Experimental Feature Manager in Photoshop CC

Photoshop's new Experimental Feature Manager now has experimental (beta) features that you can enable and try out. As these features are in beta, you might want to refrain from using them for case work. For example, many folks are now using tablet PCs with touch screen support. To enable the experimental features, do the following:

Select Preferences>Experimental Features.

Select the experimental feature that you want to enable.

Click OK.

Restart Photoshop.

Enjoy.

Video Evidence May Increase Our Biases, Especially When We Look Too Closely

This just in from MedicalDaily.com, "You’ve grown up on a steady diet of TV and movies. Whether you’ve watched very little or excessively, you were born in a media saavy era so most likely you are wise in the ways that a videotape can be manipulated, and probably, too, you have some understanding of how any recorded scene affects you. Now, a new study points to possible gaps in our knowledge about how we watch videotape and how the attention we pay to it influences our decisions. When watching recorded evidence from a court case, a new study finds, people focus on the defendant for different amounts of time, and this influences them — increasing their biases — when it comes time to deciding on punishment. Even when we see evidence "with our own eyes," then, we may not be able to be objective.

How We Observe Makes A Difference
Are you aware of how much you focus on some details and not others while watching a movie or TV? The following series of experiments conducted by a team of researchers from New York University and Yale University suggest there may be wide differences in how we watch media. To understand the impact of videotaped evidence, the team began by gauging how much 152 participants identified with police officers by presenting a series of statements (e.g., “Your background is similar to that of most police officers”), which the participants then rated on a seven-point scale of agreement/disagreement.

Next, participants watched a 45-second video clip, minus the sound, depicting an actual though amibiguous altercation between a police officer and a civilian. On the tape, the officer attempts to handcuff a resisting civilian; after struggling, the officer pushes the civilian against his cruiser; the civilian bites the officer’s arm; then, the officer hits the back of the civilian’s head. Meanwhile, as participants watched the video, the researchers used eye-tracking technology to gauge how much of the time participants' gaze fixated on the officer. Afterward, participants learned facts that incriminated the police officer, and then they imagined themselves as jurors and answered how likely they would be to punish and fine him.

What did the researchers discover? How much each participant identified with police in general influenced how little or much they punished the particular officer only if they had focused their attention on him while watching the videotape. For instance, participants who looked frequently at the police officer punished him far more severely if they did not identify with him. By contrast, those participants who did not identify with him yet looked at him less often while watching the tape were less severe when punishing him."

Click here to continue reading this interesting story.

Encryption as evidence of obstruction of justice?

This just in from Wired.com: "Silicon Valley’s smartphone snitching has come to an end. Apple and Google have promised that the latest versions of their mobile operating systems make it impossible for them to unlock encrypted phones, even when compelled to do so by the government. But if the Department of Justice can’t demand that its corporate friends unlock your phone, it may have another option: Politely asking that you unlock it yourself, and letting you rot in a cell until you do.

In many cases, the American judicial system doesn’t view an encrypted phone as an insurmountable privacy protection for those accused of a crime. Instead, it’s seen as an obstruction of the evidence-gathering process, and a stubborn defendant or witness can be held in contempt of court and jailed for failing to unlock a phone to provide that evidence. With Apple and Google no longer giving law enforcement access to customers’ devices, those standoffs may now become far more common ..."

This will get messy. Using the 5th Amendment has had mixed results. My guess is that this will eventually end up at the supreme court. In the mean time, Apple and Google get a bit of free advertising.

Digital forensics method validation: draft guidance

The UK Government Forensic Science Regulator has released a new draft document for comment. The document, Digital forensics method validation: draft guidance, is a rather interesting read. Comments should be sent on the feedback form provided to FSRConsultation1@homeoffice.gsi.gov.uk and should be submitted by 31 October 2014.

It's more concerned with areas known in the US as computer forensics, but it does have a section for audio analysis and speech recognition. It does not concern itself with DME analysis or authentication.

Enjoy.

Apple will no longer unlock most iPhones, iPads for police, even with search warrants

This just in from the Washington Post, "Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information.

The move, announced with the publication of a new privacy policy tied to the release of Apple’s latest mobile operating system, iOS 8, amounts to an engineering solution to a legal quandary: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that prevents the company — or anyone but the device’s owner — from gaining access to the vast troves of user data typically stored on smartphones or tablet computers.

The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails and recordings. Apple once maintained the ability to unlock some content on devices for legally binding police requests but will no longer do so for iOS 8, it said in the new privacy policy.

“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” Apple said on its Web site. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”

As the new operating system becomes widely deployed over the next several weeks, the number of iPhones and iPads that Apple is capable of breaking into for police will steadily dwindle to the point where only devices several years old — and incapable of running iOS 8 — can be unlocked by Apple.

Apple will still have the ability — and the legal responsibility — to turn over user data stored elsewhere, such as in its iCloud service, which typically includes backups of photos, videos, e-mail communications, music collections and more. Users who want to prevent all forms of police access to their information will have to adjust settings in a way that blocks data from flowing to iCloud.

Apple’s new privacy policy comes less than five months after the Supreme Court ruled that police in most circumstances need a search warrant to collect information stored on phones. Apple’s action makes that distinction largely moot by depriving itself of the power to comply with search warrants for the contents of many of the phones it sells.

The move is the latest in a series in which Apple has sought to distinguish itself from competitors through more rigorous security, especially in the aftermath of revelations about government spying made by former National Security Agency contractor Edward Snowden last year.

Although the company’s security took a publicity hit with the leak of intimate photos of celebrities from their Apple accounts in recent weeks, the move to block police access to the latest iPhones and iPads will thrill privacy activists and frustrate law enforcement officials, who have come to rely on the extensive evidence often found on personal electronic devices.

“This is a great move,” said Christopher Soghoian, principal technologist for the American Civil Liberties Union. “Particularly after the Snowden disclosures, Apple seems to understand that consumers want companies to put their privacy first. However, I suspect there are going to be a lot of unhappy law enforcement officials.”

Continue reading the story by clicking here.

Is DME "digital evidence"

There's a bit of a fight between the "digital forensics" crowd and the "forensic DME analysis" crowd as to what constitutes "digital evidence." We have the red Flip Book that states clearly that it does not concern itself with computer forensics. The Electronic Crime Scene Investigation: A Guide for First Responders states clearly, in Chapter 1, Section 5:

Section 5 — Other Potential Sources of Digital Evidence
Description: First responders should be aware of and consider as potential evidence other elements of the crime scene that are related to digital information, such as electronic devices, equipment, software, hardware, or other technology that can function independently, in conjunction with, or attached to computer systems. These items may be used to enhance the user’s access of and expand the functionality of the computer system, the device itself, or other equipment.

Remember, it is recommended by the NIJ that protocols for how to handle electronic crime scenes and digital evidence be developed in compliance with agency policies and prevailing Federal, State, and local laws and regulations - and common sense. Your properly trained and equipped CF technician should work side-by-side with your properly trained and equipped DME technician.

Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

Recently, the NIJ released it's Second Edition of Electronic Crime Scene Investigation: A Guide for First Responders.

Here's some highlights:

When dealing with digital evidence, general forensic and procedural principles should be applied:

• The process of collecting, securing, and transporting digital evidence should not change the evidence.
• Digital evidence should be examined only by those trained specifically for that purpose.
• Everything done during the seizure, transportation, and storage of digital evidence should be fully documented, preserved, and available for review.

First responders must use caution when they seize electronic devices. Improperly accessing data stored on electronic devices may violate Federal laws, including the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. First responders may need to obtain additional legal authority before they proceed. They should consult the prosecuting attorney for the appropriate jurisdiction to ensure that they have proper legal authority to seize the digital evidence at the scene.

In addition to the legal ramifications of improperly accessing data that is stored on a computer, first responders must understand that computer data and other digital evidence are fragile. Only properly trained personnel should attempt to examine and analyze digital evidence.

Remember, DME is digital evidence and should be treated as such. Many agencies have the "it's just video" mentality. Not respecting the evidence and the procedures necessary to properly collect the evidence will eventually get you in trouble. Thankfully, the NIJ provides this valuable piece of guidance.

FBI launches national facial recognition system

This just in from MyFoxNY.com: "The Federal Bureau of Investigation has fully rolled out a new biometric identification system that includes facial recognition technology.

The FBI, working with the Criminal Justice Information Services Division, says the Next Generation Identification System is now fully operational.

The system is designed to expand biometric identification capabilities across the country and eventually replace the FBI's current fingerprint system.

The system includes two new databases.

One, called Rap Back, enables FBI authorized entities the ability to receive ongoing status notifications of any criminal history reported on specific individuals. The bureau says that it will help law enforcement agencies, probation and parole offices, and others greatly improve their effectiveness by being advised of subsequent criminal activity of persons under investigation or supervision.

The second is called the Interstate Photo System. IPS facial recognition service will provide law enforcement agencies across the country an image-searching capability of photographs associated with criminal identities. The Feds say it is a significant step forward for the criminal justice community in utilizing biometrics as an investigative tool.

This latest phase ois only one portion of the FBI's NGI System. Since phase one was deployed in February 2011, the NGI system has introduced enhanced automated fingerprint and latent search capabilities, mobile fingerprint identification, and electronic image storage.

More than 18,000 law enforcement agencies and other authorized criminal justice partners across the country will have access to the system 24 hours a day, 365 days a year."

Another FIVE update, more cool stuff

Amped Software updated FIVE today (Build 6514). Among the bug fixes are a few cool new things.

You can now use the playback controls to go to the next IFrame, in addition to the previous controls. This Special Seek feature will help to scrub through the video to find the best frames with which to work.

Also in this Build is support for Avigilon native files (.ave) as well as video file support for Adaptive Digital Systems' LE only body wire line of recorders. Both of these are a great addition to the feature set. Remember, .ave files can be quite large, so playback might be a bit slow.

What an outstanding way to finish the week.

Enjoy.

Video analysis: codes of practice for forensic service providers

This just in from the UK: Video analysis: codes of practice for forensic service providers.

"This appendix covers forensic digital video analysis laboratory activity from receipt of video material through to preparation for court. It does not yet include retrieval from the scene (this is expected to be added in due course) nor expand on the requirements laid out in the codes on the presentation of expert evidence. It applies to all providers undertaking this work whether they are police facilities, commercial suppliers or academia."

It's an interesting read with some controversial suggestions.

Check it out.

Interesting development in the body-worn video discussion

This just in from Ars Technica, "Claire McCaskill, the Democratic senator from Missouri, says police departments nationwide should require their officers wear body cameras in order to qualify for the hundreds of millions of dollars in federal funding they receive each year."

You read that right, the Senator wants to tie federal money that police agencies currently receive to compliance with this proposed nationwide body-worn video mandate.

"The lawmaker did not offer legislation to support her words. McCaskill, however, is not alone in her thinking. Last week, an online petition asking the White House to require all police departments to wear lapel cameras hit 100,000 signatures. The President Barack Obama administration has promised to publicly address petitions reaching 100,000 signatures."

The movement to get agencies to adopt body-worn video recorders is not new. Many agencies have declined to purchase recorders due to the high purchase price and the cost of maintenance, as well as the cost of storing / distributing the recorded footage.

But, linking the issue to existing federal funding puts a new twist on the story. Stay tuned.

If a CCTV camera records an incident, it has failed to prevent that incident from occurring.

@spreadys pointed out an interesting article about the role CCTV has in fighting crime. The best part of the article are the comments at the bottom.

The best one, "I'm sorry, but bragging about 500 arrests from 41,000 incidents is truly pathetic. It just shows how useless CCTV is. If the incidents took place in front of a copper, the arrest rate would have been worth crowing about. People aren't bothered about being spotted on camera."

There's another comment that links to this article. “For every 1,000 cameras in London, less than one crime is solved per year.”

"Each case helped by the use of CCTV effectively costs £20,000 to detect, Met figures showed."

"The report, written by Detective Chief Inspector Mick Neville, who runs the Metropolitan Police’s Visual Images Identifications and Detections Office, found that the public “have a high expectation of CCTV and are frequently told they are captured on camera 300 times per day”.

Public confidence was dented when the police often stated there was no CCTV working when a crime has been committed, it said.

It also said that increasingly members of the public were complaining that officers had not bothered to view available CCTV images when trying to track down criminals.

It disclosed a “significant rise in the level of complaints from the public, where it is perceived that police have not viewed CCTV. This is now approaching 100 per year.”

The report found that untrained officers were often downloading and viewing CCTV images in their hunt for evidence. The cameras were effective in crime-fighting if the images and information from them was used properly.

Detective Superintendent Michael McNally, who commissioned the report, admitted there were “some concerns” about how CCTV was being used."

World Science Festival - the Science of Justice

If you're in the NYC area, the Benjamin N. Cardozo School of Law will play host on Sept. 10th to the WSF's Science of Justice discussion/presentation.

They use the events in Ferguson to put the spotlight on "forensics," but miss an important point: none of the presenters are experts in digital video or small device forensics.

It's a given, these days, that there will be two elements to every crime scene - CCTV and mobile phones. People use their phones to record video of traffic stops and other police activity. Traffic stops take place in front of stores and other places with CCTV. Thus, these images become a vital "silent witness" for the investigation. Yet, this presentation does not feature this valuable piece of evidence, nor any practitioners of this type of analysis. That's unfortunate.

Still again, if you're in the area, it should be an interesting discussion.

Crowdsourcing content analysis

The online site, bellingcat, recently announced results from their crowdsourced investigation into the location of the Islamic State's training site in Iraq.

It's an interesting study in the use of publicly available sources to identify the location depicted in photos through visual content analysis, as opposed to relying on metadata.

Check it out here.

How do you determine the dpi on a photo in a PDF document?

Many folks use Adobe's Acrobat to share reports, images, and video. Often times, we're asked to extract the images from a PDF file for use elsewhere. Depending on the downsampling settings, the images in a PDF might not work well outside of the document.

Here's how to check the resolution of the image within the PDF file.

If you have Acrobat Pro, you can use the Object Inspector in Output Preview to see the resolution of an image. Select View>Tools>Print Production>Output Preview, then change the Preview Type to Object Inspector and click on the image in question. Here's what you'll see.

223x452 @ 150 is like one of those old wallet photos we used to get with our school picture packages. It's not big. Some serious up-sizing will be needed if you want to use this image in a courtroom display.

A new source of evidence for BFMV investigations

I hope you're ready to retrieve DME from another type of recorder. GM recently announced that the new Corvette will feature on-board video/data recording as part of a performance data recorder and navigation system package that is a $1,795 add-on to the $53,995 base price of the Corvette.

In the future, when investigation a burglary/theft from a motor vehicle, or a vehicle theft, you may be asked to download this data / video from the car.

"The system was developed with Cosworth, the British motorsports-engineering company that supplies the Corvette Racing team’s data and telemetry systems. It has a SD-card slot in the glove box – which locks on Valet Mode -- for recording and transferring video and vehicle data. An 8-gigabyte card can record approximately 200 minutes of driving time."

It looks like the owner will have to have the data card in the slot to record. So our job is easy, just swap out the cards.

Fourandsix says goodbye to FourMatch

Bad news. "FourMatch has been discontinued and is no longer available for purchase. Existing customers will be provided with free updates to the signature database through the end of 2014."

Fourandsix directs you to their Izitru web site. But LE folks aren't going to upload their evidence to the cloud. So that's it.

Good news. Amped Software's Authenticate is still going strong.

Why are my PDFs so big

If your PDF files are huge, and you can't figure out why, there's an easy way to check.

Using Acrobat Pro, the easiest way to determine why your files are so big (and possibly reduce the file size) is to open the PDF Optimizer by clicking on File>Save As Other>Optimized PDF.

At the top right of the PDF Optimizer dialog click on the Audit space usage button.

Which brings up this dialog box.

With the PDF Optimizer, you can alter the compression and downsampling settings to achieve your goal of reducing file size. With the Auditor, you can see your results.

Photoshop CC to 2014: Where’s my stuff? (Settings, workspaces, presets, panels, plug-ins)

Adobe's Jeffrey Tranberry answers the following questions in this blog post:

• Where are my settings & workspaces?
• Where are my presets?
• Where are my custom panels? Where are my 3rd party plug-ins?
• Why do I now have two versions of Photoshop installed?

Check out the answers here.

#‎RecordThePolice‬

In case you weren't paying attention to the news over the last few days ...

The news media is pushing this meme - #RecordThePolice.

If your agency hasn't seen it yet, it will. Citizen submitted video and images of police activity can help investigations ... and they can harm investigations if they've been edited to change the context of the scene. Recently, many videos surfaced showing an officer fully mounted on a male suspect trying to establish control. What was redacted by much of what the media was showing was the suspect initially attacking the officer. Context is everything. While citizens have the right to witness events from a safe distance and record the events on their mobile devices, they don't have the right to misrepresent events through contextual editing. In many jurisdictions, making a false statement to authorities is not prosecuted. Submitting altered DME is the same as making a false statement, and should be handled accordingly.

As I always say, when you're on the job, assume at least 10 cameras are recording you at all times. These days, that number is probably low.

Make sure you have a contextually accurate image or video. Authenticity is key in using DME in investigations. Remember, the average American does not know the correct answer to this question - how many people were in Rodney King's car when he was stopped?

LAB Color Readouts in the new Camera Raw

New in Adobe Camera Raw is the ability to activate LAB Color readouts in the Histogram.

Simply Control-click (Mac) | Right-click (Win) within the Histogram to enable LAB Color readouts, even when the Workflow Options are set to another color space (such as Adobe RGB).

I know it's a bit nerdy, but more options are always cool.

FIVE update offers significant improvements

The latest version of Amped Software's FIVE has just been released. The additions to the program will be quite helpful.

• New tool: Export Video renders the current video using FFmpeg, Video For Windows, DirectShow, QuickTime
• New tool: Export PDF saves all the current video frames on a PDF file
• User interface: improved behavior of modifiers when setting parameters values; now the step is 10 times bigger pressing shift, 1/10 pressing ctrl and 1/100 pressing shift and ctrl
• Motion Deblurring: possibility to set a size length of PSF with a decimal number (previously only whole numbers were allowed), added border option to reduce ringing artifacts, improved performances and memory consumption
• Optical Deblurring: possibility to set a size length of PSF with a decimal number (previously only whole numbers were allowed), added border option to reduce ringing artifacts, improved performances and memory consumption
• Curves: added option to choose between Cubic Spline (more similar to Photoshop behavior) and Hermite Cubic (more similar to GIMP behavior), improved performances

Just select Help>Check for updates online to get the latest version.

How time flies

If you started your LE career in 1994, the tech world has changed dramatically.

All of your tech was in separate devices. Video cameras were just video cameras. Tablets were just tablets. Etc. Now, it's all in your phone - or your suspect's phone.

Just 10 years ago, you found storage devices containing around 128mb. Now, you're finding them to be 128gb - and bigger.

How are you and your agency dealing with the blistering pace of this change. Does your agency's SOP's reflect the changes to technology and society? Do your evidence storage / sharing protocols reflect these massive increases in size? Does your current vendor have the products you'll need to take you into the next few years?

But, for now, how do you share the 64gb bin file from your latest iPhone dump? If you're not asking these questions, you're already far behind.

First Responder debuts at NaTIA

One of the many vendors making a big splash at this year's NaTIA conference is MediaSolv. MediaSolv has teamed up with Amped Software to introduce it's First Responder product.

Here's how it works:

1. Retrieve the original video from the DVR (Flash/thumb drive, DVD, CD, etc.)
2. Because the format is proprietary, it cannot be played with Windows Media Player and Windows does not recognize the file.
3. Open First Responder.
4. When you import the video (drag & drop, or Video Loader filter), if First Responder does not recognize the format, you then have the option to convert the video to a standard format.
5. Convert the video, then you can play it in the First Responder Player.
6. If you aren't a MediaSolv Commander user, you can then export the video using the Video Writer Filter to a format standardized by your agency for play in Window Media Player or any other standard player.
7. If you are a Commander user, export to MediaSolv Commander along with other evidence items.

(Time start to finish ~10 minutes.)

First Responder is designed around Amped FIVE's innovative fast workflow and real-time filter concept to dramatically reduce the time required to process data and improves the success rate of various cases. First Responder will run on standard desktop or notebook computers and does not rely on third party commercial photo or video editing software, plug-ins, scripts, or special hardware. This makes the total cost of ownership much more manageable and is just one platform to learn, maintain, and deploy on hardware you already own.

• Designed from top to bottom as a purpose built self-contained tool for video evidence ingest, viewing, fast editing, and conversion
• Automatic generation of technical report
• Support for images, videos and live streams
• Integrated lossless DVR capture tool
• Tools for converting proprietary files (transcode to proxy) for viewing on standard media players
• Native support for Milestone XProtect® surveillance live feeds and archived files
• Easy to use tools for fast/simple editing and evidence processing
• Unique concept of filters: Drop, add, delete, modify, move, copy, paste, any filter in any position. Modify any parameter of any operation in any order; the results can be applied and seen immediately, even while playing a video

So, if you're in San Diego for the NaTIA conference, stop by the MediaSolv booth and check out First Responder. If you can't make it, send them a note requesting more information.

Can you match a photo to the discrete camera it was taken with, without metadata?

Over on Quora, a user asks the following question: "Are there enough digital and/or analog difference in individual cameras/houses/lenses that photos will have fingerprint of sorts?

When, or in what circumstance could a photograph be linked not only to a lens/house model or manufacturer but to one specific camera, distinguished from any other camera of the same model?" Essentially, can you match a photo to the discrete camera it was taken with, without metadata?

Amped Software's CEO answers the question.

The short answer

Yes, it is possible to match a photo to the discrete camera it was taken with (without metadata) and it is also pretty reliable. The technique is readily available in a few software products, one of those is Amped Authenticate, produced by Amped Software (disclaimer: I am the company CEO and Founder).


The basic idea

The basic idea is that every single device leaves a different “noise fingerprint” on each photo it produces. This component is called PRNU (Photo Response Non-Uniformity) and it has been widely studied in literature. It has been shown to be:

• constant over time
• constant over temperature
• independent of other camera settings (exposure, focus, etc…)
• fairly robust to recompression (up around JPEG quality 5-60%)
• fairly robust to intensity and color adjustments (contrast, brightness…)
• fairly robust to local modifications (i.e. if a part of the image has been tampered, the picture as a whole is still recognized as coming from a specific camera)

However, it does not work properly in these situations:

• if the image has been cropped or has digital zoom, since it would take only a part of the sensor and not its whole area (this could be solved, but then it wouldn’t be robust to resize)
• for very strong enhancements
• for very dark or very bright images, since the noise is not present in these areas)

Click here to continuing reading.

The Impact of Surveillance on the Practice of Law

Here's an interesting article on the impact of surveillance. "... For lawyers, large-scale surveillance has created concerns about their ability to meet their professional responsibilities to maintain confidentiality of information related to their clients. Failure to meet those responsibilities can result in discipline through professional organizations, or even lawsuits.

Lawyers also rely on the free exchange of information with their clients to build trust and develop legal strategy. Concerns over government surveillance are making it harder for attorneys – especially, but not exclusively, defense attorneys – to build trust with their clients or protect their legal strategies. Both problems corrode the ability of lawyers to represent their clients effectively.

As with the journalists, lawyers increasingly feel pressure to adopt strategies to avoid leaving a digital trail that could be monitored. Some use burner phones, others seek out technologies designed to provide security, and still others reported traveling more for in-person meetings. Like journalists, some feel frustrated, and even offended, that they are in this situation. “I’ll be damned if I have to start acting like a drug dealer in order to protect my client’s confidentiality,” said one.

The result of the anxieties over confidentiality is the erosion of the right to counsel, a pillar of procedural justice under human rights law and the US Constitution, Human Rights Watch and the ACLU found ..."

Click here to read the whole article.

The Complete Workflow of Forensic Image and Video Analysis

This just in from Forensic Focus, "In this article we’ll describe the complete workflow for image and video forensics. In fact, just like computer forensics is not only simply copying and looking at files, forensic video analysis is broad and complex and there are many steps that are commonly missed and rarely taken into account. It can be quite overwhelming if we think of all the tasks related to analysis. As a forensic video analyst, it is important to be aware of all the possible steps needed for a really complete analysis. This way, you can stay organized and minimize the possibility of skipping or missing steps. Also, if you do have to go to court, you have an outline that serves as the basis of your presentation.

It is important to remember that the job of a forensic video analyst does not start and end with viewing and enhancing a video. It’s more complex than that. You must identify the data, decode it properly, document the process, compare it with other material, and then go to court. Since digital data is really just a collection of bits, below is an outline of a process around working with these bits what you need to do with the bits ..."

Click here to continue reading the story.

DVR Export Results

It looks like Spready's taken a road trip to IFSEC 2014. His follow-up post is an excellent review of the issues that face us all. Check it out here.

Have politics and personalities influenced decisions in police controlled labs?

I recently received a head's up about an open letter written by an LE commander for whom I used to work.

This letter has stirred up some strong emotions and heated comments. You can read the letter, so without speaking to the specifics of his allegations, it does raise some very interesting questions for LE agency laboratories. If politics and personalities can (allegedly) make their way into internal investigations and sway outcomes, can they also make their way into criminal proceedings?

Remember that the NAS Report called for moving forensic science labs outside of police or prosecutor control. More stories like this will only serve to move us faster toward that eventuality.

Storage medium vs. acquisition time

Discs and drives just keep getting bigger and cheaper. You can now get a 64gb card for your phone or camera for less than $30. Pop quiz: if you do a physical acquisition of a 64gb drive / card, how much storage will you need for the resulting file? Bonus question, how will you share / distribute the results?

Next question, how long will it take to acquire that file? If you're moving 64gb through a diagnostic port, it'll take days. If you're moving that much data through USB 1, it might take a day. Most devices haven't moved beyond USB 1 speeds. Thus, you'll need to account for the fact that your acquisition device will be tied up for a while. It might be time to budget for a second, or a third capture tool.

What about billing? Do you bill for machine time? Is it billed separate from technician time? If your machine is working on a single acquisition for 2 days, it can't work on anything else. Do your billing policies reflect this reality?

Finally, many agencies have written policies / procedures that call for storage / distribution on WORM discs. Great. What are you going to do with that 64gb .bin file?

If you haven't updated your SOPs and billing policies to account for the increases in media size, it's time.

Video as Evidence: To be evidence, what does video need?

There's an interesting conversation going on over at New Tactics in Human Rights about using video as evidence. Here's the question that kicked it off:

Welcome to the discussion! We want to start this discussion by exploring what we mean by "evidence" and why it's important in seeking justice. Consider these questions below when sharing your comments in this discussion topic:

• The term evidence is used often (and somewhat broadly) in the human rights world. What does it take to ensure video documentation is legal evidence? In other words, how can we ensure video that activists sometimes risk their lives to capture, could be admitted into a court of law?
• At what stages of the criminal justice process can investigators and lawyers use video evidence?
• How do investigators and lawyers use video captured by activists in their process to seek the truth and secure accountability?

Head over to their site and see how the conversation is progressing.

Money for nothing

Marijuana decriminalization is all the rage these days. Regardless on where you stand on this issue, the movement is gaining momentum. Arizona law enforcement recently passed a resolution against decriminalizing pot in Az. The arguments are largely the same as those given in the days leading up to the end of alcohol prohibition.

But, the real - underlying issue isn't safety or health, it's money. According to many studies, asset forfeiture is a huge business. Just about every law enforcement agency has some asset forfeiture fund from which to draw for big ticket purchases. Unfortunately for them, it looks like this honey pot is going away soon.

How does this relate to the topic of DME and forensics? Simple. Our budgets are about to shrink big time - if they haven't already. Access to the easy money of asset forfeiture funds is about to go away, if it hasn't already. LE managers will have to think seriously about their purchases of gear, service contracts, and total cost of ownership.

Vendors like Adobe and Avid are moving to a subscription based software-as-service model. But our forensic tools aren't necessarily priced as such. They're usually very expensive. Those vendors with lower pricing may win out. But, either way, it's time to get frugal.

Marketing vs. news you can use

This month, I received a renewal notice for Evidence Technology Magazine. It went straight into the trash. Why? It's not really about cutting edge technology from the standpoint of learning a technique that can add value to your workday - at least from a DME Forensics standpoint. It's a marketing device for manufacturers to get their tools shown in a positive light. I should know, I've written one of those articles (about Ocean Systems' ClearID).

This month's edition features an article titled "Advanced Video Forensics." I'm not sure what's so "advanced" about a tools that are fairly old. Consider the last update to the Omnivore was in May of last year, dTective's last update was more than 2 years ago, and the recent update to ClearID offers "No new features" (it just updates the installer to work with the new Creative Cloud versions of Photoshop. Sure, the Field Kit is "new." But, the tech driving the field kit is old - it's a laptop, an Omnivore, and a scan converter.

An interesting quote from the article, "It is estimated that video evidence is involved in approximately 80 percent of crimes. That staggering abundance of video brings some other complications—namely, the wide variety of video formats, each with its own proprietary characteristics and requirements. To be used, the files must be converted into a standard format that can be read and cataloged, then exported in a compressed format that will fit on a DVD for a courtroom. In the “bad old days,” that could translate into hours of work to parse formats, including some that required technical wizardry just to split different methods of encoding by different manufacturers ...", features a solution that is the absolute slowest solution to this problem - the Avid based dTective plugins.

Another is equally frustrating, "Union County’s four field kits can export instant video copies in file formats that can be played by anyone without needing proprietary equipment. These represent huge advantages for real-world use. The agency still retains the downloadable, native video files so they retain the original evidence, should it be needed." Is it faster to do a "real time" screen capture of the proprietary file with the Omnivore, or to simply work with the file's contents in FIVE or other ffmpeg solution? The real expense of the Field Kit is in the Bridge - the scan converter. It plugs nicely into the Omnivore, but it's still just a scan converter. If all you're doing is taking and working with proprietary digital files, FIVE works on low cost laptops. That means that your license of FIVE and a $1,000 laptop is still less expensive than the Field Kit - and FIVE gives you a ton more functionality than the Omnivore.

Which is a nice transition into this statement, "Union County’s new equipment also features an advanced video-editing platform and software plug-ins that allow technicians to visually focus and clarify an image. For example, they can filter and highlight a specific suspect or victim, magnify or enlarge objects such as an individual or a vehicle, and examine image areas down to individual pixels. There is even a module to remove “noise” such as darkness, rain, and snow. And, with the original video separated, the investigative tools leave the primary evidence untouched.

Union County chose its new system because of those advantages, as well as a highly comprehensive format. “It’s a real turnkey solution,” McCabe said. “It’s really comprehensive.”

Remember, clarification is not analysis. They spent a ton of money on an Avid NLE with some plug-ins that haven't been updated in years. FIVE gives them everything listed, plus gives them the option to do actual analysis - photogrammetry, content analysis, etc., with the report being an automatic function. FIVE is updated several times per year to address the rapid changes in technology and the law.

If this was a piece of journalism, you might expect a bit of counterpoint. There's none here. It's a marketing piece, pure and simple - and well done at that.

Given that many of the vendors in the FVA space have their own PR departments and send out e-mail spam on new products, updates, and etc., I'm going to save a small tree and skip the renewal. I'll get my marketing first-hand.

Did PremierePro just become a verb?

RT @indienari: The inimitable @al_mooney at #PProWC "We want to make #PremierePro the Photoshop of Video." pic.twitter.com/ImClqJy23G

— Adobe Premiere Pro (@AdobePremiere) July 12, 2014

More reason to love your purpose built tools.

Plug-ins vs. a responsive developer

Readers of this blog will know that I've been petitioning, phoning, e-mailing, blogging, about stuff I'd love to see in Photoshop. The big one, FFT, I've been told will likely never be included in Photoshop.

I got to thinking about this after seeing a tweet from one of the Photoshop team about his favorite plug-in.

One line of thinking is that Photoshop is extensible. If there's something missing in Photoshop, a developer can build a plug-in to fill that gap. Some of these plug-ins are free, some are very expensive, some are more than the cost of Photoshop.

Essentially, with each release, Adobe is saying that this is where we are. If you don't like it, get a plug-in. Some think this is cool - opening up the program for developers to fill these gaps. Others think it sucks - that Photoshop is essentially incomplete and will likely never be complete ... and that it's up to the customer to spend more money to gain this preferred functionality. In the case of FFT, the plug in can be very expensive.

The other problem with plug-ins is validation. They're an "as-is" product. How does Blow Up work? I like it, from an artist's point of view. But, I can't defend its use now that Photoshop has become a verb. If it doesn't have a scientific explanation for how it works, I'm going to have a very difficult time defending its use.

Contrast the Photoshop plug-in Blow Up with Amped FIVE's Smart Resize filter. With each of the filters, your get a plain English explanation of what it does, combined with the academic references on which the filter is based.

In the case of Smart Resize, it "Resizes the image with a smart zoom algorithm."

"Details: Smart Resize interpolates the input image by generating an output image of the desired size with an iterative two-dimensional implementation of the Warped Distance algorithm."

For your information, references are provided.

• Anil. K. Jain, Fundamentals of Digital Image Processing, Prentice Hall, pp. 253-255, 1989.
• Anil. K. Jain, Fundamentals of Digital Image Processing, Prentice Hall, pp. 320-322, 1989.
• G. Ramponi, Warped distance for space-variant linear image interpolation, in IEEE Transactions on Image Processing, vol. 8, pp. 629-639, May 1999.

So, plug-ins might be cool for wedding photographers and artists. But they can be problematic for Forensic Analysts.

All this being said, the developers at Amped Software have been very responsive to the Forensic community. If there's something not in the program, and it's a valid addition, they've found a way to get it in the next update. From Color Deconvolution to working with Channels, user submission and solutions to specific problems have found their way into the program sooner rather than later. Best yet, these additions are included in the price of the software - there's nothing else to buy.

As an artist, I still love Adobe products. But as an Analyst, I find myself needing a more purpose built solution. Thankfully, I have one - FIVE.

What happens when you press that button?

Cellebrite users rejoice - there's a nice and concise booklet available to help you explain what happens when you push that button.

It explains what the retrieval methods are, when to choose which method, and even rather obscure facts like wear leveling and garbage collection.

It's worth a look, even if you're not a Cellebrite customer.

Upcoming training opportunity in Los Angeles

Here's the link to register for the upcoming FIVE and Authenticate training in Los Angeles.

Image Manipulation: How do people find out than an image has been manipulated using Image processing software?

A Quora user asks the following question: "I have come across articles where they say that forensics have confirmed that an image has been digitally manipulated. I never understood where they get that information from. Can somebody explain."

Click here for the answer from Amped Software's Martino Jerian.

Nonlinear Deblurring with Amped FIVE

Amped Software just published a short video clip showing how to use the new Nonlinear Deblurring function available in Amped FIVE.

Enjoy!

Apple to end support for Aperture

This just in from Yahoo News: "In a brief statement, the company said that it will stop updating and developing the affordable professional photo-editing software when the next version of OSX -- Apple's desktop operating system -- and its supporting apps are launched.

"With the introduction of the new Photos app and iCloud Photo Library, enabling you to safely store all of your photos in iCloud and access them from anywhere, there will be no new development of Aperture," Apple said. "When Photos for OS X ships next year, users will be able to migrate their existing Aperture libraries to Photos for OS X."

During its World Wide Developers Conference earlier this month, Apple focused heavily on photography and the need to offer consumers a new way of saving, sharing, sorting and editing images, and the statement suggests that what it's got up its sleeve will offer some of the functionality that was built into Aperture."

"Apple isn't axing Aperture completely. When the next version of OSX (Yosemite) becomes available to download, so will a compatibility patch so that existing Aperture users will be able to launch the app, but that will be the final update. And while the next version of OSX might have one or two more image-editing and classification tools that should fill an Aperture-shaped void for hobbyists, that might not be the case for pro users.

Indeed, following its initial statement, Apple also confirmed that it would help Aperture users simply migrate their files to Adobe Lightroom -- Aperture's closest direct rival. And, perhaps unsurprisingly, Adobe used the announcement to underline its own support to Mac-using photographers.

And while Lightroom is also a very good pro-level application, unlike Aperture, it's not accessible as a one-off payment. Instead, users must sign up to Adobe's creative cloud platform and its monthly subscription model. However for $9.99 (€12.29) a month, those that sign up also get access to Photoshop and the ability to use both applications as iPhone and iPad apps."

Supreme Court bans warrantless cell phone searches

This just in from the Washington Times: "The Supreme Court ruled Wednesday that police cannot go snooping through people’s cell phones without a warrant, in a unanimous decision that amounts to a major statement in favor of privacy rights.

Police agencies had argued that searching through the data on cell phones was no different than asking someone to turn out his pockets, but the justices rejected that, saying a cell phone is more fundamental.

The ruling amounts to a 21st century update to legal understanding of privacy rights.

“The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the Founders fought,” Chief Justice John G. Roberts Jr. wrote for the unanimous court. “Our answer to the question of what police must do before searching a cell phone seized incident to an arrest is accordingly simple— get a warrant.”

Justices even said police cannot check a cellphone’s call log, saying even those contain more information that just phone numbers, and so perusing them is a violation of privacy that can only be justified with a warrant.

The chief justice said cellphones are different not only because people can carry around so much more data — the equivalent of millions of pages of documents — that police would have access to, but that the data itself is qualitatively different than what someone might otherwise carry.

He said it could lay bare someone’s entire personal history, from their medical records to their “specific movements down to the minute.”

The chief justice cited court precedent that found a difference between asking someone to turn out his pockets versus “ransacking his house for everything which may incriminate him” — and the court found that a cellphone calls into that second category.

Complicating matters further is the question of where the data is actually stored. The Obama administration and the state of California, both of which sought to justify cell phone searches, acknowledged that remotely stored data couldn’t be searched — but Chief Justice Roberts said with cloud computing, it’s now sometimes impossible to know the difference.

The court did carve out exceptions for “exigencies” that arise, such as major security threats."

Pardon the interruption

Things tend to slow down during World Cup.

Installing the 2014 Release of Creative Cloud

If you're a Creative Cloud subscriber, you may have noticed that your Apps list now looks like this after installing yesterday's "updates."

As Adobe's Julieanne Kost explained in her blog, "Most of you are probably noticing that when you install the 2014 release of Creative Cloud (Photoshop, InDesign, Premiere etc.), via the Creative Cloud desktop app, you’re actually installing NEW versions of the application. Yes, that’s correct, the new 2014 versions of CC apps will be installed in addition to (and can run along side of) the previous CC versions (they will not replace them). So, unlike the past few updates, the 2014 release will install a new, stand-alone version of most applications – such as Photoshop, InDesign etc.), and that’s also why it lists them separately in the CC desktop app). The fact that the 2014 release of Photoshop is a separate install might be why some of you aren’t seeing your custom plugins etc. that you might have installed with Photoshop CC."

Now, I like to keep the different versions installed. But if you don't, and want to just have the latest version installed, this post explains what to do.

RTFM solves Omnivore issue

Every once and a while, we have to be reminded to RTFM.

I had a piece of DME that had a weird codec from a company that has long since closed its doors. It has audio, which is more important than the video. Omnivore was going fine for a bit, then started dumping frames like crazy. I have a few Omnivores, so I tried each one. Same issue. So, I tried different computers. Same issue. Then, a helpful voice reminded me to RTFM. It turns out that Windows Aero was getting in the way of a proper capture - the fix to which is found in the Omnivore-Guide.pdf which is on the Omnivore.

Right click on the desktop and select Personalize.

Choose one of the basic themes - like Windows Classic.

This solved my problem.

So, if you're having Optimization or Capture problems on Windows 7, check your Personalization settings - or RTFM.

Adobe Announces Largest Software Release Since CS6

For those still using Adobe apps, here's the latest on the Creative Cloud update.

"Today Adobe announced all new versions of 14 CC desktop applications, 4 new mobile apps, the immediate availability of creative hardware, and new offerings for Enterprise, education and photography customers.

Of course this includes new features, enhancements and updates to both Photoshop and Lightroom for design and photography including the new Spin and Path Blurs in Blur Gallery, new typographic controls including Font Search and Typekit integration, enhancements to Smart Objects, Smart Guides, and Layer Comps, improved Content-Aware technologies, new selection capabilities using Focus Mask, as well as hidden gems and workflow timesavers."

Who gets DME better, SWGIT or SWGDE?

Yesterday's post featured an avalanche of new documents from SWGDE. One of note, Digital and Multimedia Evidence (Digital Forensics) as a Forensic Science Discipline, raised a few eyebrows around here. "Video Forensics" has largely been the domain of SWGIT. Now, out of the blue, comes SWGDE with their take on DME.

From the SWGDE document: "The purpose of this paper is to provide an abstract to assist the reader in understanding that digital forensics is a forensic science and to address confusion about the dual nature of the application of digital forensics techniques as both a forensic science and as an investigatory tool."

I love that they break down what they mean in clear terms: "As with other forensic science disciplines, the key attributes of digital forensics applied throughout the entire examination process, from collection through analysis and reporting, are:

• Use of a quality management system containing standard operating procedures and an effective quality assurance program.
• Proficient analysts with appropriate training, expertise, and experience.
• Use of validated tools, processes, and methodologies.
• Objectivity – the forensic analyst must be insulated from work-related undue pressures that could compromise the quality of work.

To help translate the document a bit, they try to differentiate between "forensic science" and "investigatory tool." I would argue that there should be no such difference. To me, when I hear "investigatory tool," I think "just trying to get something done." I think, untested, unvalidated, unreliable. 

By way of example, let's take mobile phones. An officer recovers a mobile phone from a suspect. He takes the phone, starts browsing through the messages and photos, and finds a photo in the gallery that seems to aid in the investigation. Not having training in mobile phone analysis, nor access to someone within that "search incident to arrest" time frame, the officer takes a picture of the phone's display with his own mobile phone.

For many investigations, it stops there. They have the picture they need. No further analysis is requested ... or maybe they don't have an analyst on staff or lack proper tools.

But, how can you answer questions about the photo on the suspect's phone? How did it get there? Did the phone generate it? Did an app generate it? Is it contextually authentic? You won't know without the phone and the original photo. You got something done, but you might have gotten it completely wrong.

Just something to consider.

Digital and Multimedia Evidence (Digital Forensics) as a Forensic Science Discipline

The Scientific Working Group on Digital Evidence (SWGDE) recently concluded its June 2014 meeting. The following eight draft documents were approved to be posted on the SWGDE website in order to solicit feedback from the Digital & Multimedia Evidence community:

Digital and Multimedia Evidence as a Forensic Science Discipline V2-0
The purpose of this paper is to provide an abstract to assist the reader in understanding that digital forensics is a forensic science and to address confusion about the dual nature of the application of digital forensics techniques as both a forensic science and as an investigatory tool.

SWGDE Best Practices for Handling Damaged Hard Drives
The purpose of this document is to describe the best practices for handling magnetic media hard drives when the data cannot be accessed normally.

SWGDE Recommended Guidelines for Validation Testing V2-0
This paper discusses the importance of validation testing and introduces a validation methodology.

SWGDE Best Practices for Computer Forensics V3-1
The purpose of this document is to describe the best practices for collecting, acquiring, analyzing and documenting the data found in computer forensic examinations.

SWGDE Capture of Live Systems V2-0
The purpose of this document is to provide guidance to the forensic community on acquiring data from live computer systems.

SWGDE Focused Collection and Examination of Digital Evidence
The purpose of this document is to provide the examiner with considerations to address when dealing with the review of large amounts of data and/or numerous devices.

SWGDE Mac OS X Tech Notes V2
The scope of this document is to describe the procedures for imaging and analyzing Macintosh computers. This document is restricted to the OS X operating system.

SWGDE Best Practices for Forensic Audio v2.15
The purpose of this document is to provide forensic audio practitioners recommendations for the handling and examination of forensic audio evidence in order to successfully introduce such evidence in a court of law.

Amped FIVE Update: Reports in PDF and DOC, new Deblurring Modes, and more

Amped Software just launched a new version of Amped FIVE today, with a bunch of new filters and improvements. The main changes are:

• Saving reports in PDF and DOC, as well as the current HTML format.
• New modes for Motion Deblurring when there is a replica effect.
• New Nonlinear Deblurring to use when motion is not linear.
• A new CLAHE (contrast limited adaptive histogram equalization) filter.

Check out the details by clicking here.

Validation tests and comparing results

As a follow-up to yesterday's post, any time you're heading down a new path or plan to start using a new tool, it's important to validate it vs. a known data set. As an example, the folks at Digital Assembly publish a comparison of their tool's results vs. the results of other popular tools. They go the extra step and give you the links to the reference data sets so that you can conduct the tests yourself.

If you're an Encase 6 user and you're validating the tool vs. this disk image, you'll miss almost two thirds of the recoverable images. (This also speaks to the importance of keeping your programs up to date - and to validating the updates)

If you don't validate your tools before using them on casework, you're headed for trouble. Just because you haven't been asked the validation questions in court doesn't mean that you won't in the future. You've just been lucky. What would happen your your case and your reputation if you're just trying to get something done and you have Encase 6 - but the opposing expert is using APF? "How do you account for the fact that your tools / techniques couldn't recover the correct amount of files, or correctly recover the files in question in this case?" "Are your tools / techniques not reliable and repeatable?" What would happen if the frame / frames in question were dropped by your tool and you didn't know it? When there's blood in the water ...

Before you go down this road, reach out to folks with experience validating their tools. Get known datasets to use in testing. Test, test, re-test ... If the tool has issues, don't use it on casework.

Manual data carving - DVRs vs. Phones

A reader sent a note about how to explain the difference between computer forensics' ability to find deleted files on hard drives, but the relative inability of the team to recover files from a retrieved DVR hard drive. It seems that someone had retrieved a hard drive from one of those systems that will format the drive when you plug it back in, so they needed to retrieve the files without accessing the DVR's hardware (never mind the hardware decoding issues).

Popular mobile phone and computer forensic programs offer the ability to manually carve files of known types from the raw data. When folks delete text messages, images, and videos, forensic experts can often retrieve the files from the raw data dump of the device. This is largely due to the fact that common file types are coded in a certain way.

Because of the standards that are in place, we know that if we can find the JPEG's header (FF D8) and footer (FF D9) in the raw data, we can use our tools to extract / carve the image and save it out to a separate file. In this way, rarely is anything really deleted.

Also because of the standards, there are tools made specifically for carving multimedia files or for recovering multimedia files from hard drives or removable storage media - some are free, some are cheap, some are quite expensive.

The problem with applying this paradigm to DVRs is that coding, the header / footer for the proprietary file type is not generally published and is certainly not standard. If you're able to manually find and carve data from a Q-SEE DVR, the information gathered will not be of much use if you're trying to carve a raw dump from a Pelco DVR. Because of this high variability, the industry standard computer / mobile forensic tools aren't much help in automatic mode. It also means that it will likely take a considerable amount of time to decipher the encoding and begin the retrieval. In private practice, folks might not want to pay for that many hours of work. In public service, command staff might not have the patience required when waiting for results that might take a week or two to materialize.

But, if you have the time and the money to get into this type of work, there are a few training options out there. Your first stop should be with Jimmy and Jason at DME Forensics. They're offering classes on byte level analysis of DVRs. You also have the option to purchase their core product, DVR Examiner. I'd recommend that you do both if you're looking to get into this line of work.

Machine-created evidence is not hearsay

Whilst the article from Arstechnica.com is about red light cameras, one can see the argument coming for CCTV systems.

"The ATES-generated photographs and video introduced here as substantive evidence of defendant's infraction are not statements of a person as defined by the Evidence Code. (§§ 175, 225.) Therefore, they do not constitute hearsay as statutorily defined. (§ 1200, subd. (a).) Because the computer controlling the ATES digital camera automatically generates and imprints data information on the photographic image, there is similarly no statement being made by a person regarding the data information so recorded. Simply put, ―[t]he Evidence Code does not contemplate that a machine can make a statement."

"Goldsmith's attorneys also argued that, because the Redflex technician in charge of preparing evidence didn't show up at her trial, the images could not be admitted. What's more, Goldsmith's attorneys said that she had the constitutional right to face her accuser. In this case, her accuser is a machine.

She also challenged the character of Redflex, which has a prior record of falsifying speed camera documents (PDF) in Arizona.

The court didn't bite on that argument, either."

"It would be pure conjecture to conclude that all evidence generated by Redflex ATES technology and handled by Redflex employees for Inglewood is suspect because of the actions of a single errant notary public in a different state regarding a different type of technology and documentation. We have denied defendant’s request for judicial notice and reject her argument that the involvement of Redflex in this case requires a different constitutional conclusion."

Working for the defense

I often get asked about my role as a scientist in light of primary employer. "Have you ever worked for the defense?" How does it feel working for law enforcement?" These are just a few of the questions that I've faced in trial.

As a scientist, I really don't have a dog in the fight. My answer to that line of questioning usually goes like this, "Regardless of who's signature is on my pay cheque, I work for the Trier of Fact - assisting the judge and jury in correctly interpreting these complex pieces of evidence. The results of my tests are grounded in science. They are reliable and repeatable. My tools and techniques are based on generally accepted, peer reviewed image science. The academic references for the algorithms used, for each of the steps performed, are noted in my report."

That being said, I have assisted the court in uncovering fraudulent evidence presented as impeachment evidence in People v. Abdullah (BA353334). It could be said, in that case, that I was working in the defense of the accused. But again, I was there to assist the Trier of Fact in correctly interpreting the evidence. In that case, the correct interpretation was that it was a forgery. In Hor. v. City of Seattle, I assisted the Trier of Fact in correctly answering the question about if/when a particular sound is heard in a recording (10-2-34403-9SEA) - seemingly in the defense of the City of Seattle - but more correctly in defense of the facts of the matter.

Trier of Fact n. the judge or jury responsible for deciding factual issues in a trial. If there is no jury the judge is the trier of fact as well as the trier of the law. In administrative hearings, an administrative law judge, a board, commission, or referee may be the trier of fact.

Taken a step further, there are certain trade groups that are geared towards law enforcement that will expel a member who is perceived or accused of having worked "for the defense." The perception is that law enforcement are the "good guys" and the criminal defendants are the "bad guys." Yet, to an image scientist, a 1 or a 0 is neither good nor bad. They're just numbers. I've worked a few cases where the government's "experts" got everything completely wrong, their work product was not repeatable nor grounded in science, and thus their conclusion was complete rubbish (scientifically speaking). In these cases, who's the "good guy" and who's the "bad guy?"

In the famous treason trial of Aaron Burr, he was defended by Edmund Randolph and Luther Martin, both delegates to the Constitutional Convention and among the most prominent men of the day. The Burr trial is one of the more famous examples of how politics and ego can enter into court proceedings.

But back to the point, if you're one of those scientists that think in terms of "good guys" and "bad guys," are you not biased towards a presupposed outcome - good will overcome evil and the bad guys will be punished? Is this form of presuppositional bias a good thing or a bad thing for scientists? I am certainly not one of those types of scientists. I work the case and the facts are the facts, regardless of who is signing my paycheck.

In the end, A either equals A or it doesn't.

LEEDIR Certified

Your humble host is now LEEDIR Certified.

Having sat through the training, I see LEEDIR as extending the concept of LEVA's IRIT beyond LEVA's group of Avid trained analysts. If someone has never seen the LEEDIR platform (or is not an FVA), they can be up and running with LEEDIR in less than two hours. If you've never worked on an Avid MC, you're not going to be very helpful to the IRIT.

For standard video/image formats, it's very easy to use and works great. It doesn't (yet) support proprietary video. But for those nasty proprietary files with known players, an Omnivore or VideoScanner 2 will do nicely for low cost screen captures. For the next instance, it would be much cheaper to ship a bunch of USB sticks out to the troops vs. shipping a bunch of FVAs to U Indy. Amped's user community could also be leveraged (via Citizen Global's cloud storage) for those files that have no player and need conversion.

With all the moving parts, the LEEDIR platform helps keep everything on one page - literally.

Mismatched parts problem

What happens to the video when you take this DVR mated to this camera at the wrong record setting? Do you remember how much aspect ratio was drilled into you during the LEVA Level 1?

The camera delivers what is effectively a 720x480 signal to the DVR. The DVR is, in this case, set to record WD1 ... which for this manufacturer (North America) means 960x480. OOPS! The DVR stretches the signal to fit the record dimensions. Not good.

Initially, the investigator thought that the video was just being stretched by the wide aspect monitor. But, further analysis revealed the stretch was happening to the recorded video. Remember, don't take things at face value.

I'm pointing this out as many DVR manufacturers are adding support for WD1. They're making YouTube videos showing just how cool their recorders are ... but really they're illustrating how their recorders distort the incoming signal.

This is an easy fix in FIVE, or any other software. But, if you don't know that it's broken, you won't know to fix it.

Enjoy.

Application security in the news

PCWorld has a story this morning noting that "Nice Systems of Israel said it patched remaining critical flaws in its call recording software used by law enforcement, but the consultancy that discovered the risky flaws hasn’t verified the fixes."

"The firm’s advisory describes nine vulnerabilities in Recording eXpress, six of which were ranked as serious. Some of the flaws could allow attackers to access call recordings and crack open a database showing the names of people whose calls are being monitored, which could potentially wreck a law enforcement investigation.

Over the course of three months earlier this year, Nice Systems patched a few of the problems, but some remained. Last week, SEC Consult went public with its findings, warning organizations to not use the software until at least five outstanding issues were fixed."

So, not only do you have to worry about validation of your tools, you should also be concerned about application security ... especially when your applications contain sensitive or personal information.