This week we bring you an insightful interview with Paul Hopcroft from the UK, an enthusiastic expert user who is also very active in contributing to the various FVA communities. His point of view on the challenges and evolution of technology in relation to digital multimedia evidence is very interesting. Read on!
Martino Jerian, Amped Software CEO and Founder
Paul, tell us a bit about yourself. What are your background and your current role at Nottinghamshire Police, UK?
Hi, I’m Paul Hopcroft, I currently work for Nottinghamshire Police in the UK as a Digital Multimedia Evidence Technician and have been here since 2006. I am certified as a LEVA CFVT and have passed level 4 just waiting for the opportunity to go for the Analyst certification. I am also trained in DVR Examiner and Adobe products as well as a confident user of Avid Media Composer. I’m also a big fan and user of Amped Software and have also completed the training.
What made you decide to enter the field of multimedia forensics?
I previously worked for the local council and needed a new challenge, so started looking for a new position outside of the council. I applied for a few jobs and was offered this role. And nearly 16 years on I am still here enjoying every day. It’s the challenge of what comes through as your next job as we deal with everything from volume crime to major crime. We also assist other agencies if and when required.
What would you say are the biggest challenges with video evidence during investigations and when presenting it in court?
The first point is accurate playback of the source files, with new codecs being released every few years and manufacturers having their own versions of the codec, each file can have its own unique challenges. Presenting the footage in court can be the easy bit as you have done all the hard work in the background. With all the correct training and keeping your knowledge up to date, you can explain your processes in both technical terms and a simpler form for the layperson. Amped does an amazing job allowing me the ability to read that source file, then create it into a format I can use later on whatever platform I need from inside Amped to an NLE like Premiere Pro.
What would you say are the main forensic challenges surrounding image validation? How can they be addressed?
This is a difficult situation as nowadays there are so many different sources your media comes from. If it is exported directly from a system onto a USB or disc, then you can have a fair chance you have the best evidence. However, we are all now using Cloud Storage and we see so many files that have had the name change, and you can’t guarantee it’s not been compressed or changed. Validating that as the source media then becomes a logistical nightmare.
With more forces using Digital Evidence Management Systems (DEMS), these have the ability to store the source, upload, and then convert it into a viewable format. There is no way at present to confirm that the uploaded media is direct from the source. It all relies heavily on user input and accurate information.
In your opinion, how important is it that digital forensic techniques and tools are based on the scientific method?
This scientific method is highly important, everything we do must be able to be replicated or reproduced by a third party. That may be a peer review by a colleague or cross-examination by an expert for the defence. Following a scientific approach in both software applications and contemporaneous notes on handling the media. We commonly refer to ACE-VR as our scientific method. We analyze, compare, evaluate, verify and report on the processes we use whether it is a simple conversion of a file format or making a conclusion to the content of the media. Software like Amped FIVE makes this easier as they can produce reports of your actions and settings.
What are the most important aspects of training and education for forensic image and video analysts?
Training is important in any aspect of any role. In FVA it is important to understand how your media is displayed and what makes it an image. Compression: what is it and what types are there? File formats, colour space, and the list goes on. There are so many basics that once you understand those then you can learn and apply further techniques to provide credible evidence in your field. Training can come from many companies like Amped, LEVA, DVR Examiner, and from other vendors. These are directly aimed at our field but even X-Ways and other computer forensic applications can benefit us in many ways to understand the source of our media. Some training has been informal by peers sometimes over the phone or in person, but it is all knowledge we can share.
We are all here in the same field and rely on each of us playing a part. I know I have assisted many on the FVA forum and had assistance from many peers as well. Amped support has always been on the ball when I have needed help. I can only applaud their commitment to their customers.
How do you think the world of image and video forensics will change over the next few years?
Cloud Storage is going to be the main issue and DEMS. I think these are only going to be more prevalent in the future. We are already seeing an increase in the likes of Nest and Ring technology. It’s going to be accessing these systems and media that will be the main issue. If someone says “no” to accessing their account, then where do we go? In our department, we rely heavily on the goodwill of people and the paperwork being completed correctly by the OIC.
As for DEMS, I can only see these becoming capable of more than just storage. The system we use in Nottinghamshire already has basic trim and redaction tools, but it’s the processing of the media that will be the issue. We have seen small files transcoded and become excessively large and vice versa, larger files have become alarmingly smaller. Does the officer understand what the system has done, probably not, all he sees is a playable file. This is something we have no control over as it’s a 3rd party system.
How did you learn about Amped Software?
I heard about Amped FIVE from David Spreadborough, I have known David for quite a few years through work. Then he left his post at Cheshire to start his career as a trainer/support for Amped Software.
Why did you choose Amped Software products rather than other solutions?
Our department chose Amped as it was a more complete system, others have some of the functionality but not as much as Amped. Whilst they may be cheaper, having to purchase a second product to complete the tasks required ended up being more expensive in the long run. So financially and overall Amped was the better solution. I have not regretted that choice and Amped is my go-to solution.
How successful was the adoption of Amped Replay for investigators and front-line officers in your organization?
We have Amped Replay and it was going to be deployed onto viewing stations but with the implementation of our DEMS, it ended up being brought back into the office where we use it for some of the basic functions we require. I personally use it frequently, in fact, this last weekend it was the first point of call when trying to review and convert files for a serious incident that officers needed as a matter of urgency. The benefit of Amped Replay is the easy-to-use GUI for the frontline officers when they need to use the software.
Earlier this year I was handed a Wi-Fi CCTV system, this was basically a screen with a motherboard, HDD, and Wi-Fi antenna which connected to 4 cameras. We had no password for the system and no support to try and access a reset option. The HDD was put on DVR Examiner but due to the health failure of the HDD, this kept failing. Our Digital Forensics unit also could not image the drive. They did find that FTK saw the data so we saved every file we could find onto a copy drive. Now, this is where Amped support came into play.
By using media info, I found the files were .dat and had h265 compression. My issue is I could not read the data. Amped support had a copy of a few files and worked over the weekend to find a solution. This turned out to be using Amped DVRConv as a standalone program and processing each .dat file. This however is not as simple as it seemed. I had 1850 files, each contained 128 .dat files. Each file was multiplexed with the 4 cameras, and we had no confirmed date of the offence we were investigating.
Support created a Beta version of Amped DVRConv, and also a .bat file which could handle batch processing each file splitting it into the 4 cameras filtering each camera into a folder, and then concatenating the camera into an MKV stream. This process took several months to complete.
When you are not busy looking at digital evidence, what do you like doing in your spare time?
What, I get spare time for me! But if and when I do, I enjoy outdoor activities like walking, cycling being with my family. Ice skating is also in there as I formerly played Ice Hockey. I also enjoy walking our hyper-active springer spaniel with my wife, as well as meeting up with family and friends for a coffee and a chat. Engineering programs of all descriptions, I would be more hands-on if I had a project to work on as I’m quite happy to get my hands dirty.
As sad as this sounds I still research work-related topics to keep my knowledge up to date and try to expand the bits I feel limited on. OK it’s FFmpeg if you really need to know. I have also just started looking into more about data recovery as a few MicroSD cards have been an issue in recent weeks.
If you want to share your story with us, get in touch! We enjoy learning about our users.
