Friday, October 31, 2014

Court Rules Police Can Force Users to Unlock iPhones With Fingerprints, But Not Passcodes

This just in from MacRumors.com, "A Circuit Court judge in Virginia has ruled that fingerprints are not protected by the Fifth Amendment, a decision that has clear privacy implications for fingerprint-protected devices like newer iPhones and iPads.

According to Judge Steven C. Fucci, while a criminal defendant can't be compelled to hand over a passcode to police officers for the purpose of unlocking a cellular device, law enforcement officials can compel a defendant to give up a fingerprint.

The Fifth Amendment states that "no person shall be compelled in any criminal case to be a witness against himself," which protects memorized information like passwords and passcodes, but it does not extend to fingerprints in the eyes of the law, as speculated by Wired last year."

Keep reading the article by clicking here.

Monday, October 27, 2014

Strengthening Forensic Science in the US

The Organization of Scientific Area Committees (OSAC) began sending out letters to subject matter experts a few weeks ago. OSAC is part of an initiative by NIST and the Department of Justice to strengthen forensic science in the United States.


Of particular interest to the readers of this blog, the IT/Multimedia Scientific Area Committee (SAC) has named and published its committee Chairs. The IT/Multimedia SAC consists of the Speaker Recognition, Imaging Technologies, Digital Evidence, and Facial Identification subcommittees.


I've been telling you that this is coming since the NAS report was published a few years ago. Well. Here it is.

The next press release from the OSAC should contain the names of the subcommittee members as well as the dates/locations for the first SAC meetings.

Enjoy.

Friday, October 24, 2014

Amped FIVE Update: new tutorials, DVR formats, and more

Amped Software announced another update today. "First of all the IFrame seek added in the previous version has been improved to work on all filters (with the exception of Frame Selectors).

As usual, we had a lot of our users requesting the conversion of specific DVR formats. In this update we added 3 new DVR formats (PAR, MGV, DRV). PAR and DRV, were already supported but we added a new sub-type as many times files with the same extension actually come in many different flavors. Thanks a lot to everybody who is contributing to the development with requests!

We’ve also included the DVR Screen Capture tool to make it easier to grab the selection of the area.

A lot of our users don’t do actual casework on workstations connected to the Internet. For this reason we just added a message in the menu item Help > Check for Updates On Line which will give you the link where to check if your version is up to date from the browser on another PC.

Finally, we’ve added and updated tutorials to include screenshots from the latest version. Amped FIVE has come a long way since they were written!"

Enjoy.

Thursday, October 23, 2014

LEEDIR in use in Pumpkin Riot Probe

This just in from the AP: "Police in New Hampshire are using a relatively new application to collect photos and videos they hope will lead to arrests following weekend chaos at a pumpkin festival.

More than 80 people were arrested after parties got out of hand Saturday in Keene, leading to property destruction and injuries. Police in riot gear used tear gas and pepper balls to control crowds as large as 2,000 people.

Keene police have created a LEEDIR account, or Large Emergency Event Digital Information Repository, where people can send images and videos directly from their smartphones to police.

More than 100 people have already sent files as the investigation by several police agencies continues.

LEEDIR is an online and mobile app that can be activated after a major emergency."

Wednesday, October 22, 2014

FIVE updated

The recent update to Amped Software's FIVE brings a welcome refresh of the Filters panel.


As you scroll down the filter group (left side), the individual filters move along with you - justified to assure that they're in view when you highlight a specific group.

I know, it's a little thing. But it's the little things that make life worth while.

Use the Check for Updates feature to make sure that you have the latest version. There's usually the inclusion of new file format support as a wee bonus.

Enjoy.

Tuesday, October 21, 2014

Codes of Ethics

Given Sunday's post about the many people out there claiming to be experts in Forensic Video Analysis, I began wondering if the courts could/should enforce a Code of Ethics.

I think many of the organizations out there for people that do what we do have some sort of statement about ethics or an actual Code of Ethics. The IACIS, for example, has theirs on their membership page.

IACIS Code of Ethics
IACIS members must demonstrate and maintain the highest standards of ethical conduct.

IACIS members must:

  • Maintain the highest level of objectivity in all forensic examinations and accurately present the facts involved.
  • Thoroughly examine and analyze the evidence in a case.
  • Conduct examinations based upon established, validated principles.
  • Render opinions having a basis that is demonstratively reasonable.
  • Not withhold any findings, whether inculpatory or exculpatory, that would cause the facts of a case to be misrepresented or distorted.
  • Never misrepresent credentials, education, training, and experience or membership status.
How incredibly refreshing.

But, can an examiner accurately present the facts involved if they don't understand the science behind the tools and techniques that they employ? Can an examiner thoroughly examine and analyze the evidence if they don't have the appropriate tools - or those tools are out of date? Can "it just doesn't look right to me" be an established and valid principle? Is demonstratively reasonable too much to ask? Does your inclusion on the Superior Court's list of experts sufficient proof of your training, experience, and education?

To pull something like this off at the Superior Court level, it would take a court panel and judge that invests a bit of time to see what's out there in terms of gear, what the science says, who's doing what, and etc. 

I understand that the Courts are massively overworked. But, if you put a list out there, it should mean something. Sadly, the video/image section of LA County's list needs a bit of trimming.

Monday, October 20, 2014

Turning a filter on or off in Amped FIVE

At a recent training session, the topic of what to do with filters if you've used them but don't want to have them influence what's being displayed - but you still want them on your report.

Obviously, you can throw filters away. But, in doing so, the filter's settings won't appear on the report.


In the Filter Settings box (top right) you'll see a small check box. This is the On/Off button. Check in the box, the filter's on and the settings are reflected in the workflow. No check in the box, and the settings are not reflected.

Where this comes in handy is when you're using an edge detection filter, like Sobel, and you don't want your image/video looking like a modern art masterpiece. Once you've found your edges and performed task that required knowing the location of the edges (like Measure 1D, etc), turn the filter off. In this way, your filter use is reflected in the report.

Think of this like turning on/off layers in Photoshop.


Many thanks to John U. from the SLC PD for taking the initiative to install and try the program ahead of the training, and for actually reading the support documentation and watching the training videos. Also, thanks to John for making my time at SLC run smooth. It's always nice to hit the ground running.

BTW, if you're interested in bringing a training session to your agency, just send a note. 2015 is going to a busy training year, but there's still some openings in my calendar.

Friday, October 17, 2014

New Partnership Provides Law Enforcement With Digital Evidence Solution

Homeland Security Today recently featured a story on the partnership between MediaSolv and Amped Software. Whilst it's true that no single vendor provides an end to end solution for our digital evidence needs, this new partnership gets really close. When you factor MediaSolv's work with Cellebrite into the equation, MediaSolv looks even better. Check out the article here.

Wednesday, October 8, 2014

Forensic Focus asks Amped Software, can you get that license plate?

This just in from Forensic Focus: "We find ourselves analyzing new surveillance videos almost every day, and in most cases we can either solve the problem very quickly or understand (even quicker) that there is no information to recover in the video. In special cases though, where something very specific and strange happened, or the problem is very complex, it can take a lot of time.

As always… Pareto principle: you solve 80% of the cases in 20% of the time, and, well, 20% of the cases takes 80% of the time. In our own work, the right numbers are probably 95% to 5%, but the idea still holds.

With our experience in working on several thousand cases, we can estimate whether an image or video contains some information and is worth processing, or not, very quickly. In this article, we will describe some of the tests that can be done to quickly tell if you can get that license plate!"

Continue reading the article over on Forensic Focus.

Tuesday, October 7, 2014

New SWGDE Draft Posted for Public Comment

This just in ...

The Scientific Working Group on Digital Evidence (SWGDE) is pleased to announce the posting of a new draft document for public review and comment: "SWGDE Best Practices for Handling Damaged Mobile Devices" at https://www.swgde.org/


In accordance with SWGDE policy, draft documents will be posted for a minimum of 60 days for public comment. The first page of each draft document gives instructions on how to submit feedback to our Secretary via an email to secretary@swgde.org mailto:secretary@swgde.org All feedback received prior to our next meeting in January 2015 will be reviewed by the appropriate subcommittee at that meeting.


At the conclusion of our last meeting, SWGDE voted to release the following documents as Approved versions after considering and incorporating feedback received during the public comment period. However, as noted on the cover page of each document, "SWGDE encourages stakeholder participation in the preparation of documents. Suggestions for modifications are welcome and must be forwarded to the Secretary in writing at secretary@swgde.org"

Digital and Multimedia Evidence (Digital Forensics) as a Forensic Science Discipline v2
SWGDE Best Practices for Computer Forensics v3.1 SWGDE Best Practices for Handling Damaged Hard Drives v1 SWGDE Capture of Live Systems v2 SWGDE Focused Collection and Examination of Digital Evidence v1 SWGDE Mac OS X Tech Notes v1.1 SWGDE Recommended Guidelines for Validation Testing v2 SWGDE Best Practices for Forensic Audio v2 These recently approved documents are available for download on the Current Documents page of the SWGDE website: https://www.swgde.org/ documents/Current%20Documents

We appreciate your participation as SWGDE continues its mission to bring together organizations actively engaged in the field of digital and multimedia evidence to foster communication and cooperation as well as ensuring quality and consistency within the forensic community. Anyone interested in receiving regular updates via email is encouraged to sign up for the SWGDE NewsBytes newsletter here: https://www.swgde.org/ newsletter/newsletterSignUp

Thank you,

David Hallimore
SWGDE Outreach Committee Chair
SWGDE https://www.swgde.org/

Wednesday, October 1, 2014

Are law enforcement agencies tone deaf?

Over at the Washington Post, there's been a series of articles quoting various current and former law enforcement officials and politicians predicting doom, gloom, and madness if Apple and Google go through with their plans to include encryption into their next generation of operating systems. In the latest article, the outgoing US Attorney General essentially asks companies to do it for the children. "Attorney General Eric H. Holder Jr. said on Tuesday that new forms of encryption capable of locking law enforcement officials out of popular electronic devices imperil investigations of kidnappers and sexual predators, putting children at increased risk."

The do it for the children card has been so over-used that folks are tired of hearing of it. Here's why regular folks want encryption:

  • It has been documented that law enforcement agencies in the US have downloaded the contents of mobile phones or otherwise searched the phones during routine traffic stops. 1 2 3 4 5 6 7 8 9
  • What is the retention policy of the data police acquire at a routine traffic stop? If you aren't charged with an offense, if no ticket is issued, what happens to the data? How long do they keep it? Do they merge the data into a massive government database? 1 2 3  Ask your local PD. Call a few times. See how different each response is.
  • How secure is your personal data once it's in the hands of law enforcement? 1 2 3
Again, ordinary folks are concerned about their privacy and the protection of their personal information. The fact that the DOJ and other agencies don't understand this, or don't care, further worries the average person. 

In the US, the person is sovereign and free. Our Constitution places limits on what our government can do to us. The people have the power and our Constitution binds the government, limiting it to only those authorized activities.We're innocent until proven guilty. Not providing your mobile phone to law enforcement during a routine traffic stop is not proof of guilt, or even cause of reasonable suspicion. When the agents of the government make big moves outside of their Constitutionally limited areas, folks are going to seek a way to protect themselves. It's simple, actually.

Before pulling the do it for the children card, LE agencies should have solid policies governing when/how data collection can take place, what's going to happen to the data, and how the data will be protected - as well as a way for a citizen to appeal to have their data removed from the system without expense. 

But right now, folks just aren't buying what the DOJ is selling. They will, however, be buying what Apple and Google is selling.