Monthly Archives: October 2017

Experimental validation of Amped Authenticate’s Camera Identification filter

We tested the latest implementation (Build 8782) of PRNU-based Camera Identification and Tampering Localization on a “base dataset” of 10.069 images, coming from 29 devices (listed in the table below). We split the dataset in two:
– Reference set: 1450 images (50 per device) were used for CRP estimation
– Test set: 8619 images were used for testing. On average, each device was tested against approximately 150 matching images and approximately 150 non-matching images.

It is important to understand that, in most cases, we could not control the image creation process. This means that images may have been captured using digital zoom or at resolutions different than the default one, which makes PRNU analysis ineffective. Making use of EXIF metadata, we could filter out these images from the Reference set. However, we chose not to filter out such images from the Test set: we prefer showing results that are closer to real-world cases, rather than tricking the dataset to obtain 100% performance.

Using the above base dataset, we carried out several experiments:
– Experiment 1) testing the system on images “as they are”
– Experiment 2) camera identification in presence or rotation, resize and JPEG re-compression
– Experiment 3) camera identification in presence of cropping, rotation and JPEG re-compression
– Experiment 4) discriminating devices of the same model
– Experiment 5) investigating the impact of the number of images used for CRP computation.

Continue reading

Trust? Can you really trust and image?

Some time ago, two images featured prominently in the initial reporting of Hurricane Harvey. The first was of a shark swimming along the Houston freeway. The second showed several airplanes virtually underwater at what was claimed to be Houston airport. These iconic images were circulated widely on Twitter and were featured on mainstream national media such as Fox News. There was just one small problem. Neither of them were real!

This situation prompts an important question. If this behaviour is widespread on social and traditional media then how do we know it isn’t also affecting police and court investigations? After all, if members of the public are prepared to manipulate images for the sake of a few likes and retweets, what will they be prepared to resort to when the stakes are much higher?

Read the full article published on Police Life.

Practical Forensic Image and Video Analysis with Amped’s CEO at DIC in Vienna

Meet Amped Software’s Founder and CEO, Martino Jerian, at the DIC (Digital Investigation Conference) event in Vienna, Austria, on 25 October. 

Martino will be presenting the following workshop from 11:30 – 12:15 in Sala Terrena:

Practical Forensic Image and Video Analysis

You’ve seen it over and over in famous TV shows like CSI: using technology to magically “enhance” low quality videos. Video analysis is one of the most fascinating fields of digital and media forensics, but there’s much more to it than simply enhancing a picture. This workshop will tell you the truth about video analysis and provide a summary of all the steps needed to get evidence out of the source (typically a digital video recorder), extract parts of interest, properly enhance them, take measurements, and prepare the results for presentation in the courtroom. The full workflow can be managed with the software Amped FIVE, which is being used daily by top law enforcement forensic labs worldwide. We will also look at the current tools available in Amped Authenticate, the leading software for forensic image authentication, camera ballistics and tampering detection.

The DIC conference provides a platform for computer forensic experts, vendors, partners and sponsors working in Digital Investigations and E-Discovery.  It features independent keynotes and offers workshops to increase skills and to learn more about software and hardware solutions in the market.

The Digital Investigations Conference will be held at:
Landesverteidigungs-Akademie (LVAk), Sala Terrena
Stiftgasse 2a
1070 Wien, Österreich

Click here to register and for more info.

Meet Amped Software and Axon at IACP

Come see Amped Software, together with our partner Axon, at booth #2825, at the IACP Conference and Exposition on October 21-24 in Philadelphia Pennsylvania.
We will present Axon Forensics, powered by Amped Software, that arms customers with a range of tools to improve workflow efficiency in analyzing image and video evidence. Amped Software products, sold by Axon, have been rebranded to Axon Five (Amped FIVE), Axon Detect (Amped Authenticate), and Axon Convert (Amped DVRConv.)
About IACP
Every year, the IACP Annual Conference and Exposition supplies you and your department with powerful advantages, bringing together an unmatched educational program, renowned keynote speakers, community-building special events and the largest collection of tactical equipment and technology solutions available for law enforcement. Join thousands of dedicated professionals from federal, state, county, local and tribal agencies at IACP 2017 — you and your team will get the intelligence, strategies, and solutions you need to sharpen your edge and better serve and protect.
For more information visit: http://www.theiacpconference.org/
See you in Philly!

Why PDF/A?

One of the more frustrating aspects of the forensic multimedia analyst’s world is dealing with legacy technology. You arrive at a crime scene to find a 15-year-old DVR that only accepts Iomega Zip disks, or CD+RW disks, or a certain size / speed of CF card. What do you do?

You curse and swear and scour your junk drawers. You call / email friends. You wonder why folks keep these systems knowing that there are newer / better / cheaper systems out there.

If you’ve ever worked a cold case, you know the problems interfacing with old technology. If you’re working at a large agency, chances are there are several old computer systems cobbled together with new middleware. Replacing systems is costly and time consuming.

For reports, agencies are faced with a similar problem. My old agency used a product from IBM that required a stand-alone program (PC only) to read / edit the reports when saved in the native format. That’s not at all helpful.

When generating a report in Amped FIVE, the user is given a choice in the production of the file between PDF, DOC, and HTML. Many states / jurisdictions require the user to output a PDF file for reports. But, PDF is a very robust standard with several variants. When generating PDF report files, it’s important to understand the variants and what they’re for.

According to the PDF Association, “PDF/A is an ISO-standardized version of the Portable Document Format (PDF) specialized for use in the archiving and long-term preservation of electronic documents. PDF/A differs from PDF by prohibiting features ill-suited to long-term archiving, such as font linking (as opposed to font embedding) and encryption.”

If you want to make sure that your report can be viewed now, and long into the future, by the largest group of people, choose PDF/A – the archival version of PDF. Understanding this, the report generated by FIVE is PDF/A compliant. We understand that many court systems and police agencies are standardized on this version of PDF because it’s not only built with the future in mind, it’s the cheapest to support.

Continue reading

See and use Amped FIVE at this year’s LEVA Conference

LEVA (Law Enforcement and Emergency Services Video Association) is holding this year’s conference in Clearwater Beach, Florida, USA, between 16th and 20th October.

For the past few years, David Spreadborough, our international trainer, has run a 2-day practical session using Amped FIVE – and this year is no exception!

On Thursday 19th and Friday 20th, David will be looking at many practical case workflows using Amped FIVE.

Suitable for both the newbie and the wizard, the cases are designed to promote discussion, learning, and self-research. Report writing, case management, and organization will also be reviewed.

Along with a few new developments, David will also look at image authentication with Amped Authenticate, to ensure users understand some key concepts in Image Authentication.

The Amped team will be around throughout the week and you can also stop by the Axon stand to chat with us about the products we have to support you.

See you soon!

Meet us in the Netherlands at the Digital Experience event

We are happy to attend once again the Digital Experience event organized by our partner DataExpert, on October 11-12, 2017, held at the Van der Valk Hotel in Utrecht.

What is Digital Experience?
Digital Experience 2017 is a two-day event in the field of Digital Forensics, Data Analysis and Cyber Intelligence. This event brings experts and specialists, proven and innovative solutions, and users, together in one place! The latest trends and developments will be presented during this event.

The first day is dedicated to sessions and workshops around the theme ‘Digital Forensics’.
The second day is dedicated to topics such as ‘Analysis & Investigation’, ‘OSINT & Mobile’ and ‘Cyber Intel’. You can sign up for one or both days.

Amped Software will be presenting a session regarding investigations on images and video in the age of terrorism.

For more info and to register, click here: https://dataexpert.nl/en/digital-experience-2017

We look forward to seeing you in The Netherlands!

 

The problems of the GAVC codec solved

In my years of working crime scenes in Los Angeles, I would often come across Geovision DVRs. They were usually met with a groan. Geovision’s codecs are problematic to deal with and don’t play nicely within analysts’ PCs.

With Amped FIVE, processing files from Geovision’s systems is easy. Plus, Amped FIVE has the tools needed to correct the problems presented by Geovision’s shortcuts.

Here’s an example of a workflow for handling an AVI file from Geovision, one that utilizes the GAVC codec.

If you have the GAVC codec installed, Amped FIVE will use it to attempt to display the video. You may notice immediately that the playback of the video isn’t working right. Not to worry, we’ll fix it. Within FIVE, select File>Convert DVR and set the controls to Raw (Uncompressed). When you click Apply, the file will be quickly converted.

Continue reading

PRNU-based Camera Identification in Amped Authenticate

Source device identification is a key task in digital image investigation. The goal is to link a digital image to the specific device that captured it, just like they do with bullets fired by a specific gun (indeed, image source device identification is also known as “image ballistics”).

The analysis of Photo Response Non-Uniformity (PRNU) noise is considered the prominent approach to accomplish this task. PRNU is a specific kind of noise introduced by the CMOS/CCD sensor of the camera and is considered to be unique to each sensor. Being a multiplicative noise, it cannot be effectively eliminated through internal processing, so it remains hidden in pixels, even after JPEG compression.

In order to test if an image comes from a given camera, first, we need to estimate the Camera Reference Pattern (CRP), characterizing the device. This is done by extracting the PRNU noise from many images captured by the camera and “averaging” it (let’s not dive too deep into the details). The reason for using several images is to get a more reliable estimate of the CRP, since separating PRNU noise from image content is not a trivial task, and we want to retain PRNU noise only.

After the CRP is computed and stored, we can extract the PRNU noise from a test image and “compare” it to the CRP: if the resulting value is over a given threshold, we say the image is compatible with the camera.

Camera identification through PRNU analysis has been part of Amped Authenticate for quite some time. However, many of our users told us that the filter was hard to configure, and results were not easy to interpret. So, since the end of last year, a new implementation of the algorithm was added (Authenticate Build 8782). The new features included:

Advanced image pre-processing during training
In order to lower false alarms probability, we implemented new filtering algorithms to remove artifacts that are not discriminative, something that is common with most digital cameras (e.g., artifacts due to Color Filter Array demosaicking interpolation).

Continue reading