One of the more frustrating aspects of the forensic multimedia analyst’s world is dealing with legacy technology. You arrive at a crime scene to find a 15-year-old DVR that only accepts Iomega Zip disks, or CD+RW disks, or a certain size / speed of CF card. What do you do?
You curse and swear and scour your junk drawers. You call / email friends. You wonder why folks keep these systems knowing that there are newer / better / cheaper systems out there.
If you’ve ever worked a cold case, you know the problems interfacing with old technology. If you’re working at a large agency, chances are there are several old computer systems cobbled together with new middleware. Replacing systems is costly and time consuming.
For reports, agencies are faced with a similar problem. My old agency used a product from IBM that required a stand-alone program (PC only) to read / edit the reports when saved in the native format. That’s not at all helpful.
When generating a report in Amped FIVE, the user is given a choice in the production of the file between PDF, DOC, and HTML. Many states / jurisdictions require the user to output a PDF file for reports. But, PDF is a very robust standard with several variants. When generating PDF report files, it’s important to understand the variants and what they’re for.
According to the PDF Association, “PDF/A is an ISO-standardized version of the Portable Document Format (PDF) specialized for use in the archiving and long-term preservation of electronic documents. PDF/A differs from PDF by prohibiting features ill-suited to long-term archiving, such as font linking (as opposed to font embedding) and encryption.”
If you want to make sure that your report can be viewed now, and long into the future, by the largest group of people, choose PDF/A – the archival version of PDF. Understanding this, the report generated by FIVE is PDF/A compliant. We understand that many court systems and police agencies are standardized on this version of PDF because it’s not only built with the future in mind, it’s the cheapest to support.
LEVA (Law Enforcement and Emergency Services Video Association) is holding this year’s conference in Clearwater Beach, Florida, USA, between 16th and 20th October.
For the past few years, David Spreadborough, our international trainer, has run a 2-day practical session using Amped FIVE – and this year is no exception!
On Thursday 19th and Friday 20th, David will be looking at many practical case workflows using Amped FIVE.
Suitable for both the newbie and the wizard, the cases are designed to promote discussion, learning, and self-research. Report writing, case management, and organization will also be reviewed.
Along with a few new developments, David will also look at image authentication with Amped Authenticate, to ensure users understand some key concepts in Image Authentication.
The Amped team will be around throughout the week and you can also stop by the Axon stand to chat with us about the products we have to support you.
See you soon!
We are happy to attend once again the Digital Experience event organized by our partner DataExpert, on October 11-12, 2017, held at the Van der Valk Hotel in Utrecht.
What is Digital Experience?
Digital Experience 2017 is a two-day event in the field of Digital Forensics, Data Analysis and Cyber Intelligence. This event brings experts and specialists, proven and innovative solutions, and users, together in one place! The latest trends and developments will be presented during this event.
The first day is dedicated to sessions and workshops around the theme ‘Digital Forensics’.
The second day is dedicated to topics such as ‘Analysis & Investigation’, ‘OSINT & Mobile’ and ‘Cyber Intel’. You can sign up for one or both days.
Amped Software will be presenting a session regarding investigations on images and video in the age of terrorism.
For more info and to register, click here: https://dataexpert.nl/en/digital-experience-2017
We look forward to seeing you in The Netherlands!
In my years of working crime scenes in Los Angeles, I would often come across Geovision DVRs. They were usually met with a groan. Geovision’s codecs are problematic to deal with and don’t play nicely within analysts’ PCs.
With Amped FIVE, processing files from Geovision’s systems is easy. Plus, Amped FIVE has the tools needed to correct the problems presented by Geovision’s shortcuts.
Here’s an example of a workflow for handling an AVI file from Geovision, one that utilizes the GAVC codec.
If you have the GAVC codec installed, Amped FIVE will use it to attempt to display the video. You may notice immediately that the playback of the video isn’t working right. Not to worry, we’ll fix it. Within FIVE, select File>Convert DVR and set the controls to Raw (Uncompressed). When you click Apply, the file will be quickly converted.
Source device identification is a key task in digital image investigation. The goal is to link a digital image to the specific device that captured it, just like they do with bullets fired by a specific gun (indeed, image source device identification is also known as “image ballistics”).
The analysis of Photo Response Non-Uniformity (PRNU) noise is considered the prominent approach to accomplish this task. PRNU is a specific kind of noise introduced by the CMOS/CCD sensor of the camera and is considered to be unique to each sensor. Being a multiplicative noise, it cannot be effectively eliminated through internal processing, so it remains hidden in pixels, even after JPEG compression.
In order to test if an image comes from a given camera, first, we need to estimate the Camera Reference Pattern (CRP), characterizing the device. This is done by extracting the PRNU noise from many images captured by the camera and “averaging” it (let’s not dive too deep into the details). The reason for using several images is to get a more reliable estimate of the CRP, since separating PRNU noise from image content is not a trivial task, and we want to retain PRNU noise only.
After the CRP is computed and stored, we can extract the PRNU noise from a test image and “compare” it to the CRP: if the resulting value is over a given threshold, we say the image is compatible with the camera.
Camera identification through PRNU analysis has been part of Amped Authenticate for quite some time. However, many of our users told us that the filter was hard to configure, and results were not easy to interpret. So, since the end of last year, a new implementation of the algorithm was added (Authenticate Build 8782). The new features included:
Advanced image pre-processing during training
In order to lower false alarms probability, we implemented new filtering algorithms to remove artifacts that are not discriminative, something that is common with most digital cameras (e.g., artifacts due to Color Filter Array demosaicking interpolation).