Category Archives: How to

Amped FIVE Update 13609: Introducing the Copy and Verify Tool and More Updated Features

We’re back with another massive update to Amped FIVE and this time we’re super excited to be introducing a brand new tool!

Copy and Verify

One of the core principles of working with digital data in a forensic capacity is ensuring that data remains unchanged during investigation and analysis. At Amped Software, one of our core values is that all of our products are forensically sound. Steps we take to ensure this include using only filters to apply enhancements, generating detailed reports providing the ability to reproduce and audit analyst actions and making sure the original file remains untouched during an import or conversion.

Continue reading

Amped Authenticate’s Smart Report: Making It Quicker and Easier for You to Report Relevant Filters

In Amped Authenticate Update 12336 we introduced a new and exciting reporting method designed to make it quicker and easier to report relevant filters.

The new Smart Report tool means users can now quickly produce an image authentication report as it automatically selects the most appropriate filters for each evidence image. This new feature allows for a more visual representation of evidence images and will allow you to quickly and effortlessly triage and share Authenticate results.

Check out this video to see the new Smart Report in action!

Amped FIVE Update 12727: Timeline, Multiview, HEIC support and more

With the new year comes a new update to Amped FIVE with some exciting new features and a couple of brand new filters!

Timeline

If one of your regular tasks is producing video for presentation purposes, you’ll be excited to know that there is now the option in Amped FIVE to combine multiple video chains together in our new Timeline filter, found under the Link group of filters.

Continue reading

DVRConv Update 12151: Admin lock down settings ability and more formats now supported

Yes, you heard correctly – we’re here with yet another update! We’ve added some highly sought-after features to Amped DVRConv, the fastest and easiest way to convert proprietary video formats.

Settings Lock Down Option

Sometimes system administrators need to lock down the settings of Amped DVRConv in order to avoid having users modify the settings accidentally, which could disrupt the workflow of the lab; for example setting a conversion to transcode instead of stream copy. Now it is possible to protect these settings, allowing only system administrators to modify them!

Continue reading

Perspective Stabilization and Perspective Super Resolution

In our latest update to Amped FIVE, you’ll find two new filters that work together to stabilize and enhance video with an object that has some change in perspective as it moves: Perspective Stabilization and Perspective Super Resolution.

Let’s take a look at how they work!

You can also watch the two filters in action in our latest video found here:

Continue reading

Using Enhanced Images in Court

I recently testified in court as a forensic image and video expert and, as is sometimes the case, the use of some filters to enhance images was questioned. As I have written before, there is some processing that should be entirely avoided, since it lacks accuracy and repeatability. For example, we should avoid techniques which add new information relying on data obtained by a training set, or techniques which have a random component.

Some years ago, there was a school of thought that said, only classical image processing techniques available for the analog photography can be applied to digital photography in the forensic context. What are the risks of applying the wrong processing? We are not interested in having a “pleasant” image, we are concerned about extracting information from it. The risks of wrong processing are:

  • Removing existing information: for example, removing the grain in a dark image can remove also important details.
  • Adding new information: for example, creating or amplifying image artifacts which may be misinterpreted as a real detail.

In this reasoning, we are not referring to details at the pixel level, but at the image semantic content. In general, if I resize an image, I add a lot of new pixels but if the processing is correct I am not adding any new relevant information.

It’s important to understand that most of the image processing techniques present a compromise: I enhance something at the expense of damaging something else. For example, if I lighten an image to show better a dark part, it’s very likely to lose details in the parts of the image that are already bright enough.

For this reason, it’s very difficult, in general, to say which techniques are good and which techniques are bad. Their applicability must be related to the specific case and the parameters used. Filters are just tools, and as such, they can be used in the right way, obtaining better images, or in the wrong way, damaging the image quality or presenting wrong information.

Because of this, it’s important not to blindly apply different enhancement and restoration filters, but to apply them in order to correct a specific defect. Similarly, the tuning of their parameters must be consistent with the amount of defect I want to correct. Abusing the filters can create images which are much worse than the original.

It is therefore important, as I’ve said many times, to work with experts who have specific experience in the forensic image and video analysis field. Who know what to do, and how to identify what has been done incorrectly.

A lot of pressure may be put on the processing done by the experts, but most people ignore that there are many other processing and possible issues happening during the image acquisition and visualization phases.

A lot of processing happens in the camera itself, from CCTV to smartphones. Unless raw image pictures are used, and this is very rare, the value of the pixels in an image are hugely dependent on the processing and encoding which automatically happens inside the device to obtain the ratio between image quality and technical limitations that the producer wished to obtain.

And then, even to simply visualize the image, there’s a lot going on under the hood. Different software can decode the image in a slightly different way which can enormously impact the final result, and a lot of image processing happens on the graphics card of the PC, on the screen, or on a projector. Just play with the brightness of the projector to realize how much the visible information in an image can be impacted by such simple tuning.

There is then the most critical part of the processing: our eyes and our brain. Different people see and want to see different things in the same image. Analyzing things in an objective and unbiased way is often very difficult unless you can measure things numerically. And in fact, avoiding and limiting the various types of biases are one of the most important aspects of forensic science currently studied.

This article, written by Martino Jerian, was originally published in Lawyer Monthly magazine. Click here for the published article. 

Amped Authenticate Update 11362: JPEG Dimples, Improved JPEG HT, Social Media Identification, and much more!

Not long has passed since the release of Amped Authenticate 10641 but… yes, the next one is already out! Amped Authenticate 11362 is now released with a lot of improvements, including two new filters based on JPEG Dimples, one of the last discoveries of the image forensics scientific community!

JPEG Dimples

Despite many attempts to send JPEG into retirement, today the vast majority of digital images still use it. Amped Authenticate users know that traces left by JPEG compression are a superb asset when it comes to investigating the digital history of an image, as witnessed by the vast JPEG-based toolkit that Authenticate provides: quantization table analysis, JPEG ghosts, inconsistencies in blocking artifacts, double quantization traces in the DCT coefficients, and more.

But JPEG is still full of new surprises nowadays! A few months ago, while Amped was attending (and sponsoring!) the IEEE 2017 International Workshop on Information Forensics and Security (WIFS 2017), a new footprint was presented to the scientific community: JPEG Dimples (click here to see the original work Photo forensics from JPEG dimples by Shruti Agarwal and Prof. Hany Farid).

JPEG Dimples manifest themselves as a grid of slightly brighter/darker pixels, spaced by 8 pixels in each dimension. Like most image forensic fingerprints, even JPEG Dimples are hardly visible by the human eye, but they can be easily detected with a proper algorithm.

But why does this grid appear? And why is it important for our analysis? We’ll answer these questions in detail in a future blog post, however the reason behind JPEG Dimples is rather simple: during the DCT coefficients quantization phase, different operators exist to approximate decimal values to integer values: the round operator (which approximates the decimal number to the nearest integer) the floor operator (approximation to the nearest smaller integer) or the ceil operator (approximation to the nearest bigger integer). The table below shows the difference in approximating a Value (first column) to an integer using round, floor and ceil.

Value Round Floor Ceil
9.8 10 9 10
6.3 6 6 7
4.5 5 4 5
-7.3 -7 -8 -7

Obviously, using floor tends to produce smaller values in the 8-by-8 DCT block than using round, and the opposite with ceil. And when we go back to the pixel domain, this leads to a slightly darker or brighter pixel on the top-left corner of the pixel block (see example below)! Measuring the presence of this grid will tell us to which degree an image contains the JPEG Dimples footprint.

Image showing Dimples

Example of an image showing strong JPEG Dimples

Now you may be wondering “well, how many cameras will ever be using floor or ceil in place of the more classical round?” Not so few, actually. According to the work presented at WIFS 2017, more than 60% of tested cameras do introduce Dimples. We also carried out an internal evaluation on Amped datasets and numbers were less upsetting, still, we found Dimples in roughly 30% of tested cameras. A footprint with such a spread could not be missing in Amped Authenticate, and so here we are. Continue reading

Extracting Channels

If you’ve attended one of my classes or lectures, you’ve likely heard me say the following phrase many times, “There’s what you know, and there’s what you can prove.” The essence of this statement forms the basis of the Criminal Justice system as well as science.

What I “know” is subject to bias. What I “know” is found in the realm of truth. As a Kansas City Chiefs supporter, I “know” that the Oakland Raiders are a horrible team. I “know” that their fans are the worst in the world. After all, the Chiefs are the best and their fans are as pure as the wind-driven snow. This is “true” to me. Whilst funny and used to illustrate a point (I’m sure there are some really great people among the Raiders fan base), truths are things we “know.” Truths are rooted deep in feelings/emotions and unlikely to be changed by facts. There is a segment of the US population that believes it true that Elvis is still alive and that he’s likely hanging out on some Caribbean island with Tupac and Biggy Smalls.

Facts are measurable; they form the basis of tests of reliability. I can measure the temperature in a specific location and you, standing in the same location, can perform the same test and come to the same measurement. Supported by facts, our tests in this discipline become reliable, repeatable, and reproducible. Our conclusions can thus be trusted.

What on earth does this all have to do with Amped FIVE and Forensic Multimedia Analysis? I’m glad you asked.

By now, you’re well familiar with the fact that Amped Software operationalizes tools out of image science, math, statistics, etc. We also operationalize tools and training out of the world of psychology. By this I mean if we’re going to work in the visual world, we must know how that visual world operates not only from a mechanical standpoint but also from how the brain processes the inputs from its collection devices.

Continue reading

Amped FIVE Update 11284: Multiplexed Stream Support, Proprietary Timestamp, Remove Frames Filter, and a Whole Lot More

Whilst it’s been a busy time for us here at Amped with the demand for training higher than ever, we have made sure our development is continuous and we’re here again with another huge update for Amped FIVE.

A Completely Revamped Conversion Engine

As you will know, one of the biggest struggles within the world of CCTV and video analysis is the ever-increasing number of proprietary formats. Our support and development team are constantly receiving requests for new format support and in our latest update, we have enabled conversion support for BVR, DVS, H64, PSF and SHV formats, along with some variations of other formats already supported in previous versions.

All these formats are multiplexed streams. This is when a manufacturer has placed all camera footage into a single time-based video stream.

The latest FIVE not only converts the files straight away, but demultiplexes each video stream, splitting them into their own individual chains within the software. Under the Convert DVR Advanced tab you will find the options to enable this time-saving function.

Files to Convert > All, one chain per file.

No more mixed streams, no more time wasted writing carving scripts. A few clicks will now save you hours!

Multiplexed single stream decoding is huge, so expect a dedicated blog post in the next few weeks looking more deeply into decoding files of this type.

But the new conversion engine does not stop there! There are a lot of benefits even on single stream video files. Standard conversion done with vanilla FFmpeg is often not enough – there may be the risk of losing video frames because of wrongly interpreted proprietary metadata. Our new engine not only cleans almost every proprietary video format, being in MPEG4, H263, H264 and H265, but for many of them also recovers the proprietary timestamp. We found more than 50 different variations of timestamp formats!

Continue reading