Category Archives: How to

Identify Social Media Files with Amped Authenticate

Amped Authenticate Update 10641 introduced the new Social Media Identification filter. It can be found in the File Analysis filter group.

The filters in the File Analysis group are generally looking at the file’s container to return relevant information about the file. The Social Media Identification filter examines the file for traces of information that may indicate the file’s social media source. The key word here is “may.”

The workflow that I will explain here is typical in the US and Canada. Take from it what you need in order to apply it to your country’s legal system.

Let’s begin.

Continue reading

Amped Authenticate & Griffeye Analyze DI Pro: a synergy that empowers forensic analysts!

The partnership between Amped Software and Griffeye keeps growing and so does the integration between Griffeye Analyze DI Pro and Amped Authenticate. Analyze DI Pro is a media investigation software for handling large volumes of images and videos, filter irrelevant digital files, prioritize, correlate and identify the most pertinent material in investigations. It will let you scan and import data from a device or from a folder on your workstation. Once the import is complete, you can easily browse and intelligently sort/filter media.

In this post, we’ll take a look at what Griffeye Analyze DI Pro enables you to do when linked with the Amped Authenticate plugins. Let’s create a case and import a folder containing a few JPEG files.

Analyze DI Pro lets you look at image metadata, and Amped Authenticate users know how interesting they are, but, we also know that a single image may contain hundreds of Exif metadata, and reading all of them is quite a boring job. Luckily, from the very same panel above we can call in Amped Authenticate File Format Analysis to automatically spot suspicious metadata. Once you installed Authenticate and the corresponding plugin in Analyze DI Pro, this is just as simple as right-clicking on one or all the images and then hit the “Plugin” voice and select “Amped Authenticate – File Format Analysis” from the pop-up list as shown below.

Continue reading

Amped DVRConv for transcription?

In our most recent update of Amped DVRConv, we added the ability to separate the audio and video streams in your DME files – to save the audio as a separate file. For some, this functionality went unnoticed. For others, it was a huge deal.

Two very specific use cases required this functionality. You asked. We delivered.

Case #1 – Child Exploitation/Human Trafficking

Agencies responsible for investigating cases of child exploitation/human trafficking were spending a lot of time redacting video files (blurring faces and other sensitive information) in order to send files off for audio transcription. The distribution of files in child exploitation cases (files that can be considered child pornography) for transcription is now made a lot easier with DVRConv. All of the evidentiary videos can be loaded into the tool and processed without having to view the footage. DVRConv helps to dramatically speed up the process of getting files to transcription whilst protecting identities and shielding staff from the harmful psychological and legal effects of viewing/distributing such material.

Case #2 – Police Generated Video

Agencies that have deployed body worn/vehicle-based cameras or have interview room recorders often have to send the resulting video files to outside companies for transcription. Like the case above, they are faced with having to redact the visual information prior to releasing the files to their contractor. Even if the agency has chosen a CJIS compliant transcription contractor, they may have agency policies that require the redaction of the visual information prior to release. DVRConv eliminates the need to perform a visual redaction ahead of such a release of files. Having this ability is already saving agencies a tremendous amount of time/money.

Users of DVRConv do not require specialized training. The tool can be used by anyone. It’s drag-drop easy. Plus, the settings can be configured so that the resulting audio file meets the requirements of your transcription vendor.

If you’d like to know more about Amped DVRConv, or any of our other Amped Software products and training options, contact us today.

The Amped FIVE Assistant Video Tutorial

We recently announced the release of the latest version of Amped FIVE (10039) where we introduced a new operational mode through a panel called the “Assistant”.

The Assistant provides a set of predefined workflows which can be used to automate common operations or guide new users, but it’s not obtrusive. You can use it or not, and you can always add filters or do anything, as usual, it’s just an additional option.

We’ve created a video tutorial so you can see it in action. See below or watch on YouTube now!

We’ll be adding more videos to our YouTube channel soon, so follow us to get more videos like this.

The Authenticate Countdown to Christmas

It’s beginning to look a lot like Christmas!

Christmas is coming! To celebrate that Christmas is almost here we will share a daily tip and trick on how to authenticate your digital photo evidence with Amped Authenticate.

Follow us daily on our social networks in the month of December as we open the 24 doors of our Authenticate Advent Calendar. The countdown starts now!

#AuthenticateChristmas

Follow us on Twitter, Facebook, LinkedIn, Google PlusYouTube

You can also visit our website daily as we open the doors of our Advent Calendar here.

The Sparse Selector

With over 100 filters and tools in Amped FIVE, it’s easy to lose track of which filter does what. A lot of folks pass right by the Sparse Selector, not knowing what it does or how to use it. The simple explanation of the Sparse Selector’s function is that it is a list of frames that are defined by the user. Another way of explaining its use: the Sparse Selector tool outputs multiple frames taken from random user selected positions of an input video.

How would that be helpful, you ask? Oh, it’s plenty helpful. Let me just say, it’s one of my favorite tools in FIVE. Here’s why.

#1. – Setting up a Frame Average

You want to resolve a license plate. You’ve identified 6 frames of interest where the location within the frame has original information that you’re going to frame average to attempt to accomplish your goal. Unfortunately, the frames are not sequentially located within the file. How do you select (easily / fast) only frames 125, 176, 222, 278 314, and 355? The Sparse Selector, that’s how.

Continue reading

Proving a negative

I have a dear old friend who is a brilliant photographer and artist. Years ago, when he was teaching at the Art Center College of Design in Pasadena, CA, he would occasionally ask me to substitute for him in class as he travelled the world to take photos. He would introduce me to the class as the person at the LAPD who authenticates digital media – the guy who inspects images for evidence of Photoshopping. Then, he’d say something to the effect that I would be judging their composites, so they’d better be good enough to fool me.

Last year, I wrote a bit about my experiences authenticating files for the City / County of Los Angeles. Today, I want to address a common misconception about authentication – proving a negative.

So many requests for authentication begin with the statement, “tell me if it’s been Photoshopped.” This request for a “blind authentication” asks the analyst to prove a negative. It’s a very tough request to fulfill.

In general, this could be obtained with a certain degree of certainty if the image is verified to be an original from a certain device, with no signs of recapture and, possibly verifying the consistency on the sensor noise pattern (PRNU).

However, it is very common nowadays to work on images that are not originals but have been shared on the web or through social media, usually multiple consecutive times. This implies that metadata and other information about the format are gone, and usually the traces of tampering – if any – have been covered by multiple steps of compression and resizing. So you know easily that the picture is not an original, but it’s very difficult to rely on pixel statistics to evaluate possible tampering at the visual level.

Here’s what the US evidence codes say about authentication (there are variations in other countries, but the basic concept holds):

  • It starts with the person submitting the item. They (attorney, witness, etc.) swear / affirm that the image accurately depicts what it’s supposed to depict – that it’s a contextually accurate representation of what’s at issue.
  • This process of swearing / affirming comes with a bit of jeopardy. One swears “under penalty of perjury.” Thus, the burden is on the person submitting the item to be absolutely sure the item is contextually accurate and not “Photoshopped” to change the context. If they’re proven to have committed perjury, there’s fines / fees and potentially jail time involved.
  • The person submits the file to support a claim. They swear / affirm, under penalty of perjury, that the file is authentic and accurately depicts the context of the claim.

Then, someone else cries foul. Someone else claims that the file has been altered in a specific way – item(s) deleted / added – scene cropped – etc.

It’s this specific allegation of forgery that is needed to test the claims. If there is no specific claim, then one is engaged in a “blind” authentication (attempting to prove a negative). Continue reading

The Importance of Using Images as Evidence

How many cases have you worked on lately that involved video footage or a photo as evidence? Are you really sure everything possible has been done regarding the proper use of those images for investigations and if they have been exploited to their full potential? Are you really sure that images and videos have been properly validated and are not the result of some tampering? Was the image of sufficient quality to prove or disprove some testimony? Has the image and video been analyzed by an expert with the proper tools?

These, and many more, are the question we will try to answer in our monthly column in the Lawyer Monthly magazine.

There’s a lot to know and to discuss, and in this brief overview we don’t expect you to become an expert, but at least we hope to point you in the right direction for further study.

Read the first issue:  The Importance of Using Images as Evidence

Why PDF/A?

One of the more frustrating aspects of the forensic multimedia analyst’s world is dealing with legacy technology. You arrive at a crime scene to find a 15-year-old DVR that only accepts Iomega Zip disks, or CD+RW disks, or a certain size / speed of CF card. What do you do?

You curse and swear and scour your junk drawers. You call / email friends. You wonder why folks keep these systems knowing that there are newer / better / cheaper systems out there.

If you’ve ever worked a cold case, you know the problems interfacing with old technology. If you’re working at a large agency, chances are there are several old computer systems cobbled together with new middleware. Replacing systems is costly and time consuming.

For reports, agencies are faced with a similar problem. My old agency used a product from IBM that required a stand-alone program (PC only) to read / edit the reports when saved in the native format. That’s not at all helpful.

When generating a report in Amped FIVE, the user is given a choice in the production of the file between PDF, DOC, and HTML. Many states / jurisdictions require the user to output a PDF file for reports. But, PDF is a very robust standard with several variants. When generating PDF report files, it’s important to understand the variants and what they’re for.

According to the PDF Association, “PDF/A is an ISO-standardized version of the Portable Document Format (PDF) specialized for use in the archiving and long-term preservation of electronic documents. PDF/A differs from PDF by prohibiting features ill-suited to long-term archiving, such as font linking (as opposed to font embedding) and encryption.”

If you want to make sure that your report can be viewed now, and long into the future, by the largest group of people, choose PDF/A – the archival version of PDF. Understanding this, the report generated by FIVE is PDF/A compliant. We understand that many court systems and police agencies are standardized on this version of PDF because it’s not only built with the future in mind, it’s the cheapest to support.

Continue reading

The problems of the GAVC codec solved

In my years of working crime scenes in Los Angeles, I would often come across Geovision DVRs. They were usually met with a groan. Geovision’s codecs are problematic to deal with and don’t play nicely within analysts’ PCs.

With Amped FIVE, processing files from Geovision’s systems is easy. Plus, Amped FIVE has the tools needed to correct the problems presented by Geovision’s shortcuts.

Here’s an example of a workflow for handling an AVI file from Geovision, one that utilizes the GAVC codec.

If you have the GAVC codec installed, Amped FIVE will use it to attempt to display the video. You may notice immediately that the playback of the video isn’t working right. Not to worry, we’ll fix it. Within FIVE, select File>Convert DVR and set the controls to Raw (Uncompressed). When you click Apply, the file will be quickly converted.

Continue reading