tech driving the field kit is old - it's a laptop, an Omnivore, and a scan converter.

An interesting quote from the article, "It is estimated that video evidence is involved in approximately 80 percent of crimes. That staggering abundance of video brings some other complications—namely, the wide variety of video formats, each with its own proprietary characteristics and requirements. To be used, the files must be converted into a standard format that can be read and cataloged, then exported in a compressed format that will fit on a DVD for a courtroom. In the “bad old days,” that could translate into hours of work to parse formats, including some that required technical wizardry just to split different methods of encoding by different manufacturers ...", features a solution that is the absolute slowest solution to this problem - the Avid based dTective plugins.

Another is equally frustrating, "Union County’s four field kits can export instant video copies in file formats that can be played by anyone without needing proprietary equipment. These represent huge advantages for real-world use. The agency still retains the downloadable, native video files so they retain the original evidence, should it be needed." Is it faster to do a "real time" screen capture of the proprietary file with the Omnivore, or to simply work with the file's contents in FIVE or other ffmpeg solution? The real expense of the Field Kit is in the Bridge - the scan converter. It plugs nicely into the Omnivore, but it's still just a scan converter. If all you're doing is taking and working with proprietary digital files, FIVE works on low cost laptops. That means that your license of FIVE and a $1,000 laptop is still less expensive than the Field Kit - and FIVE gives you a ton more functionality than the Omnivore.

Which is a nice transition into this statement, "Union County’s new equipment also features an advanced video-editing platform and software plug-ins that allow technicians to visually focus and clarify an image. For example, they can filter and highlight a specific suspect or victim, magnify or enlarge objects such as an individual or a vehicle, and examine image areas down to individual pixels. There is even a module to remove “noise” such as darkness, rain, and snow. And, with the original video separated, the investigative tools leave the primary evidence untouched.

Union County chose its new system because of those advantages, as well as a highly comprehensive format. “It’s a real turnkey solution,” McCabe said. “It’s really comprehensive.”

Remember, clarification is not analysis. They spent a ton of money on an Avid NLE with some plug-ins that haven't been updated in years. FIVE gives them everything listed, plus gives them the option to do actual analysis - photogrammetry, content analysis, etc., with the report being an automatic function. FIVE is updated several times per year to address the rapid changes in technology and the law.

If this was a piece of journalism, you might expect a bit of counterpoint. There's none here. It's a marketing piece, pure and simple - and well done at that.

Given that many of the vendors in the FVA space have their own PR departments and send out e-mail spam on new products, updates, and etc., I'm going to save a small tree and skip the renewal. I'll get my marketing first-hand.

Monday, July 14, 2014

Did PremierePro just become a verb?



More reason to love your purpose built tools.

Thursday, July 10, 2014

Plug-ins vs. a responsive developer

Readers of this blog will know that I've been petitioning, phoning, e-mailing, blogging, about stuff I'd love to see in Photoshop. The big one, FFT, I've been told will likely never be included in Photoshop.

I got to thinking about this after seeing a tweet from one of the Photoshop team about his favorite plug-in.

One line of thinking is that Photoshop is extensible. If there's something missing in Photoshop, a developer can build a plug-in to fill that gap. Some of these plug-ins are free, some are very expensive, some are more than the cost of Photoshop.

Essentially, with each release, Adobe is saying that this is where we are. If you don't like it, get a plug-in. Some think this is cool - opening up the program for developers to fill these gaps. Others think it sucks - that Photoshop is essentially incomplete and will likely never be complete ... and that it's up to the customer to spend more money to gain this preferred functionality. In the case of FFT, the plug in can be very expensive.

The other problem with plug-ins is validation. They're an "as-is" product. How does Blow Up work? I like it, from an artist's point of view. But, I can't defend its use now that Photoshop has become a verb. If it doesn't have a scientific explanation for how it works, I'm going to have a very difficult time defending its use.

Contrast the Photoshop plug-in Blow Up with Amped FIVE's Smart Resize filter. With each of the filters, your get a plain English explanation of what it does, combined with the academic references on which the filter is based.

In the case of Smart Resize, it "Resizes the image with a smart zoom algorithm."

"Details: Smart Resize interpolates the input image by generating an output image of the desired size with an iterative two-dimensional implementation of the Warped Distance algorithm."

For your information, references are provided.

  • Anil. K. Jain, Fundamentals of Digital Image Processing, Prentice Hall, pp. 253-255, 1989.
  • Anil. K. Jain, Fundamentals of Digital Image Processing, Prentice Hall, pp. 320-322, 1989.
  • G. Ramponi, Warped distance for space-variant linear image interpolation, in IEEE Transactions on Image Processing, vol. 8, pp. 629-639, May 1999.
So, plug-ins might be cool for wedding photographers and artists. But they can be problematic for Forensic Analysts.

All this being said, the developers at Amped Software have been very responsive to the Forensic community. If there's something not in the program, and it's a valid addition, they've found a way to get it in the next update. From Color Deconvolution to working with Channels, user submission and solutions to specific problems have found their way into the program sooner rather than later. Best yet, these additions are included in the price of the software - there's nothing else to buy.

As an artist, I still love Adobe products. But as an Analyst, I find myself needing a more purpose built solution. Thankfully, I have one - FIVE.

Monday, July 7, 2014

What happens when you press that button?


Cellebrite users rejoice - there's a nice and concise booklet available to help you explain what happens when you push that button.

It explains what the retrieval methods are, when to choose which method, and even rather obscure facts like wear leveling and garbage collection.


It's worth a look, even if you're not a Cellebrite customer.

Thursday, July 3, 2014

Upcoming training opportunity in Los Angeles

Here's the link to register for the upcoming FIVE and Authenticate training in Los Angeles.

Wednesday, July 2, 2014

Image Manipulation: How do people find out than an image has been manipulated using Image processing software?

A Quora user asks the following question: "I have come across articles where they say that forensics have confirmed that an image has been digitally manipulated. I never understood where they get that information from. Can somebody explain."

Click here for the answer from Amped Software's Martino Jerian.

Tuesday, July 1, 2014

Nonlinear Deblurring with Amped FIVE

Amped Software just published a short video clip showing how to use the new Nonlinear Deblurring function available in Amped FIVE.

Enjoy!