Featured Post

Welcome to the Forensic Multimedia Analysis blog (formerly the Forensic Photoshop blog). With the latest developments in the analysis of m...

Wednesday, January 28, 2015

Thank you

I simply want to say thanks and I love you....
But please don't say you love me back, or that you love my page, or that I am great, or the best, or any of that, because then I will think that you think I am posting this just to get feedback and feel good about myself. Which isn't true. I just want to say I love you all very much and thank you for being a part of my life. And if you think: 'Well, how can she love me; she doesn't even know me?" Then you are likely Aspie, logical thinker, or don't read my blog. hehehe Anyhow, Thank you for being here.... 
I simply want to say thanks and I love you... 
(If you must post something, post a heart or smile)

Tuesday, January 20, 2015

Libavcodec bug threatens Windows XP VLC users

This just in from PCWorld.com:

"Watch out Windows XP diehards: if you run the open source media player VLC you may be vulnerable to malicious attacks. A bug discovered in November affecting VLC was recently made public on Full Disclosure, a security-focused mailing list.

The reported bug (dubbed CVE-2014-9597) allows a specially crafted video file with the FLV file extension opened in VLC 2.1.5 to corrupt memory. This could then allow the attacker to execute any code they want on the target machine. The vulnerability was tested on Windows XP SP3.

Why this matters: A bug that affects Windows XP may not be much of a worry for most users as XP’s user base has been slowly declining. But there are still some diehards holding on to the OS—around 18 percent of PC users worldwide run XP, according to Net Market Share.

While the bug apparently affects VLC users, it doesn’t appear to be an issue with VLC itself. Instead, the bug is caused by libavcodec, Jean-Baptiste Kempf, president of VideoLAN, the non-profit behind VLC, confirmed to PCWorld. Libavcodec is a third-party code library for encoding and decoding video and audio, maintained by FFmpeg. Kempf also said that he was unable to replicate the bug on Windows.

Whether or not the bug is a serious concern for users, the threat may not be long lived anyway. Kempf says the second release candidate for VLC version 2.2.0 fixes the issue. Concerned XP users can download and try out the release candidate from VideoLan."

Monday, January 19, 2015

Stop Believing TV’s Lies: The Real Truth About "Enhancing" Images

This just in from How-To-Geek: "You’ve seen it over and over. The FBI uses their advanced technology to “enhance” a blurry image, and find a villain’s face in the worst possible footage. Well, How-To Geek is calling their bluff. Read on to see why.

It’s one of the most common tropes in television and movies, but is there any possibility a government agency could really have the technology to find faces where there are only blurry pixels? We’ll make the argument that not only is it impossible with current technology, but it is very unlikely to ever be a technology we’ll ever see. Stick around to see us put this trope under the lenses of science and technology, and prove it wrong once and for all."

Click here to read the whole article.

Wednesday, January 14, 2015

The end of the CCTV era?

This just in from the BBC: "Twenty years ago the government backed a major expansion of the CCTV network - now funds are being cut and cameras shut off. Is the UK's CCTV boom over, asks Rachel Argyle.

In 1994, the Conservative government launched the Partners Against Crime initiative, with Home Secretary Michael Howard saying he was "absolutely convinced that CCTV has a major part to play in helping detect, and reduce crimes and to convict criminals".

The next year the CCTV Challenge Competition fund was started to encourage local authorities to set up surveillance schemes - the Home Office and local authorities invested £120m in CCTV systems within three years.

The UK has one of the largest CCTV networks in the world. But as cash-strapped councils look for cost-saving measures, the effectiveness of public CCTV is under scrutiny.

Dyfed-Powys police are set to cut funding to monitor CCTV following an independent report set up by Police and Crime Commissioner Christopher Salmon. The force covers over half of Wales and just under half a million people.

The report found that the removal of Powys Country Council CCTV did not result in a significant rise in crime or anti-social behaviour and there is little evidence that CCTV deters violent or alcohol-related crime. Salmon says the police will direct funds where the public want them, with "more bobbies on the beat".

These cuts are not an isolated case.

Cornwall was one of the first local authorities to cut their CCTV budget back in April 2011 - by £350,000. Denbighshire council will stop their funding and make a saving of £200,000 from 2016-17. Anglesey Council scrapped its CCTV altogether last year but following a successful charitable trust bid it will now be run by the island's five town councils. In Derby, 48 cameras in the city centre may be switched off.

Other areas are scaling back. Birmingham's 250 CCTV cameras will no longer be monitored around the clock and CCTV managers across the country face redundancy.

Police are under similar financial strain. Thames Valley Police could reduce its CCTV funding for the city from £225,000 annually, to as little as £50,000 by 2018.

A Freedom of Information request by Labour MP Gloria de Piero in March 2013, found that one in five councils had cut the number of CCTV cameras on the streets since the last election.

Supporters of CCTV point to the success of cameras in identifying suspects in high-profile cases, such as Robert Thompson and Jon Venables in the murder of toddler James Bulger, the Boston Marathon bombing, the London 7 July 2005 attacks and the 2011 UK riots. CCTV was crucial in the hunt for the Charlie Hebdo attackers.

But campaigners against CCTV believe it violates personal privacy and question its effectiveness.

"Britain's crime rate is not significantly lower than comparable countries that do not have such vast surveillance," says Emma Carr, director of Big Brother Watch.

The pressure group welcomes that budgetary restraints may make authorities look more closely at whether CCTV is really working. Carr adds: "Councils that reduce the number of ineffective CCTV cameras, diverting resources to where they will keep the public safer, are to be praised."

Charles Farrier, spokesperson for No CCTV, is a little more apprehensive. "The alleged cost-cutting is leading to a restructuring rather than a real reduction of camera surveillance." He points out that budget cuts will see others jump to the rescue. "Often the solutions offered are merging control rooms or taking the cameras out of the hands of democratic local bodies and into management by private companies driven by a profit motive," he added. He calls for an urgent public debate.

For some people, there's a more human alternative to fighting crime with increased CCTV. Farrier believes the solution lies in the findings of a 2013 report entitled Fortress Britain, published by the New Economics Foundation, which found that residents on an estate in London felt that "knowing people" was the key to creating trust.

"We no longer have park keepers, bus conductors, toilet attendants - people there to help act as a glue to hold the community together. Now we abdicate that responsibility to a machine. Surely instead of spending money on surveillance cameras it should be spent on proven strategies or encourage more people to walk, talk, and problem solve in their own communities?"

There has been much research into the effectiveness of CCTV as a crimefighting tool during the boom years.

A study entitled the Effects of Closed Circuit Television Surveillance on Crime (2008) found that CCTV schemes had little effect on crime deterrence, other than car crime ..."

Click here to keep reading the article.

Thursday, January 8, 2015

What's wrong with Photoshop?

Long time Photoshop users know that in order to get the most out of Photoshop, you'll need a pretty nice workstation with the "right" video card. Adobe explains why:

"The advantages of using a compatible video card (GPU) with Photoshop are better performance and access to more features. In this document, you will quickly find out everything you need to know about how Photoshop uses the Video Card (GPU) in your system including troubleshooting steps and features that have been recently updated to take advantage of the GPU.

This document provides a quick reference guide to video card usage in Photoshop. Some features require a compatible video card. If the video card or its driver is defective or unsupported, those features don’t work. Other features use the video card for acceleration; if the card or driver is defective, those features run slowly."

The GPU Sniffer

"To help guard against Photoshop crashes related to bad GPU hardware or drivers, Photoshop employs a small program called the GPU Sniffer. Every time Photoshop launches, Photoshop launches the sniffer. The sniffer runs rudimentary tests of the GPU and reports the results to Photoshop. If the sniffer crashes or reports a failure status to Photoshop, Photoshop doesn't use the GPU. The Use Graphics Hardware checkbox in the Performance panel of the Preferences is deselected and disabled.

The first time the sniffer fails, Photoshop displays a dialog indicating that it has detected a problem with the GPU. On subsequent launches, the dialog doesn't appear.

If you correct the problem, either by replacing the video card or by updating the driver, then the sniffer passes on the next launch. The Use Graphics Hardware checkbox is enabled and returned to its previous state (enabled or disabled)."

Wednesday, January 7, 2015

Mrs. Lincoln, I Presume? Well, as It Turns Out ...

You might have missed this one, but it's an interesting article on authentication and hoaxes.

"For 32 years, a portrait of a serene Mary Todd Lincoln hung in the governor’s mansion in Springfield, Ill., signed by Francis Bicknell Carpenter, a celebrated painter who lived at the White House for six months in 1864.

The story behind the picture was compelling: Mrs. Lincoln had Mr. Carpenter secretly paint her portrait as a surprise for the president, but he was assassinated before she had a chance to present it to him.

Now it turns out that both the portrait and the touching tale accompanying it are false.

The canvas, which was purchased by Abraham Lincoln’s descendants before being donated to the state’s historical library in the 1970s, was discovered to be a hoax when it was sent to a conservator for cleaning, said James M. Cornelius, the curator of the Lincoln library and museum in Springfield. The museum is planning to present its findings at a lecture on April 26.

“It was a scam to defraud the Lincoln family,” Mr. Cornelius said.

The Lincolns were not the only ones fooled. Ever since The New York Times announced the portrait’s discovery in 1929, on Feb. 12, Lincoln’s birthday, historians and the public have assumed it depicted Mary Todd Lincoln. It was reproduced in The Chicago Tribune and National Geographic, and versions of it still illustrate at least two biographies, including the latest paperback edition of Carl Sandburg’s 1932 “Mary Lincoln: Wife and Widow.”

In reality, the painting depicts an unknown woman and was created by an anonymous 19th-century artist, said Barry Bauman, the independent conservator who uncovered the fraud. The con, however, dates to the late 1920s, when the portrait was recast as that of Mrs. Lincoln, he said.

Mr. Bauman identifies the culprit behind the scam as Ludwig Pflum, who rechristened himself Lew Bloom and was given to the kind of self-invention that America became famous for during the industrial era. He worked as a jockey, circus clown, boxer and vaudevillian before settling on art collecting.

When he died less than a year after the painting’s public unveiling, an obituary in a Reading, Pa., newspaper noted that he “dabbled in oil paintings.” Apparently he dabbled more than anyone at the time realized ..."

Click here to keep reading the article.

Tuesday, January 6, 2015

Validation of forensic images for assurance of digital evidence integrity

Here's an interesting paper from Murdoch University in Australia.

"The reliability of digital evidence is an important consideration in legal cases requiring sound validation. To ensure its reliability, digital evidence requires the adoption of reliable processes for the acquisition, preservation, and analysis of digital data. To undertake these tasks, the courts expect digital forensic practitioners to possess specialised skills, experience, and use sound forensic tools and processes. The courts require that the reliability of digital evidence can be verified with supporting documentation; notably acquisition process logs and a chain of custody register, confirming that the process of recovering and protecting the evidence was based on sound scientific principles.

In typical cases the digital evidence has been ‘preserved’ in a special file or ‘container’ that has been declared to be secure on the basis that it is not possible to tamper with the contents of the container or the information supporting the contents (metadata) without this act being discovered. However, through the use of a freely available open source library, libewf, it has been discovered that the most commonly used forensic container format, Encase Evidence File Format, also known by its file extension .E01, can be manipulated to circumvent validation by forensic tools. This digital forensic container contains an embedded forensic image of the acquired device and metadata fields containing information about the data that was acquired, the circumstances of the acquisition, and details about the device from which the forensic image was acquired. It has been found that both the forensic image and the metadata associated with that image can be freely altered using simple file editors and open source software.

Exploiting these weaknesses within the Encase Evidence File format results in a forensic container that can be altered but fails to provide any evidence that this has occurred. In practice the original device is often unavailable, damaged, or otherwise unable to provide independent validation of the data held in the container. In such situations, it would be difficult, if not impossible, to determine which of two forensic containers held the original record of the evidence.
As part of a proof of concept, existing libewf code was manipulated to allow for legitimate metadata to be attached to a compromised and altered forensic image with recalculated hashes and data integrity checksums. Without incontrovertible records of the original data’s hash value, this manipulation might only be detected by an independent third party holding a copy of the original forensic container’s metadata and hashes for comparison. While hashes and metadata held by an interested party could also potentially be altered or declared unreliable, an uninterested party would be able to provide a more reliable set of hashes that could be used to validate the unaltered container.

In order to add to the body of knowledge supporting digital forensics as a scientific discipline this research has brought into question a fundamental assumption about the reliability of a fundamental method currently used to collect and validate digital evidence. Further research is required to determine the whether processes can be designed to enhance the detection of contaminated images."

Monday, January 5, 2015

A Coursera Course on Visual Perception Starts January 7th

This just in from the Scientific American:

"For those of you who don’t know what Coursera is, it’s one of several apps/websites that provides courses online. It’s an amazing system allowing for thousands of students to participate and view the same lectures. Such courses are generically referred to as MOOCs: Massive Open Online Courses. Coursera and its competitors, such as edX could potentially change the educational landscape by bringing the highest-quality education and lecturers to the general public, anywhere in the world, cheaply or even for free. No longer will aspiring students have to compete for an entire childhood before achieving entry into the world’s best universities to see these lectures: they can simply login to view the same lectures that are offered to the intelligentsia.

There’s a new 8-week course available on visual perception taught by Dale Purves of Duke University. It’s available for free and starts on January 7th, 2015. Purves’s approach to visual perception is exciting because it’s a bit different than the usual approach. Sensation and perception courses usually try to explain perception in terms of reconstructing the physical world. That is, the world exists, it has properties that can be measured with a visual system, and those measurements are then used to reconstruct a representation of the world in the brain based on those measurements. Visual illusions—where the perception doesn’t match the reality—in this model are errors in measurement: where the visual system gets it wrong. Sounds great, right? The problem is that our perception is not an accurate representation of the world (as Purves’s course will show), even when it could be based on the quality of the sensation. That is, our visual systems sometimes perceive illusions even when its measurements are accurate.

Purves considers that the visual system is instead working to solve an inverse problem… it’s trying to build a model of the world that will help the observer survive and reproduce (rather than to reconstruct the physical world accurately). What this means is that we can continue to work within the world (or, our model of the world) even in the absence of direct measurement. For example, to perceive the lightness of an object, the standard view of vision—as a reconstructive process—would be that the photoreceptors of the eye count photons that arrive from the object and report them so that we can reconstruct the object we’re viewing. That’s great except that—as Purves’s and his colleagues’ own lab work have perhaps shown best—lightness perception conflates the reflectance of the object (what color its surface is painted and how well it reflects photons that emanate from the light source), with the illumination of the object (how much light actually arrives from the light source), and transmittance of the object (how much light is either generated by the object directly… or travels through a through a transparent object from behind that object). All the visual system knows is the result of all of these object properties. But the object’s appearance nevertheless depends critically on knowing the contributions of all of these separate sources of photons. So what’s a brain to do? Purves’s view is that the visual system must guess at what the world looks like based on fitting its data to an internal, already-formed model of the world. Where does the model come from? From past empirical experience with the world. By experiencing and learning about objects throughout your life you adjust your model of the world to account for the frequency by which a given pattern of photoreceptor responses correlates to a given object. In this sense, genetically transmitted knowledge about the model also contribute to one’s empirical knowledge. So much of our model may be hardwired into our brains at birth, and your life tweaks your model as you go.

Many of Purves’s insights in visual science have correctly challenged the status quo and he is one of the finest phenomenologists in the world (a phenomenologist is a scientist who develops visual illusions for the purpose of drawing insight into visual processing in the brain). The image presented here is a terrific example. Notice that the orange and brown chips on the Rubik’s cube appear to be different colors that are reflecting different amounts of light (the orange chip is in the shade). Actually: the orange and brown chips are exactly the same color but are interpreted by your brain differently because they appear to have different levels of illumination. Don’t believe me? Print this image out on a printer, and cut the orange and brown chips out with scissors and compare them directly: they are exactly the same and only appear differently here due to their context."



So join me as a student in this course in January! It’s certain to be illuminating.

Friday, January 2, 2015

Why does Adobe Premiere Pro modify original footage/asset files

The following scenario was featured over on StackExchange.

Background:
  1. A colleague had given me a large 33Gb .mov for use in a project, I put this file on a backup drive.
  2. I made an identical copy of this 33Gb .mov file and placed it in a folder that I'd use to work on a Premiere Pro Project.
  3. I ran Adobe Premiere Pro CS6 and dragged in the 33Gb .mov file into the Sequence (imported it)
  4. Premiere Pro CS6 started conforming the file.
  5. After it had finished, I noticed that it's Modified Date was just now i.e different to the Modified Date on the original copy of the file on the backup drive (see step 1)
  6. I ran a BeyondCompare check between the .mov file on the backup drive (see step 1) and the one that the Premiere Pro project was using (step 2, 3) and Beyond Compare reported they were different.
I had initially thought it was unrelated file corruption of some kind, but I have checked this several times and got the same outcome, so it's definitely Premiere Pro deliberately modifying the file.

So I am puzzled: these are supposed to be the same file.

Why would there be a need for Adobe Premiere Pro to modify the footage? What does it do to the file? Would it not be better to create a separate file if necessary?

The answer to the user's question is featured here:

"It's all about this setting, "Write XMP ID To Files On Import" - which confirms that Adobe Premiere Pro is deliberately modifying the .mov file."

These posts give some background as to why having this setting enabled would be beneficial: one benefit being to be able to skip conforming files by matching the conformed file with the original using the embedded XMP tag:

http://helpx.adobe.com/premiere-pro/using/preferences.html#WSE3BD4A43-7022-4fe6-97F5-95313935347B

http://www.dvinfo.net/forum/adobe-creative-suite/498627-why-premiere-modifying-video-files.html

https://forums.creativecow.net/thread/205/876064

---

Can you imagine what would happen on the witness stand if you didn't know this was happening to your files, and the opposing attorney asked you a series of very specific questions about your Premiere Pro (of Avid) work flow? OTS software does a lot of stuff to your files without telling you. That's the peril in using it for your forensic science work. It's yet another reason I've ditched the commercial editors in favor of software purpose built for our industry.

Thursday, January 1, 2015

Content analysis and confirmation bias

I was binging on Discovery Channel shows and flipping between football games today. BTW, happy new year.

I was amazed to watch as the people featured looked at pictures and video and described what they thought was in the video - a body, a tool, a hieroglyph, a UFO, and etc. I wasn't convinced. It seemed that all the pictures contained exactly what the producer wanted to see, but critical or scientifically based content analysis was never performed.


Confirmation bias refers to a type of selective thinking whereby one tends to notice and to look for what confirms one's beliefs, and to ignore, not look for, or undervalue the relevance of what contradicts one's beliefs.

As an example of this, most people reading this will look at the picture and think "egg and french fries (chips)." But, if you thought that when you saw the image, you'd be wrong. The photo above features apple slices and a half of a peach on yogurt.

And this is the problem when the untrained eye and brain engage in content analysis. They can both be fooled quite easily.