To seize or to retrieve: that is the question

A crime occurs and is “witnessed” by a digital CCTV system. The files that your investigation wants/needs are in the system’s recording device (DVR). What do you do to get them? Do you seize the entire DVR as evidence (“bag and tag”)? Do you try to access the recorder through its user interface and download/export/save the files to USB stick/drive or other removable media?

Answer: it depends.

There are times when you’d want to seize the DVR. Perhaps 5% of cases will present a situation where having the DVR in the lab is necessary:

  • Arsons/fires can turn a DVR into a bunch of melted down parts. You’re obviously not going to power up a melted DVR.
  • An analysis that tests how the DVR performs and creates files. For example, does the frame timing represent the actual elapsed time or how the DVR fit that time into its container? Such tests of reliability will require access to the DVR throughout the legal process.
  • Content analysis questions where there’s a difference of opinion between object/artifact. For example, is it a white sticker on the back of a car or an artifact of compression (random bit of noise)?

If you’re taking a DVR from a location, you can follow the guidance of the computer forensics world on handling the DVR (which is a computer) and properly removing it from the scene.

But a DVR doesn’t behave like a computer once it gets into the computer forensics lab. Computer forensic tools will likely not yield results when processing DVR hard drives. Specialized tools exist to help in the acquisition of DVR hard drives. These tools can be used to bypass security features and extract the raw files from the hard drives (which can come in handy in arson cases where the only thing left is a hard drive).

The downside to seizing a DVR comes when the system’s owner has no nexus to the case, other than “witnessing” elements of the crime. Do you want to take someone’s DVR if they’re not a suspect? Do you have the ability to replace the system so the owner isn’t left vulnerable? Does your agency have the budget to replace DVRs for every crime? I don’t think any agency out there does. Bag and tag, as a standard practice, is simply not a sustainable practice.

For the other 95% of cases, the data will be “retrieved” from the DVR and the DVR will be left in place. For this scenario, the Best Practices for the Retrieval of Video Evidence from Digital CCTV Systems (DCCTV Guide) is there to help.

DCCTV Guide

Once you’ve retrieved the files from the system, Amped tools are there to help. Amped DVRConv and Amped FIVE are able to process these proprietary file types with ease. The originals are preserved, a proxy/working file is created, and a report of how this conversion took place is created automatically.

  • Amped DVRConv can be installed in the squad bay to allow investigators to easily batch process multiple file types with drag-drop ease. This eliminates the bottleneck created when all conversion requests have to be fulfilled by analysts.
  • Amped DVRConv can be installed in an MDC/MDT or laptop for use in the field. Agencies are deploying it in the field in many creative ways, including patrol/supervisor vehicles and mobile command posts.
  • Amped FIVE can also be deployed in the field. It’s designed to be fast/accurate even when running on lower-end systems. It doesn’t require expensive graphics cards and runs on operating systems from WinXP – Win10.
  • Back in the lab, Amped FIVE  is an amazingly powerful tool. It remains the only tool on the market that offers so much to so many disciplines. It contains within, actual quantitative analysis tools (not unsupported/expensive plug-ins from third parties). Photogrammetry in 1D, 2D, and 3D – with support for reverse projection. Comparative analysis tools that include similarity metrics (not just that two images are different, but by how much). You can easily set up known vs. unknown for manual comparisons. Over 110 tools/filters in one program. Amped FIVE offers agencies the lowest total cost of ownership in the industry.

Before using Amped Software tools, I was able to process about 6 cases per 8 hour shift using expensive editors and freeware – then typing reports that comply with the ASTM’s standards for image processing (2825).

 

Using tools that don’t generate a compliant report meant that I had to type reports that included all the information necessary to permit a comparably trained person to reproduce my work. Additionally, using tools with “automatic” functions make reproduction difficult. Some tools have no documentation as to how they do what they do. For example, some resizing plug-ins don’t specify the interpolation method used.

If you’re still using tools that require you to manually create reports, you’re losing valuable time.

With Amped FIVE, the information for the report is compiled as you work. Then, simply generate the report from the Project Menu.

Click on one of the processing steps for a complete explanation of that step, including all parameters and settings.

When testifying, these reports are an amazing help. “What did you do …?” Just read the report. “Can you explain what the Retinex filter does?” Just read the report.

If you’re using an acquisition tool to gain access to the DVR’s hard drive or you’re using the DVR’s internal processes to retrieve the data – once it’s out, you’ll need tools to restore/clarify/analyze/present the evidence. With Amped FIVE, you have everything that you need in one package.

If you’d like more information about our products and training options, contact us today.