Author Archives: Jim Hoerricks

The Sparse Selector

With over 100 filters and tools in Amped FIVE, it’s easy to lose track of which filter does what. A lot of folks pass right by the Sparse Selector, not knowing what it does or how to use it. The simple explanation of the Sparse Selector’s function is that it is a list of frames that are defined by the user. Another way of explaining its use: the Sparse Selector tool outputs multiple frames taken from random user selected positions of an input video.

How would that be helpful, you ask? Oh, it’s plenty helpful. Let me just say, it’s one of my favorite tools in FIVE. Here’s why.

#1. – Setting up a Frame Average

You want to resolve a license plate. You’ve identified 6 frames of interest where the location within the frame has original information that you’re going to frame average to attempt to accomplish your goal. Unfortunately, the frames are not sequentially located within the file. How do you select (easily / fast) only frames 125, 176, 222, 278 314, and 355? The Sparse Selector, that’s how.

Continue reading

Proving a negative

I have a dear old friend who is a brilliant photographer and artist. Years ago, when he was teaching at the Art Center College of Design in Pasadena, CA, he would occasionally ask me to substitute for him in class as he travelled the world to take photos. He would introduce me to the class as the person at the LAPD who authenticates digital media – the guy who inspects images for evidence of Photoshopping. Then, he’d say something to the effect that I would be judging their composites, so they’d better be good enough to fool me.

Last year, I wrote a bit about my experiences authenticating files for the City / County of Los Angeles. Today, I want to address a common misconception about authentication – proving a negative.

So many requests for authentication begin with the statement, “tell me if it’s been Photoshopped.” This request for a “blind authentication” asks the analyst to prove a negative. It’s a very tough request to fulfill.

In general, this could be obtained with a certain degree of certainty if the image is verified to be an original from a certain device, with no signs of recapture and, possibly verifying the consistency on the sensor noise pattern (PRNU).

However, it is very common nowadays to work on images that are not originals but have been shared on the web or through social media, usually multiple consecutive times. This implies that metadata and other information about the format are gone, and usually the traces of tampering – if any – have been covered by multiple steps of compression and resizing. So you know easily that the picture is not an original, but it’s very difficult to rely on pixel statistics to evaluate possible tampering at the visual level.

Here’s what the US evidence codes say about authentication (there are variations in other countries, but the basic concept holds):

  • It starts with the person submitting the item. They (attorney, witness, etc.) swear / affirm that the image accurately depicts what it’s supposed to depict – that it’s a contextually accurate representation of what’s at issue.
  • This process of swearing / affirming comes with a bit of jeopardy. One swears “under penalty of perjury.” Thus, the burden is on the person submitting the item to be absolutely sure the item is contextually accurate and not “Photoshopped” to change the context. If they’re proven to have committed perjury, there’s fines / fees and potentially jail time involved.
  • The person submits the file to support a claim. They swear / affirm, under penalty of perjury, that the file is authentic and accurately depicts the context of the claim.

Then, someone else cries foul. Someone else claims that the file has been altered in a specific way – item(s) deleted / added – scene cropped – etc.

It’s this specific allegation of forgery that is needed to test the claims. If there is no specific claim, then one is engaged in a “blind” authentication (attempting to prove a negative). Continue reading

Why PDF/A?

One of the more frustrating aspects of the forensic multimedia analyst’s world is dealing with legacy technology. You arrive at a crime scene to find a 15-year-old DVR that only accepts Iomega Zip disks, or CD+RW disks, or a certain size / speed of CF card. What do you do?

You curse and swear and scour your junk drawers. You call / email friends. You wonder why folks keep these systems knowing that there are newer / better / cheaper systems out there.

If you’ve ever worked a cold case, you know the problems interfacing with old technology. If you’re working at a large agency, chances are there are several old computer systems cobbled together with new middleware. Replacing systems is costly and time consuming.

For reports, agencies are faced with a similar problem. My old agency used a product from IBM that required a stand-alone program (PC only) to read / edit the reports when saved in the native format. That’s not at all helpful.

When generating a report in Amped FIVE, the user is given a choice in the production of the file between PDF, DOC, and HTML. Many states / jurisdictions require the user to output a PDF file for reports. But, PDF is a very robust standard with several variants. When generating PDF report files, it’s important to understand the variants and what they’re for.

According to the PDF Association, “PDF/A is an ISO-standardized version of the Portable Document Format (PDF) specialized for use in the archiving and long-term preservation of electronic documents. PDF/A differs from PDF by prohibiting features ill-suited to long-term archiving, such as font linking (as opposed to font embedding) and encryption.”

If you want to make sure that your report can be viewed now, and long into the future, by the largest group of people, choose PDF/A – the archival version of PDF. Understanding this, the report generated by FIVE is PDF/A compliant. We understand that many court systems and police agencies are standardized on this version of PDF because it’s not only built with the future in mind, it’s the cheapest to support.

Continue reading

The problems of the GAVC codec solved

In my years of working crime scenes in Los Angeles, I would often come across Geovision DVRs. They were usually met with a groan. Geovision’s codecs are problematic to deal with and don’t play nicely within analysts’ PCs.

With Amped FIVE, processing files from Geovision’s systems is easy. Plus, Amped FIVE has the tools needed to correct the problems presented by Geovision’s shortcuts.

Here’s an example of a workflow for handling an AVI file from Geovision, one that utilizes the GAVC codec.

If you have the GAVC codec installed, Amped FIVE will use it to attempt to display the video. You may notice immediately that the playback of the video isn’t working right. Not to worry, we’ll fix it. Within FIVE, select File>Convert DVR and set the controls to Raw (Uncompressed). When you click Apply, the file will be quickly converted.

Continue reading

What’s in a name? How to rename in Amped FIVE

I’ve been on the road a lot lately. By the end of this month, I’ll have spent two weeks with District Attorney’s Offices in New Jersey (US) training users in the many uses of Amped’s flagship product, Amped FIVE. Every user has a slightly different use case and needs. Prosecutors’ Offices are no different.

Field personnel / crime scene technicians / analysts might not be very concerned with trail prep and the creation of demonstratives for court. But, DA’s offices are. That being said, there are a few things that every user of Amped FIVE can do – beginning with the end in mind – to make the trial prep job a bit easier.

Hopefully, by now you know that you can rename processing chains in Amped FIVE to aid in your organization.

Right click on the Chain and select Rename Chain. Then, name it something unique that describes what you’re working with or the question you’re trying to answer in the file. Examples include camera number, vehicle determination, license plate determination, etc.

This is quite helpful. But, did you know that you can also rename the Bookmarks? Additionally, you can add a description to the bookmark. Let’s see what this looks like.

Continue reading

To seize or to retrieve: that is the question

A crime occurs and is “witnessed” by a digital CCTV system. The files that your investigation wants/needs are in the system’s recording device (DVR). What do you do to get them? Do you seize the entire DVR as evidence (“bag and tag”)? Do you try to access the recorder through its user interface and download/export/save the files to USB stick/drive or other removable media?

Answer: it depends.

There are times when you’d want to seize the DVR. Perhaps 5% of cases will present a situation where having the DVR in the lab is necessary:

  • Arsons/fires can turn a DVR into a bunch of melted down parts. You’re obviously not going to power up a melted DVR.
  • An analysis that tests how the DVR performs and creates files. For example, does the frame timing represent the actual elapsed time or how the DVR fit that time into its container? Such tests of reliability will require access to the DVR throughout the legal process.
  • Content analysis questions where there’s a difference of opinion between object/artifact. For example, is it a white sticker on the back of a car or an artifact of compression (random bit of noise)?

If you’re taking a DVR from a location, you can follow the guidance of the computer forensics world on handling the DVR (which is a computer) and properly removing it from the scene.

Continue reading

Using Project Files as Templates in Amped FIVE

People often ask, “How can we speed up the processing of files in Amped FIVE ?” (As if it’s not fast enough :). “Can we create actions/templates?” The answer is yes. Here’s how.

Load a video file. In this case, we’ll load a BWC file from an Axon Body 2 camera.

Then, we’ll rename the processing chain. Right mouse click on the processing chain – Rename Chain.

Continue reading

What’s wrong with this video?

What’s wrong with this video? Hint: look at the Inspector’s results for width / height.

Unfortunately, the answer in many people’s minds is …. nothing. I can’t begin to count the number of videos and images in BOLOs that attempt to depict a scene that looks quite like the one above. If you don’t know what you’re looking at, it’s hard to say what’s actually wrong with this video.

Continue reading

Hands-off the keyboard!

I’ve had a few questions about our tool’s reporting feature, so I thought a blog post would help explain and illustrate the philosophy behind our report creation process. Here it goes.

To understand why we format our reports in the way that we do, you must first understand the legal and regulatory environment in which forensic analysis exists in much of the world. We don’t just create tools in a vacuum. We didn’t make a tool for another industry and repurpose it for forensic science. Amped FIVE is purpose built for the forensic analysis of video and images.

Thus, we’ll start our tour at the ASTM. ASTM’s E2825-12 is at the heart of why our reports are formatted as they are.

More specifically, in Section 4 of E2825-12 it notes the following:

4.2.1 – Processing steps are documented in a manner sufficient to permit a comparably trained person to understand the steps taken, the techniques used, and …

Amped FIVE’s reports are created to satisfy this guidance – every time, automatically.

Continue reading

The Temperature Tint Filter

We’re back from the Axon Accelerate Conference. What an incredible experience to meet so many law enforcement professionals who are enthusiastic about going from Capture to the Courtroom with reliable tools based in science and fact, not tools repurposed from the art world.

I’d like to share today the answer to a question posed to us at the Conference. The question was, “how do you quickly get rid of that annoying orange color cast that you find in images / videos taken in underground locations or grow houses.”

The answer is the Temperature Tint filter (found in the Adjust filter group). But, before we look at the filter and how it works, let’s talk about about Colour Temperature.

The chart above is from my old book, Forensic Photoshop. It’s helpful to look at colour temperature from the standpoint of the Sun as it rises – the horizon going from warm to cool. Another way to look at colour temperature is with the chart below that places temperature (the Planckian locus in Kelvin) as it relates to the CIE XYZ Color Space.

Continue reading