Featured Post

Welcome to the Forensic Multimedia Analysis blog (formerly the Forensic Photoshop blog). With the latest developments in the analysis of m...

Tuesday, September 30, 2014

GM's new high-tech recorder is illegal in many states

Earlier this year, I reported that GM had added a DVR to its venerable Corvette. It seems that GM was a little shy about the details of their system in the initial marketing of the system. Now, RT.com is reporting that GM is warning owners of the car in several states that they might be committing a felony by activating the system. The problem: it also records audio.

“Federal wiretapping laws generally require only one party to consent to a recording of an interaction," Ars Technica reported. “But in California, Connecticut, Delaware, Florida, Hawaii, Illinois, Louisiana, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, and Washington, all parties involved in the recording must either consent to a recording or at least be aware that the recording is happening, depending on the state. So if a Corvette owner turns on Valet Mode in California and turns the car over to the unknowing attendant, that Corvette owner could be committing a felony.”

“If they do use the Valet Mode, they should (i) notify any occupants of the vehicle that they will be recorded while in the vehicle, and (ii) obtain their consent to this recording. It is very important that you explain this to each customer at the time of delivery.”

GM is “evaluating several scenarios for the software update – for example disabling the audio recording in Valet Mode, but keeping the video recording active,” Monte Doran, a spokesperson for Corvette, said to Forbes.

Ryan Calo of the University of Washington School of Law explained that the audio – not video – recording is the legal sticking point of the technology.

“It’s really the interior audio that triggers various wiretap laws,” Calo said. “But not if the owner warns, thereby defeating the expectation of privacy.”

OOPS!

Monday, September 29, 2014

Project NOLA - a public private CCTV partnership

You've heard that the NYPD has blanketed areas of NYC with CCTV cameras. Ditto for Chicago and a few other metropolitan areas. These efforts have been funded and run by the local police agencies. But, in an interesting twist, ProjectNOLA has the public buying and installing their own CCTV systems, then turning over control to the New Orleans PD - and paying the NOPD for the privilege.

"Part of a sprawling surveillance strategy dubbed “Project NOLA,” citizens’ security cameras would be integrated with footage shot from other law enforcement cameras already installed around the St. Bernard Parish area near New Orleans, and would give the sheriff’s department the ability to tap into those cameras at a moment’s notice.

“All you have to do is, you can go to a map and click on an icon for that camera in that area and pull up that camera and it’ll give us a live feed from that area,” St. Bernard Sheriff Jimm Pohlmann told CBS affiliate WAFB, adding that access to cameras on private property would eliminate the need for police to visit homes in person. “I think the more cameras out there, the more successful the program will be.”

"A $10 monthly fee is required for residents interested in granting police access to their existing home camera systems, but those who don’t yet have cameras can purchase entire kits from [ProjectNOLA's founder] for $295. For another $150, you can also get those cameras professionally installed.

“This is great for NOPD,” writes Jules Bentley for AntiGravity Magazine, “firstly because [the Police won't] have to pay for any of this—the costs are borne by the home or business owner and the increasingly grant-funded Project NOLA nonprofit—and secondly because private cameras can do things the government’s not allowed to.”

There's no indication that the ProjectNOLA system is actively monitored by LE officials. Rather, it seems that the residents are expected to report the crimes as usual with the police having the access to retrieve the CCTV footage remotely. The technical/procedural details about the system are rather thin at this point. Still and all, it's an interesting development.

Friday, September 26, 2014

FBI blasts Apple, Google for locking police out of phones

The war of words has ramped up over Apple's / Google's plans to encrypt handsets. Law Enforcement spokespersons are taking to the media to voice their frustration over the decision.

"FBI Director James B. Comey sharply criticized Apple and Google on Thursday for developing forms of smartphone encryption so secure that law enforcement officials cannot easily gain access to information stored on the devices — even when they have valid search warrants.

His comments were the most forceful yet from a top government official but echo a chorus of denunciation from law enforcement officials nationwide. Police have said that the ability to search photos, messages and Web histories on smartphones is essential to solving a range of serious crimes, including murder, child pornography and attempted terrorist attacks.

“There will come a day when it will matter a great deal to the lives of people . . . that we will be able to gain access” to such devices, Comey told reporters in a briefing. “I want to have that conversation [with companies responsible] before that day comes.”

"Los Angeles police Detective Brian Collins, who does forensics analysis for anti-gang and narcotics investigations, says he works on about 30 smartphones a month. And while he still can successfully crack into most of them, the percentage has been gradually shrinking — a trend he fears will only accelerate.

“I’ve been an investigator for almost 27 years,” Collins said, “It’s concerning that we’re beginning to go backwards with this technology.”

The new encryption initiatives by Apple and Google come after June’s Supreme Court ruling requiring police, in most circumstances, to get a search warrant before gathering data from a cellphone. The magistrate courts that typically issue search warrants, meanwhile, are more carefully scrutinizing requests amid the heightened privacy concerns that followed the NSA disclosures that began last year.

Civil liberties activists call this shift a necessary correction to the deterioration of personal privacy in the digital era — and especially since Apple’s introduction of the iPhone in 2007 inaugurated an era in which smartphones became remarkably intimate companions of people everywhere."

Read the whole story by clicking here.

Thursday, September 25, 2014

VisionBase's Previs vs. Ocean Systems' Field Kit

Not to be outdone by Ocean Systems, long time vendor VisionBase (UK) recently announced the release of their Portable Recording of Evidence, Viewing and Investigation System (Previs). The best comparison of the two companies' products would be if Ocean Systems' Field Kit was based on their Hurricane Mobile Video Editing system.

VisionBase loses me with this claim on the product's data sheet, "DVR’s exporting via USB instead of CD/DVD present the risk of transferring viruses or malware. DVR hardware in most instances are capable of recording and displaying a much clearer and sharper image when viewed via video, VGA and HDMI, PREVIS takes advantage of this fact allowing recording of the audio and video in original high-resolution at up to full HD 1920x1080 pixels." It's like a firearms examiner saying that a picture of a gun is better than the actual gun for forensic examination cause their hands might get dirty. Seriously? I'd rather have the data, the actual evidence, than a picture of that evidence - as I've said many times on this blog.

Then there's this:


Create Evidence in uniform format? Are you kidding!? Create evidence!? Come on folks.

From the looks of it, Previs allows for the user to load all of VisionBase's software and perform clarifications and case management in the field. The laptop version of Previs breaks the capture device out as a separate piece of hardware, like the Field Kit. Both companies have bags of cables and connectors that ship with the units. VisionBase adds a handy trolly - your tip that the full version of Previs might be quite heavy.

No hint at pricing. But, as they're a UK based company, they probably can't compete too closely with the field kit on price. Also a factor for US agencies is the ability to buy and get service from a US vendor. When last I dealt with VisionBase US, there were just a few employees in Florida ... and no technicians outside of the UK. Perhaps that's changed. Nevertheless, its something to consider.

Wednesday, September 24, 2014

Experimental Feature Manager in Photoshop CC

Photoshop's new Experimental Feature Manager now has experimental (beta) features that you can enable and try out. As these features are in beta, you might want to refrain from using them for case work. For example, many folks are now using tablet PCs with touch screen support. To enable the experimental features, do the following:

Select Preferences>Experimental Features.


Select the experimental feature that you want to enable.


Click OK.

Restart Photoshop.

Enjoy.

Tuesday, September 23, 2014

Video Evidence May Increase Our Biases, Especially When We Look Too Closely

This just in from MedicalDaily.com, "You’ve grown up on a steady diet of TV and movies. Whether you’ve watched very little or excessively, you were born in a media saavy era so most likely you are wise in the ways that a videotape can be manipulated, and probably, too, you have some understanding of how any recorded scene affects you. Now, a new study points to possible gaps in our knowledge about how we watch videotape and how the attention we pay to it influences our decisions. When watching recorded evidence from a court case, a new study finds, people focus on the defendant for different amounts of time, and this influences them — increasing their biases — when it comes time to deciding on punishment. Even when we see evidence "with our own eyes," then, we may not be able to be objective.

How We Observe Makes A Difference
Are you aware of how much you focus on some details and not others while watching a movie or TV? The following series of experiments conducted by a team of researchers from New York University and Yale University suggest there may be wide differences in how we watch media. To understand the impact of videotaped evidence, the team began by gauging how much 152 participants identified with police officers by presenting a series of statements (e.g., “Your background is similar to that of most police officers”), which the participants then rated on a seven-point scale of agreement/disagreement.

Next, participants watched a 45-second video clip, minus the sound, depicting an actual though amibiguous altercation between a police officer and a civilian. On the tape, the officer attempts to handcuff a resisting civilian; after struggling, the officer pushes the civilian against his cruiser; the civilian bites the officer’s arm; then, the officer hits the back of the civilian’s head. Meanwhile, as participants watched the video, the researchers used eye-tracking technology to gauge how much of the time participants' gaze fixated on the officer. Afterward, participants learned facts that incriminated the police officer, and then they imagined themselves as jurors and answered how likely they would be to punish and fine him.

What did the researchers discover? How much each participant identified with police in general influenced how little or much they punished the particular officer only if they had focused their attention on him while watching the videotape. For instance, participants who looked frequently at the police officer punished him far more severely if they did not identify with him. By contrast, those participants who did not identify with him yet looked at him less often while watching the tape were less severe when punishing him."

Click here to continue reading this interesting story.

Monday, September 22, 2014

Encryption as evidence of obstruction of justice?

This just in from Wired.com: "Silicon Valley’s smartphone snitching has come to an end. Apple and Google have promised that the latest versions of their mobile operating systems make it impossible for them to unlock encrypted phones, even when compelled to do so by the government. But if the Department of Justice can’t demand that its corporate friends unlock your phone, it may have another option: Politely asking that you unlock it yourself, and letting you rot in a cell until you do.

In many cases, the American judicial system doesn’t view an encrypted phone as an insurmountable privacy protection for those accused of a crime. Instead, it’s seen as an obstruction of the evidence-gathering process, and a stubborn defendant or witness can be held in contempt of court and jailed for failing to unlock a phone to provide that evidence. With Apple and Google no longer giving law enforcement access to customers’ devices, those standoffs may now become far more common ..."

This will get messy. Using the 5th Amendment has had mixed results. My guess is that this will eventually end up at the supreme court. In the mean time, Apple and Google get a bit of free advertising.

Friday, September 19, 2014

Digital forensics method validation: draft guidance

The UK Government Forensic Science Regulator has released a new draft document for comment. The document, Digital forensics method validation: draft guidance, is a rather interesting read. Comments should be sent on the feedback form provided to FSRConsultation1@homeoffice.gsi.gov.uk and should be submitted by 31 October 2014.

It's more concerned with areas known in the US as computer forensics, but it does have a section for audio analysis and speech recognition. It does not concern itself with DME analysis or authentication.

Enjoy.

Thursday, September 18, 2014

Apple will no longer unlock most iPhones, iPads for police, even with search warrants

This just in from the Washington Post, "Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information.

The move, announced with the publication of a new privacy policy tied to the release of Apple’s latest mobile operating system, iOS 8, amounts to an engineering solution to a legal quandary: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company — or anyone but the device’s owner — from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.

The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails and recordings. Apple once maintained the ability to unlock some content on devices for legally binding police requests but will no longer do so for iOS 8, it said in the new privacy policy.

“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” Apple said on its Web site. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”

As the new operating system becomes widely deployed over the next several weeks, the number of iPhones and iPads that Apple is capable of breaking into for police will steadily dwindle to the point where only devices several years old — and incapable of running iOS 8 — can be unlocked by Apple.

Apple will still have the ability — and the legal responsibility — to turn over user data stored elsewhere, such as in its iCloud service, which typically includes backups of photos, videos, e-mail communications, music collections and more. Users who want to prevent all forms of police access to their information will have to adjust settings in a way that blocks data from flowing to iCloud.

Apple’s new privacy policy comes less than five months after the Supreme Court ruled that police in most circumstances need a search warrant to collect information stored on phones. Apple’s action makes that distinction largely moot by depriving itself of the power to comply with search warrants for the contents of many of the phones it sells.

The move is the latest in a series in which Apple has sought to distinguish itself from competitors through more rigorous security, especially in the aftermath of revelations about government spying made by former National Security Agency contractor Edward Snowden last year.

Although the company’s security took a publicity hit with the leak of intimate photos of celebrities from their Apple accounts in recent weeks, the move to block police access to the latest iPhones and iPads will thrill privacy activists and frustrate law enforcement officials, who have come to rely on the extensive evidence often found on personal electronic devices.

“This is a great move,” said Christopher Soghoian, principal technologist for the American Civil Liberties Union. “Particularly after the Snowden disclosures, Apple seems to understand that consumers want companies to put their privacy first. However, I suspect there are going to be a lot of unhappy law enforcement officials.”

Continue reading the story by clicking here.

Wednesday, September 17, 2014

Is DME "digital evidence"

There's a bit of a fight between the "digital forensics" crowd and the "forensic DME analysis" crowd as to what constitutes "digital evidence." We have the red Flip Book that states clearly that it does not concern itself with computer forensics. The Electronic Crime Scene Investigation: A Guide for First Responders states clearly, in Chapter 1, Section 5:

Section 5 — Other Potential Sources of Digital Evidence
Description:
First responders should be aware of and consider as potential evidence other elements of the crime scene that are related to digital information, such as electronic devices, equipment, software, hardware, or other technology that can function independently, in conjunction with, or attached to computer systems. These items may be used to enhance the user’s access of and expand the functionality of the computer system, the device itself, or other equipment.


Remember, it is recommended by the NIJ that protocols for how to handle electronic crime scenes and digital evidence be developed in compliance with agency policies and prevailing Federal, State, and local laws and regulations - and common sense. Your properly trained and equipped CF technician should work side-by-side with your properly trained and equipped DME technician.

Tuesday, September 16, 2014

Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

Recently, the NIJ released it's Second Edition of Electronic Crime Scene Investigation: A Guide for First Responders.

Here's some highlights:

When dealing with digital evidence, general forensic and procedural principles should be applied:

  • The process of collecting, securing, and transporting digital evidence should not change the evidence.
  • Digital evidence should be examined only by those trained specifically for that purpose.
  • Everything done during the seizure, transportation, and storage of digital evidence should be fully documented, preserved, and available for review.

First responders must use caution when they seize electronic devices. Improperly accessing data stored on electronic devices may violate Federal laws, including the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. First responders may need to obtain additional legal authority before they proceed. They should consult the prosecuting attorney for the appropriate jurisdiction to ensure that they have proper legal authority to seize the digital evidence at the scene.

In addition to the legal ramifications of improperly accessing data that is stored on a computer, first responders must understand that computer data and other digital evidence are fragile. Only properly trained personnel should attempt to examine and analyze digital evidence.

Remember, DME is digital evidence and should be treated as such. Many agencies have the "it's just video" mentality. Not respecting the evidence and the procedures necessary to properly collect the evidence will eventually get you in trouble. Thankfully, the NIJ provides this valuable piece of guidance.

Monday, September 15, 2014

FBI launches national facial recognition system

This just in from MyFoxNY.com: "The Federal Bureau of Investigation has fully rolled out a new biometric identification system that includes facial recognition technology.

The FBI, working with the Criminal Justice Information Services Division, says the Next Generation Identification System is now fully operational.

The system is designed to expand biometric identification capabilities across the country and eventually replace the FBI's current fingerprint system.

The system includes two new databases.

One, called Rap Back, enables FBI authorized entities the ability to receive ongoing status notifications of any criminal history reported on specific individuals. The bureau says that it will help law enforcement agencies, probation and parole offices, and others greatly improve their effectiveness by being advised of subsequent criminal activity of persons under investigation or supervision.

The second is called the Interstate Photo System. IPS facial recognition service will provide law enforcement agencies across the country an image-searching capability of photographs associated with criminal identities. The Feds say it is a significant step forward for the criminal justice community in utilizing biometrics as an investigative tool.

This latest phase ois only one portion of the FBI's NGI System. Since phase one was deployed in February 2011, the NGI system has introduced enhanced automated fingerprint and latent search capabilities, mobile fingerprint identification, and electronic image storage.

More than 18,000 law enforcement agencies and other authorized criminal justice partners across the country will have access to the system 24 hours a day, 365 days a year."

Friday, September 12, 2014

Another FIVE update, more cool stuff

Amped Software updated FIVE today (Build 6514). Among the bug fixes are a few cool new things.


You can now use the playback controls to go to the next IFrame, in addition to the previous controls. This Special Seek feature will help to scrub through the video to find the best frames with which to work.

Also in this Build is support for Avigilon native files (.ave) as well as video file support for Adaptive Digital Systems' LE only body wire line of recorders. Both of these are a great addition to the feature set. Remember, .ave files can be quite large, so playback might be a bit slow.


What an outstanding way to finish the week.

Enjoy.

Friday, September 5, 2014

Video analysis: codes of practice for forensic service providers

This just in from the UK: Video analysis: codes of practice for forensic service providers.

"This appendix covers forensic digital video analysis laboratory activity from receipt of video material through to preparation for court. It does not yet include retrieval from the scene (this is expected to be added in due course) nor expand on the requirements laid out in the codes on the presentation of expert evidence. It applies to all providers undertaking this work whether they are police facilities, commercial suppliers or academia."

It's an interesting read with some controversial suggestions.

Check it out.