As a few readers already know, I'm a PhD candidate working on a problem in the forensic sciences that I've illustrated here from time to time. A few years ago, the National Academy of Sciences declared the state of police (law enforcement staffed) forensic sciences to be quite dismal. Essentially, cops with nothing more than a driver's license and some vendor training on their tools were calling themselves forensic scientists - and coming to some troubling conclusions along the way.
Senator Leahy came along later can wrote a bill that put the NAS report into legislation - declaring that folks should have at least a masters degree to practice forensic science. The problem: no schools confer degrees for many of the CSI type tasks - latent prints, multimedia (video/image/audio), cell phones, tool marks, fire arms, and etc.
Along comes the Obama DOJ to say, it's sad that Leahy got no sponsors to his bill, but we like the idea. We'll do it within the construct of the DOJ's funding priorities - in other words, if you want federal money or you want to bring evidence in federal court, then you'll need to do X, Y, and Z (the work was done in the Executive Office - Subcommittee on Forensic Sciences).
So, schools are being created to confer this type of education. My area in this in multimedia. Part of my PhD dissertation deliverable is the creation of a school of media forensics - a school in a box deliverable that can be given to colleges in any city to start their own programs. In that way, local practitioners do not have to move away from their local areas to UC Denver in order to pursue the degree that they will now need.
Here's the dilemma. Some of the best candidates for this type of work moving forward (forensics) are autistic people. They may fall under one or many of the diagnosis given to autistics - high functioning autism, Aspergers Disorder, Sensory Processing Disorder, PDD-NOS, and so on. But an initial survey has found that there are many people involved in this industry are either non-diagnosed or diagnosed on the autism spectrum (high functioning side). But while their brains are perfectly wired for forensics - the other characteristics of the autism spectrum cause a problem for entering LE.
Many LE agencies polygraph applicants - not only sworn staff, but all staff - or staff who will handing sensitive cases like anti-terror, narcotics, vice, or internal affairs. Thus, many of the potential forensic scientists will face a polygraph exam.
If you believe the marketing on the polygraph - that the instrument measures the biorhythms, these are not going to read the same for autistics as in a neuro-typical subject. To put it another way, taking the polygraph industry at their word that the instrument shows the readings and the examiner interprets the results - how will the examiner interpret the results of an non neuro-typical person?
Here's some examples:
• One of the characteristics of Aspergers is no eye contact. Another is flapping, or the inability to sit still or some other wild body movement - like a fidget.
• Autistic people may be claustrophobic in terms of things touching them. How will their body react to the blood pressure cuff? How will their body react to the neumo tubes? Sitting still, strapped to a chair generally doesn't work for autistic people.
• Autistic people generally do not like bright lights, flickering fluorescents, or loud sounds. Sitting still, strapped to a chair in a room with bright fluorescent lighting?
Hopefully, you can see where this is going. Many of our best candidates will fail a polygraph exam simply because it is not geared to accommodate the characteristics of autistic people. In failing the exam, they will necessarily be excluded from on the industries uniquely suited to their strengths.
I am hoping to interview both polygraph professionals and other experts in the field on a series of questions related to the premise, how do you effectively polygraph an autistic person.
All interview subjects will be treated with dignity and respect. Results will be kept confidential. Data will be used to support my research and no names will be used. Please feel free to direct message me if you are interested. Also feel free to respond with additional questions or requests for clarification.
Thank you.
Featured Post
Welcome to the Forensic Multimedia Analysis blog (formerly the Forensic Photoshop blog). With the latest developments in the analysis of m...
Thursday, November 29, 2012
Wednesday, November 28, 2012
Does overt or covert depend on the time of day?
This Lancaster (PA) case illustrates a few points about using CCTV evidence in trial.
Cameras mounted outside of a business were used in recording some activity that the prosecutor wants to use in trial. The essence of the defense's objection is that the defendant couldn't see the cameras - it was 1am and quite dark. Thus, with the lack of lighting, does overt placement become covert? Hmm.
Additionally, the CCTV system had an active microphone that recorded the defendant's conversation in the public space, which may be a crime in itself.
Lots of issues at play in this murder trial.
Cameras mounted outside of a business were used in recording some activity that the prosecutor wants to use in trial. The essence of the defense's objection is that the defendant couldn't see the cameras - it was 1am and quite dark. Thus, with the lack of lighting, does overt placement become covert? Hmm.
Additionally, the CCTV system had an active microphone that recorded the defendant's conversation in the public space, which may be a crime in itself.
Lots of issues at play in this murder trial.
Monday, November 26, 2012
Courts Divided Over Searches of Cellphones
This just in from the LA Times: "Judges and lawmakers across the country are wrangling over whether and when law enforcement authorities can peer into suspects’ cellphones, and the cornucopia of evidence they provide.
A Rhode Island judge threw out cellphone evidence that led to a man being charged with the murder of a 6-year-old boy, saying the police needed a search warrant. A court in Washington compared text messages to voice mail messages that can be overheard by anyone in a room and are therefore not protected by state privacy laws.
In Louisiana, a federal appeals court is weighing whether location records stored in smartphones deserve privacy protection, or whether they are “business records” that belong to the phone companies.
“The courts are all over the place,” said Hanni Fakhoury, a criminal lawyer with the Electronic Frontier Foundation, a San Francisco-based civil liberties group. “They can’t even agree if there’s a reasonable expectation of privacy in text messages that would trigger Fourth Amendment protection.”
Click here to continue reading the story.
Enjoy.
A Rhode Island judge threw out cellphone evidence that led to a man being charged with the murder of a 6-year-old boy, saying the police needed a search warrant. A court in Washington compared text messages to voice mail messages that can be overheard by anyone in a room and are therefore not protected by state privacy laws.
In Louisiana, a federal appeals court is weighing whether location records stored in smartphones deserve privacy protection, or whether they are “business records” that belong to the phone companies.
“The courts are all over the place,” said Hanni Fakhoury, a criminal lawyer with the Electronic Frontier Foundation, a San Francisco-based civil liberties group. “They can’t even agree if there’s a reasonable expectation of privacy in text messages that would trigger Fourth Amendment protection.”
Click here to continue reading the story.
Enjoy.
Wednesday, November 21, 2012
Colleges - the future site of forensic labs?
I've been thinking about this topic ever since the NAS report was issued, can forensic labs function well under police supervision? This article from India hints at our future here in the US - given budget shortfalls, staff cutbacks, and crime rates - can police departments keep up with forensics?
Sure, DNA is the sexy CSI science. But what about latent prints, crime scene photography, or multi-media forensics? As budgets shrink, governments can't afford to back fill open spots in their technical labs. The result, evidence isn't processed.
I've been saying that I think the solution is regional forensic labs at college campuses. Having the "official" lab at a college satisfies a number of issues raised in the NAS report, as well as by Senator Leahy. I think that this model solves a number of problems - more cops out of the labs and back on the street, disinterested third parties practicing forensic science, getting the CSI stuff away from fluctuating city budgets and under a federal funding scheme, and etc.
Just something to think about for now. But, something's got to give ...
Sure, DNA is the sexy CSI science. But what about latent prints, crime scene photography, or multi-media forensics? As budgets shrink, governments can't afford to back fill open spots in their technical labs. The result, evidence isn't processed.
I've been saying that I think the solution is regional forensic labs at college campuses. Having the "official" lab at a college satisfies a number of issues raised in the NAS report, as well as by Senator Leahy. I think that this model solves a number of problems - more cops out of the labs and back on the street, disinterested third parties practicing forensic science, getting the CSI stuff away from fluctuating city budgets and under a federal funding scheme, and etc.
Just something to think about for now. But, something's got to give ...
Tuesday, November 20, 2012
Facial recognition in the news
This just in from RT: "In a single second, law enforcement agents can match a suspect against millions upon millions of profiles in vast detailed databases stored on the cloud. It’s all done using facial recognition, and in Southern California it’s already occurring.
Imagine the police taking a picture: any picture of a person, anywhere, and matching it on the spot in less than a second to a personalized profile, scanning millions upon millions of entries from within vast, intricate databases stored on the cloud.
It’s done with state of the art facial recognition technology, and in Southern California it’s already happening."
...
"Up to 4 million comparisons per second, per clustered server” — that’s how many matches a single computer wired to the FaceFirst system can consider in a single breath as images captured by cameras, cell phones and surveillance devices from as far as 100 feet away are fed into algorithms designed to pick out terrorists and persons of interest. In a single setting, an unlimited amount of cameras can record the movements of a crowd at 30-frames-per-second, pick out each and every face and then feed it into an equation that, ideally, finds the bad guys.
"I realized that with the right technology, we could have saved lives,” Joseph Rosenkrantz, president and CEO of FaceFirst, tells the Los Angeles Times. He says he dreamed up the project after the attacks of September 11, 2001 and has since invested years into perfecting it. Not yet mastered, however, is how to make sure innocent bystanders and anyone who wishes to stay anonymous is left alone as he expands an Orwellian infrastructure that allows anyone with the right credentials to comb through a crowd and learn facts and figures of any individual within the scope of a surveillance cam.
Speaking to reporters with Find Biometrics in August, Rosenkrantz said that the system is already in place in Panama, where computers there process nearly 20 million comparisons per second “using a FaceFirst matching cluster with a large number of live surveillance cameras on a scale beyond any other system ever implemented.”
Read the whole story by clicking here.
Imagine the police taking a picture: any picture of a person, anywhere, and matching it on the spot in less than a second to a personalized profile, scanning millions upon millions of entries from within vast, intricate databases stored on the cloud.
It’s done with state of the art facial recognition technology, and in Southern California it’s already happening."
...
"Up to 4 million comparisons per second, per clustered server” — that’s how many matches a single computer wired to the FaceFirst system can consider in a single breath as images captured by cameras, cell phones and surveillance devices from as far as 100 feet away are fed into algorithms designed to pick out terrorists and persons of interest. In a single setting, an unlimited amount of cameras can record the movements of a crowd at 30-frames-per-second, pick out each and every face and then feed it into an equation that, ideally, finds the bad guys.
"I realized that with the right technology, we could have saved lives,” Joseph Rosenkrantz, president and CEO of FaceFirst, tells the Los Angeles Times. He says he dreamed up the project after the attacks of September 11, 2001 and has since invested years into perfecting it. Not yet mastered, however, is how to make sure innocent bystanders and anyone who wishes to stay anonymous is left alone as he expands an Orwellian infrastructure that allows anyone with the right credentials to comb through a crowd and learn facts and figures of any individual within the scope of a surveillance cam.
Speaking to reporters with Find Biometrics in August, Rosenkrantz said that the system is already in place in Panama, where computers there process nearly 20 million comparisons per second “using a FaceFirst matching cluster with a large number of live surveillance cameras on a scale beyond any other system ever implemented.”
Read the whole story by clicking here.
Monday, November 19, 2012
Allegations of sloppy work, bias, dishonesty dog Oregon State Police handwriting unit
This just in from the Oregonian: "An Oregon State Police handwriting examiner committed a serious error in a killer-for-hire case last January, provoking so much finger-pointing that the future of the agency's document analysis unit is uncertain.
State police officials, confronted by a whodunit under their own roof, suspended all work by the handwriting unit in March, saying little about why. But internal reviews obtained by The Oregonian through open-records filings detail allegations of bias, sloppy work and dishonesty.
Out-of-state experts are now re-examining 35 criminal cases worked by the unit's two handwriting analysts, partly to ensure that no innocent people were convicted on faulty findings. Washington State Patrol officials, who relied on the examiner who made the error to review at least 40 of their cases from 2009 to 2010, are waiting to see what the experts find."
...
"Kelley and Emmons say they have no problems with their work being reviewed by outside experts, and both say no mistakes will be found.
But their suspension has caused another problem.
The accreditation board of the American Society of Crime Laboratory Directors declined to accredit the handwriting unit as a result, leaving state police with no way to conduct handwriting examinations on their own.
They have had to farm out the work to the FBI and other agencies."
Read the whole article by clicking here.
State police officials, confronted by a whodunit under their own roof, suspended all work by the handwriting unit in March, saying little about why. But internal reviews obtained by The Oregonian through open-records filings detail allegations of bias, sloppy work and dishonesty.
Out-of-state experts are now re-examining 35 criminal cases worked by the unit's two handwriting analysts, partly to ensure that no innocent people were convicted on faulty findings. Washington State Patrol officials, who relied on the examiner who made the error to review at least 40 of their cases from 2009 to 2010, are waiting to see what the experts find."
...
"Kelley and Emmons say they have no problems with their work being reviewed by outside experts, and both say no mistakes will be found.
But their suspension has caused another problem.
The accreditation board of the American Society of Crime Laboratory Directors declined to accredit the handwriting unit as a result, leaving state police with no way to conduct handwriting examinations on their own.
They have had to farm out the work to the FBI and other agencies."
Read the whole article by clicking here.
Friday, November 16, 2012
Elections have consequences
I'm often asked about my political leanings. Given my profession, people make assumptions as to my party affiliation. They're often wrong.
Folks have been asking for my take on where the world is heading, and so forth, given the fact that the US has just had a big election. So, here's my analysis of the US's election results, and sundry associated issues:
Progressives have spent a century or more creating a demand for their products and services. Obama, for his part, handled the supply side of the equation. Folks like to see results, a bridge or library built, a program to help, etc. Robert Byrd is an excellent example of this re-election strategy. You can't go anywhere in WV without seeing his name plastered on some official sign. Republicans, for their part, have not offered an alternative set of products and services over the corresponding time period. The message of cut this, but not that, doesn't ring true for over half the country.
The conservative message of save for tomorrow rings hollow when the government drives down interest rates such that your savings are eaten away by inflation. Thus, people spend what they have and hope for a better tomorrow ($1000 in a savings account does you no good when you neighbor's flat screen is bigger than yours, after all).
The conservative message of investment and the power of compound interest is undercut by the government's insertion of itself into the market. It picks winners and losers, it deems companies too big to fail, it plays with the value of money and commodities. Given this, would you trust the stock mar
Folks have been asking for my take on where the world is heading, and so forth, given the fact that the US has just had a big election. So, here's my analysis of the US's election results, and sundry associated issues:
Progressives have spent a century or more creating a demand for their products and services. Obama, for his part, handled the supply side of the equation. Folks like to see results, a bridge or library built, a program to help, etc. Robert Byrd is an excellent example of this re-election strategy. You can't go anywhere in WV without seeing his name plastered on some official sign. Republicans, for their part, have not offered an alternative set of products and services over the corresponding time period. The message of cut this, but not that, doesn't ring true for over half the country.
The conservative message of save for tomorrow rings hollow when the government drives down interest rates such that your savings are eaten away by inflation. Thus, people spend what they have and hope for a better tomorrow ($1000 in a savings account does you no good when you neighbor's flat screen is bigger than yours, after all).
The conservative message of investment and the power of compound interest is undercut by the government's insertion of itself into the market. It picks winners and losers, it deems companies too big to fail, it plays with the value of money and commodities. Given this, would you trust the stock mar
ket? Would you trust your retirement to the stock market?
The conservative message of family values continues to be undermined by politicians who say one thing in public, pass judgement on others through legislation, then do entirely different things behind their own closed doors. Pro-marriage legislators turn out to be cheating on their spouses. Anti-gay rights legislators turn out to be gay. Why can't well ordered liberty include all of God's creation? Why can't pro-freedom, pro-choice, and pro-American mean the same thing?
A few years ago, I wrote a book on what I thought were the essential qualities of a leader. Modern Freemasonry takes a good man, and illustrates the path to a well lived life. Thus, it's little mystery to me why so many of the world's heroes are/have been Freemasons.
Everyone makes mistakes - did you own them? Did you learn from them? DId you ask for forgiveness? What to be a leader - whom have you followed? Can a man lead who does not know how to obey? Do you have unhealthy attachments? Is your life out of balance? Can you make and keep commitments? Do you know how to be a friend? In whom do you put your trust?
So, lift your head up high. It's not the end of the world. Your family needs your full efforts, as does your neighborhood, town, county, state, and your country. Remember that your work recommends you, as does the company that you keep. Remember that your legacy includes not just those fixed assets that you leave behind, but also the memory of you that remains in your children and all of those of whom you've impacted over the years.
So, chin up, mates. It'll be fine. We'll make it through these tough times, together.
The conservative message of family values continues to be undermined by politicians who say one thing in public, pass judgement on others through legislation, then do entirely different things behind their own closed doors. Pro-marriage legislators turn out to be cheating on their spouses. Anti-gay rights legislators turn out to be gay. Why can't well ordered liberty include all of God's creation? Why can't pro-freedom, pro-choice, and pro-American mean the same thing?
A few years ago, I wrote a book on what I thought were the essential qualities of a leader. Modern Freemasonry takes a good man, and illustrates the path to a well lived life. Thus, it's little mystery to me why so many of the world's heroes are/have been Freemasons.
Everyone makes mistakes - did you own them? Did you learn from them? DId you ask for forgiveness? What to be a leader - whom have you followed? Can a man lead who does not know how to obey? Do you have unhealthy attachments? Is your life out of balance? Can you make and keep commitments? Do you know how to be a friend? In whom do you put your trust?
So, lift your head up high. It's not the end of the world. Your family needs your full efforts, as does your neighborhood, town, county, state, and your country. Remember that your work recommends you, as does the company that you keep. Remember that your legacy includes not just those fixed assets that you leave behind, but also the memory of you that remains in your children and all of those of whom you've impacted over the years.
So, chin up, mates. It'll be fine. We'll make it through these tough times, together.
Thursday, November 15, 2012
History log function now in Amped FIVE
Yesterday, Amped Software announced a new update to FIVE. Along with some bug fixes, FIVE now has an automatic logging feature. You'll find this by clicking on View>Open Log Folder.
Since the new default is to log every action in FIVE, I just wanted to remind you of a post I wrote a few years ago about the discovery issue related to history logs.
... Smith and Bace make clear the fact that the reports we generate will provide fodder for cross examination. This includes the History Log. If your log is not handled correctly, it will likely include a running list of every image ever processed by you on your computer. Do you want to turn this list over for discovery? Imagine the questions it would generate. If your Log only shows work on a few images, but hundreds were turned in for discovery, you should expect a long series of questions ...
As the FIVE history logs record not only the actions, including play and pause, but also the local time, file locations, and etc ... you might want to run the use of this feature past your chain of command and your risk management section. In the mean time, you can turn this feature off in the Program Options window, if you want to.
Enjoy.
Since the new default is to log every action in FIVE, I just wanted to remind you of a post I wrote a few years ago about the discovery issue related to history logs.
... Smith and Bace make clear the fact that the reports we generate will provide fodder for cross examination. This includes the History Log. If your log is not handled correctly, it will likely include a running list of every image ever processed by you on your computer. Do you want to turn this list over for discovery? Imagine the questions it would generate. If your Log only shows work on a few images, but hundreds were turned in for discovery, you should expect a long series of questions ...
As the FIVE history logs record not only the actions, including play and pause, but also the local time, file locations, and etc ... you might want to run the use of this feature past your chain of command and your risk management section. In the mean time, you can turn this feature off in the Program Options window, if you want to.
Enjoy.
Wednesday, November 14, 2012
A Texas Prosecutor Faces Justice
This just in from the New York Times: "In just about a month from now, Texas will witness a rare event: a former prosecutor is going to be held to account for alleged prosecutorial misconduct."
"What makes the Morton case unusual is that, thanks to the Innocence Project’s re-investigation, Ken Anderson will soon go before a Texas Court of Inquiry. If the court believes that Anderson’s alleged misconduct rises to the level of a crime, it could refer the matter to a grand jury. But the Court of Inquiry exists only in Texas, and is almost never used even there.
In truth, Anderson isn’t the only Williamson County prosecutor who faced consequences as a result of the Morton case. His successor, John Bradley, was the one who had fought for years against the DNA testing of the bandana. Seven months after Morton was set free, Bradley, who had always been a shoo-in for re-election as district attorney, was resoundingly defeated.
When I spoke to him the other day, he told me that he now believes he had been wrong to fight so hard against the DNA testing. “We shouldn’t set up barriers to the introduction of new evidence,” he said. Although it would mean more work for prosecutors, Bradley now believes that examining important new evidence is “a legitimate and acceptable cost to doing business in the criminal justice system.”
Bradley will leave office soon. He told me he was going to start a law practice specializing in appellate work. Here’s hoping he argues some appeals for the wrongly imprisoned."
Click here to read the whole story.
"What makes the Morton case unusual is that, thanks to the Innocence Project’s re-investigation, Ken Anderson will soon go before a Texas Court of Inquiry. If the court believes that Anderson’s alleged misconduct rises to the level of a crime, it could refer the matter to a grand jury. But the Court of Inquiry exists only in Texas, and is almost never used even there.
In truth, Anderson isn’t the only Williamson County prosecutor who faced consequences as a result of the Morton case. His successor, John Bradley, was the one who had fought for years against the DNA testing of the bandana. Seven months after Morton was set free, Bradley, who had always been a shoo-in for re-election as district attorney, was resoundingly defeated.
When I spoke to him the other day, he told me that he now believes he had been wrong to fight so hard against the DNA testing. “We shouldn’t set up barriers to the introduction of new evidence,” he said. Although it would mean more work for prosecutors, Bradley now believes that examining important new evidence is “a legitimate and acceptable cost to doing business in the criminal justice system.”
Bradley will leave office soon. He told me he was going to start a law practice specializing in appellate work. Here’s hoping he argues some appeals for the wrongly imprisoned."
Click here to read the whole story.
Tuesday, November 13, 2012
virtual reality crime scene training available to state and local law enforcement
This just in from Officer.com: "The nonprofit National Forensic Science Technology Center (NFSTC), in partnership with the University of Tennessee (UT) Law Enforcement Innovation Center (LEIC), is making virtual reality crime scene training available to state and local law enforcement professionals for the first time. For active law enforcement officers who register in 2012, the Investigator-Virtual Reality (I-VR) training is free of charge and funded by the National Institute of Justice.
Brian Cochran, a detective for 11 years, is a graduate of UT’s National Forensic Academy and was among those who helped develop the training. “Overall, the training is meant to be introductory,” says Cochran, who works in the crime scene unit of the Boone County Sheriff’s Office in Kentucky. “It [covers] general things: scene security, searching for evidence, and properly packaging, documenting and photographing evidence—the fundamentals of crime scene management and processing.”
Entry-level law enforcement personnel who may want to become crime scene investigators or forensic practitioners can benefit from I-VR. The training can also be used as a refresher for seasoned investigators, says Emily Miller, a specialist with LEIC at UT’s Institute for Public Service.
From January to the end of September, more than 400 participants registered for the course, Miller says. She says participants have included law enforcement officers, first responders, crime scene investigators, field training officers, rookies and veterans."
Click here to read the whole story.
Brian Cochran, a detective for 11 years, is a graduate of UT’s National Forensic Academy and was among those who helped develop the training. “Overall, the training is meant to be introductory,” says Cochran, who works in the crime scene unit of the Boone County Sheriff’s Office in Kentucky. “It [covers] general things: scene security, searching for evidence, and properly packaging, documenting and photographing evidence—the fundamentals of crime scene management and processing.”
Entry-level law enforcement personnel who may want to become crime scene investigators or forensic practitioners can benefit from I-VR. The training can also be used as a refresher for seasoned investigators, says Emily Miller, a specialist with LEIC at UT’s Institute for Public Service.
From January to the end of September, more than 400 participants registered for the course, Miller says. She says participants have included law enforcement officers, first responders, crime scene investigators, field training officers, rookies and veterans."
Click here to read the whole story.
Monday, November 12, 2012
Scope of warrant at issue
This just in from CyberCrime Review: "In United States v. Schlingloff, 2012 U.S. Dist. LEXIS 157272 (C.D. Ill. Oct. 24, 2012), Judge Shadid held that use of Forensic Toolkit's (FTK) Known File Filter (KFF) to alert on child pornography files was outside the scope of a warrant issued to look for evidence of identity theft.
The defendant in this case lived at a location that was searched pursuant to a valid warrant; the warrant was issued to find evidence of identity theft. During the search of the residence, multiple media devices and computers were retrieved, including a computer and external storage device belonging to the defendant. When the items were sent for forensic analysis, the computer forensic analyst did a search of the devices not only for identity theft (likely image and string searches), but also for child pornography using FTK's KFF option.
A short explanation on KFF. To make forensic analysis easier, files that are known to be valid (system files, DLLs, etc.) are hashed, and those hash values are compared against a disk image to exclude known valid files from further forensic analysis. Conversely, known malicious or illegal files are also hashed, and if those files are found on the computer, the KFF alerts on those hashes, indicating to the investigator that those files should definitely be investigated further. Per FTK's own literature, the KFF can be pared to certain file lists (i.e. hashes of child porn files, virus-related files, etc.) relevant to the current investigation. Additionally, the forensic investigator does not have to use KFF - it is merely an option.
Here, the investigator chose to use the KFF, and within its alerts were hashes of child pornography. While searching the defendant's computer, child porn alerts generated by the KFF showed up. The analyst took the next step and (to confirm the files were in fact CP), opened a few to confirm the results. As the court stated:
The search here did not end with flagging the child pornography files during preprocessing, however. After the KFF alerted to the two files in question, [the agent] believed that he recognized them to be part of the "Vicky" series of child pornography based on their hash values and his experience. Rather than stopping at this point to obtain a warrant to search for images of child pornography, [the agent] briefly opened each file in order to confirm his suspicions before stopping any further processing..
Based on this evidence, the defendant was charged with possession of child pornography. The defendant filed a motion to suppress the evidence, arguing that it was outside the scope of the warrant. The initial motion was denied because the court was under the impression that KFF was an all-or-nothing option. Upon learning that the KFF can be turned on and off in a motion to reconsider, the court granted the motion to suppress.
Continue reading the article by clicking here.
Enjoy.
The defendant in this case lived at a location that was searched pursuant to a valid warrant; the warrant was issued to find evidence of identity theft. During the search of the residence, multiple media devices and computers were retrieved, including a computer and external storage device belonging to the defendant. When the items were sent for forensic analysis, the computer forensic analyst did a search of the devices not only for identity theft (likely image and string searches), but also for child pornography using FTK's KFF option.
A short explanation on KFF. To make forensic analysis easier, files that are known to be valid (system files, DLLs, etc.) are hashed, and those hash values are compared against a disk image to exclude known valid files from further forensic analysis. Conversely, known malicious or illegal files are also hashed, and if those files are found on the computer, the KFF alerts on those hashes, indicating to the investigator that those files should definitely be investigated further. Per FTK's own literature, the KFF can be pared to certain file lists (i.e. hashes of child porn files, virus-related files, etc.) relevant to the current investigation. Additionally, the forensic investigator does not have to use KFF - it is merely an option.
Here, the investigator chose to use the KFF, and within its alerts were hashes of child pornography. While searching the defendant's computer, child porn alerts generated by the KFF showed up. The analyst took the next step and (to confirm the files were in fact CP), opened a few to confirm the results. As the court stated:
The search here did not end with flagging the child pornography files during preprocessing, however. After the KFF alerted to the two files in question, [the agent] believed that he recognized them to be part of the "Vicky" series of child pornography based on their hash values and his experience. Rather than stopping at this point to obtain a warrant to search for images of child pornography, [the agent] briefly opened each file in order to confirm his suspicions before stopping any further processing..
Based on this evidence, the defendant was charged with possession of child pornography. The defendant filed a motion to suppress the evidence, arguing that it was outside the scope of the warrant. The initial motion was denied because the court was under the impression that KFF was an all-or-nothing option. Upon learning that the KFF can be turned on and off in a motion to reconsider, the court granted the motion to suppress.
Continue reading the article by clicking here.
Enjoy.
Friday, November 9, 2012
HFR 3D - coming soon to a theatre near you
Here's a collection of links on the emerging HFR 3D standard for video.
- Regal Cinemas
- 'The Hobbit' to play in high frame rate at 450 theaters
- High frame rates will take off
- The Hobbit shot at 48 fps
- The technology
Thursday, November 8, 2012
variable frame rates
An interesting quirk in digital multimedia evidence (DME) when it meets the average first responder's workflow can cause unnecessary angst when using the Omnivore.
Here's what I mean.
Let's say that a crime happened and was captured by a CCTV system - and that the Omnivore is your tool of choice for retrieving the DME for use by your agency. The crime lasts only a minute or two, but the investigators want 15 minutes before and after the crime - thus your capture duration would be 32 minutes, give or take a few seconds. With me so far?
Enter a variable frame rate.
Some systems employ a variable frame rate for recording / playback. Thus, if nothing's happening, the frames per second (fps) might be set at 1 or 2 fps. Then action occurs in front of the camera, and the fps jumps up to 15-30 for the duration of the action.
So, in our scenario, there's little going on for about 15 minutes, then 2 minutes of action, then little going on for 15 minutes. The DVR manufacturer wants to maximize storage space, so it's 15 minutes x 2 fps + 2 minutes x 30 fps + 15 minutes x 2 fps (as opposed to 32 minutes x 30 fps. With me? Here's where this is going.
If you run the Optimization routine in Omnivore based on the initial seconds of the DME, it will give you an average playback of 2 and a capture rate of 4 fps. But what happens when 15 minutes later, the fps jumps to 30? Omnivore, if you have it selected to stop when it drops frames, will stop and ask you if you want to save your work. It thinks it's dropped a frame as it's being flooded with frames and isn't set to receive them at the new rate. It's doing what it's supposed to do.
The simple solution to this problem, if you can call it that, is to base your Optimization on the time within the video where the crime actually occurs - or there's action happening. This will be the highest rate, generally. You should also note the internal settings of the DVR. What does it say the frame rate should be for the camera that you are capturing? Is there a different fps setting for motion, alarms, panic buttons, etc.? Write this stuff down. Then compare what Omnivore says about the frame rate with your notes.
Enjoy.
Wednesday, November 7, 2012
Nyquist Rate
The Omnivore, from Ocean Systems, is an essential part of my field kit. I've used it with great success on many cases. An interesting question came in related to it, it's Optimization process, and the accompanying instructions. Here's my answer.
While it's not explained or referenced, it appears that the software samples the playback rate, then uses a variation on the Nyquist Rate theme (The Nyquist-Shannon sampling theorem establishes that "when sampling a signal (e.g., converting from an analog signal to digital), the sampling frequency must be greater than twice the Band Width of the input signal in order to be able to reconstruct the original perfectly from the sampled version") in performing it's work.
It seems that the Omnivore is sampling (or capturing) at twice the playback rate, then discarding the duplicates to best re-create the proprietary file in a usable format.
So, from a workflow standpoint, you open the player, load the file, launch Omnivore .... and capture the video into Omnivore's proprietary format. With me so far.
What do you do when you have multiple clips from a single location - same player, many camera views? The Omnivore help files says this, The “Reset” button located in the Video Setting Tab (Optimization section) should only be used when you are changing from one player to another. If you are performing multiple captures of video from different camera views within the same player, you do not need to Re-Optimize each time or “Reset” the optimization process.
So in the case that generated the question, each of the individual views was playing back at a different rate - a rate that was variable. The only way to get an accurate grab was to Reset after playing back each view. Then Re-Optimize with the new camera view.
So, in this case, RTFM wasn't the best solution. Who knew?
Enjoy.
While it's not explained or referenced, it appears that the software samples the playback rate, then uses a variation on the Nyquist Rate theme (The Nyquist-Shannon sampling theorem establishes that "when sampling a signal (e.g., converting from an analog signal to digital), the sampling frequency must be greater than twice the Band Width of the input signal in order to be able to reconstruct the original perfectly from the sampled version") in performing it's work.
It seems that the Omnivore is sampling (or capturing) at twice the playback rate, then discarding the duplicates to best re-create the proprietary file in a usable format.
So, from a workflow standpoint, you open the player, load the file, launch Omnivore .... and capture the video into Omnivore's proprietary format. With me so far.
What do you do when you have multiple clips from a single location - same player, many camera views? The Omnivore help files says this, The “Reset” button located in the Video Setting Tab (Optimization section) should only be used when you are changing from one player to another. If you are performing multiple captures of video from different camera views within the same player, you do not need to Re-Optimize each time or “Reset” the optimization process.
So in the case that generated the question, each of the individual views was playing back at a different rate - a rate that was variable. The only way to get an accurate grab was to Reset after playing back each view. Then Re-Optimize with the new camera view.
So, in this case, RTFM wasn't the best solution. Who knew?
Enjoy.
Tuesday, November 6, 2012
Stabilization of video from helmet cam
If you're looking to stabilize video from a helmet cam, motorcycle mounted cam, or in-car video, here's a YouTube video to show you how easy it is to do in AmpedFIVE.
Enjoy.
Enjoy.
Monday, November 5, 2012
Reports from experts
I've noticed an increasing number of people presenting themselves as experts in the field of audio, video, image, and multi-media forensics. As the economy contracts, and people look for work slightly outside of their skill set, it's important to know that your work with Photoshop is just a portion of what you need to do for a case.
"As an expert witness, you may be asked to produce an Expert Witness report for the court.
When developing your expert witness report, remember that they are discoverable; that is, your report will be shared with the attorneys for all sides in the dispute prior to trial.
Your expert witness’s report should include all the pertinent findings that you observed, pertinent things that you sought but did not find, your conclusions based on your findings, and, if needed, a statement explaining the reasons for your conclusions. Because your conclusions are based on science, it should be possible for another person with your training to read your report and look at your documentation, such as photographs, and reach the same conclusions.
The quality of your work reflects your care and thoroughness and will help establish your reputation.
While reviewing a case, consider what points are important and need emphasis, as well as the best way to document your observations. Strive to describe an observation so that someone else, including yourself years later, can read the description and form an accurate mental image of what is described in the report.
Copies of your notes may be requested, so it is important to keep any documentation professional in nature; you would not want to be embarrassed because of a disparaging notation." - RTI International
"As an expert witness, you may be asked to produce an Expert Witness report for the court.
When developing your expert witness report, remember that they are discoverable; that is, your report will be shared with the attorneys for all sides in the dispute prior to trial.
Your expert witness’s report should include all the pertinent findings that you observed, pertinent things that you sought but did not find, your conclusions based on your findings, and, if needed, a statement explaining the reasons for your conclusions. Because your conclusions are based on science, it should be possible for another person with your training to read your report and look at your documentation, such as photographs, and reach the same conclusions.
The quality of your work reflects your care and thoroughness and will help establish your reputation.
While reviewing a case, consider what points are important and need emphasis, as well as the best way to document your observations. Strive to describe an observation so that someone else, including yourself years later, can read the description and form an accurate mental image of what is described in the report.
Copies of your notes may be requested, so it is important to keep any documentation professional in nature; you would not want to be embarrassed because of a disparaging notation." - RTI International
Saturday, November 3, 2012
Photoshop enters the Presidential campaign
It's getting completely ridiculous. This image is floating around Twitter, seeming proof that the President is ... (fill in the blank as you see fit. this isn't political commentary).
But, as each side points fingers and works themselves into a froth, the real loser is Photoshop. As Photoshop has become a verb, requests to authenticate images become more frequent.
Yes, it's a cut/paste forgery. Our ELA test shows clear lines where the insertion has taken place. But you need not take my word for it. All one has to do is trace the source. The man admits it's a fake.
So, let's all take a deep breath. Vote with intelligence, not emotion. And, please, let's resist the urge to use Photoshop in such nasty ways. Let's make art, and clarify images - let's not use such a wonderful tool to confuse and anger and annoy. Help make Photoshop a noun again.
Friday, November 2, 2012
LAPD posts 'Grim Sleeper' suspect's photos on Facebook, Twitter
This from the LA Times: "Los Angeles police are again turning to the public for help in identifying dozens of women seen in photos found at the home of the alleged "Grim Sleeper" serial killer.
Forty-two photographs found at the home of suspect Lonnie Franklin Jr. will be posted on Facebook and Twitter on Thursday, Los Angeles police announced. The photos, taken between 1976 and 2010, were among about 1,000 photos seized from Franklin's home when he was arrested in July 2010.
Franklin, 60, has been charged with murder in the slayings of 10 women whose bodies were found on the streets of South Los Angeles over two decades. Authorities said he has been linked to at least six more killings.
When authorities found the photos, along with hundreds of hours of video, they feared that some of the women could be additional victims. Some of the images appeared to be innocent snapshots, but most showed women in various states of undress in sexual poses.
Detectives weeded out duplicate images and sought to identify about 160 women. They tried to contact the women on their own, but when they were unable to identify the rest, they took the rare step of making the images public. Hundreds of tips poured in, and detectives were able to identify additional victims."
Click here to read the whole story and visit the gallery.
Forty-two photographs found at the home of suspect Lonnie Franklin Jr. will be posted on Facebook and Twitter on Thursday, Los Angeles police announced. The photos, taken between 1976 and 2010, were among about 1,000 photos seized from Franklin's home when he was arrested in July 2010.
Franklin, 60, has been charged with murder in the slayings of 10 women whose bodies were found on the streets of South Los Angeles over two decades. Authorities said he has been linked to at least six more killings.
When authorities found the photos, along with hundreds of hours of video, they feared that some of the women could be additional victims. Some of the images appeared to be innocent snapshots, but most showed women in various states of undress in sexual poses.
Detectives weeded out duplicate images and sought to identify about 160 women. They tried to contact the women on their own, but when they were unable to identify the rest, they took the rare step of making the images public. Hundreds of tips poured in, and detectives were able to identify additional victims."
Click here to read the whole story and visit the gallery.
Thursday, November 1, 2012
NIK now part of Google?
Did you know that Google bought NIK Software? A lot of folks like Nik Color Efex Pro and use it in their workflow. Well, NIK's now a Google property.
I'm not sure what this means for the future of Nik's tools, but at least you know. If you don't care for Google's privacy policies, you may want to click over and let them know that you don't want your user info migrated to Google.
I'm not sure what this means for the future of Nik's tools, but at least you know. If you don't care for Google's privacy policies, you may want to click over and let them know that you don't want your user info migrated to Google.
Subscribe to:
Posts (Atom)