File000136

402 views
319 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
402
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

File000136

  1. 1. Module XXIII – Video File Forensics
  2. 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: R. Kelly Trial: What Has Prosecution Proved About Sex Tape -- And Should Kelly Be Worried? Source: http://www.mtv.com/ Source: http://www.mtv.com/
  3. 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Hollywood Actresses Morph into One on YouTube Video Clip Source: http://www.news.com.au/
  4. 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Video File Forensics • Need of Video File Forensics • Video File Formats • Devices used for Video Forensics • Video File Forensics Steps • Near Duplicate Video Clip Detection System • Video Forensics Tools • Audio Video Forensic Lab (AVFL) This module will familiarize you with:
  5. 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Need of Video File Forensics Devices used for Video Forensics Video Forensics Tools Video File Forensics Audio Video Forensic Lab (AVFL) Video File Forensics Steps Near Duplicate Video Clip Detection System Video File Formats
  6. 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video File Forensics Video forensics is defined as examination, comparison, reconstruction, enhancement, and evaluation of video evidence in order to assist law enforcement agencies and courts in solving a case
  7. 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Crimes Involving Video Files • Use video steganography to send secret messages • Use morphing techniques to replace faces in pornographic videos to defame or blackmail a known person • Mix pornographic video clips and other videos • Edit the selected video frames to distort the facts Criminals can:
  8. 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Need of Video File Forensics To support criminal investigations To enhance and reconstruct video To improve the voice intelligibility of recordings To resolve the authenticity of video recordings To extract and analyze digital video recordings To view the details hidden in video due to poor lighting, improperly adjusted and maintained cameras, and cheap video equipment
  9. 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video File Formats
  10. 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video File Formats (cont’d)
  11. 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video File Formats (cont’d)
  12. 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video File Formats (cont’d)
  13. 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video File Formats (cont’d)
  14. 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Pre-Requisites for Video Forensics • Tools for imaging the video files • Tools for de-multiplexing and video stabilizing Software requirements: • Analog Video Monitor • Video Playback Deck • Printer Hardware requirements: Analog Video Monitor Video Playback Deck Printer
  15. 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Selecting Video Forensics Tools • Digitize the complete National Television Standards Committee (NTSC) signal • View consecutive images at the field level • Process video with lossless compression technique • Process video without the addition of artifacts Video Forensics tools should have the ability to:
  16. 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Precautions During Video File Forensics Collect all the handheld, digital, and computer evidence containing video files Photograph the scene and evidence After seizing the video evidence, ensure that the evidence is not changed Use the write protection techniques for digital video evidence Keep video evidence away from external factors such as magnetic fields, static electric charges, and electrical hazards Maintain a chain of custody for evidence and documentation
  17. 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Preparing for Video Forensics Give priority to other forensic examinations such as fingerprints analysis and trace evidence analysis before proceeding to video forensic analysis Review the video evidence for their integrity before submitting for forensic analysis Create Standard Operating Procedures (SOPs) for the analysis of video evidence
  18. 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video Forensic Methodology Frame averaging Video De-multiplexing Video stabilizing Motion Deblurring Magnifying and color correcting the video Performing audio analysis Performing video steganalysis Converting the digital video from DVR (Digital Video Recorder) devices into digital video formats usable for forensic analysis Reliably digitize the video tape’s footage onto a computer system
  19. 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Frame Averaging Frame averaging is the process used to eliminate the electronic noise in the video It is the mathematical process which improves the quality of the video Noise in video decreases with the increase in the square root of the number of frames averaged Stop Motion Pro is one of the tools used for frame averaging 45 55 25 65 45 55 35 35 45 55 45 70 55 45 45 83 55 45 55 75 65 105 85 30 50 50 35 74 50 50 45 55 55 80 65 50 Pixel Values of 1st Frame Pixel Values of 2nd Frame Pixel Values of Averaged
  20. 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video Demultiplexing Video demultiplexing separates different camera views from a multiplexed CCTV footage It combines the different videos from different camera into single and continuous flow, which helps to recognize the objects clearly Video Active and dPlex Pro are some of the demultiplexing Software
  21. 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Demultiplexing Tool: Video Active Video Active is an automated universal multiplex software for real time video processing It is a module based tool and allows the end user to view, analyze, process, and capture multiplexed video feeds within seconds without any rendering time Standard Features: • Real time processing • Automatic demultiplexing • Panning and zooming • Rearranging of camera sources • Single or multi track capturing of cameras • Capture from fire wire devices • Automated notification system for capture process (used to verify the lossless capture -no frame dropping) • Write your own scripts • Variety of input sources (s-video, composite, component) • Dual input signal capable (NTSC and PAL)
  22. 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video Active: Screenshot
  23. 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Demultiplexing Tool: dPlex Pro • Demultiplexing video recorded from any multiplexed video source • Demultiplex video and view multiple camera views simultaneously • Save any demultiplexed camera view as an individual demultiplexed video clip • Save multiple demultiplexed camera views in a matrix view of up to 16 cameras • Arrange camera views by order of importance • "Send To dPlex Pro" Command from directly from Avid • Uncompressed QuickTime output with no file size limitations Features: dPlex Pro is a video demultiplexing program It allows you to demultiplex multiple camera views at once, then interactively select which demultiplexed camera views you would like to view
  24. 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited dPlex Pro: Screenshot
  25. 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video Stabilizing Video stabilization is a video enhancement technology which aims at removing annoying shaky motion from videos It freezes up the object in the same spot It helps in recognizing the moving object
  26. 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Motion Deblurring Video blurring occurs when the movement of object or the camera is fast Deblurring removes camera shake and videos’s motion blur Video active tool helps in deblurring the videos
  27. 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Magnifying and Color Correcting Video Enlarge portions of the video for areas of interest Videos in dark or nights does not show the color of faces and cloths or vehicles Highlight someone or something of interest in the video Correct dark and washed out scenes Perform color correction on such videos to get the exact result
  28. 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Spotlighting the Particular Region Spotlighting means highlighting the particular area or image in the video Spotlight can define a shape anywhere from a square to a circle, then work with either inside or outside of that shape using different filters, including blur, mosaic, and scatter Spotlight is a dTective module that allows the analyst to select a region of video highlight or blur
  29. 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Audio Analysis Sometimes, audio is not in sync with the video Enhance audio to align the audio with the video signal Use Cardinal audio forensics tool for audio analysis
  30. 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Performing Video Steganalysis Steganalysis is the technology that attempts to defeat steganography by detecting the hidden information and extracting it Video steganalysis is used to find out the secret information hidden behind the video files
  31. 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited StegSecret Stegsecret is a steganalysis open source project (GNU/GPL) that detects hidden information in different digital media It detects hidden information from images, audio, and video files
  32. 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited StegSecret: Screenshot
  33. 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited UQLIPS: Near Duplicate Video Clip Detection System UQLIPS is a prototype system that supports fast and robust NDVC (Near Duplicate Video Clip Detection system) search based on visual content Given a query video clip, UQLIPS can quickly detect its near-duplicates NDVC detection has a wide range of applications such as: • TV broadcast monitoring • Copyright enforcement • Online video usage monitoring • Video database purge • Video clustering and annotation • Cross modal divergence detection
  34. 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited UQLIPS: Screenshot
  35. 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Analysis of Output Result of video forensics may be displayed in several forms An analyst can submit the result in the form of a videotape, a video file such as MPEG, AVI, or digital images Analyst can submit the result either on a storage medium CD, network drive, etc. or a hard-copy print Use particular video player to view the files Check the files obtained during steganalysis If the files are password protected, try to crack it File extracted from steganalysis may be in an encrypted form, use some cryptanalysis tools such as ‘Crank’ to decrypt it
  36. 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video Forensics Tools
  37. 37. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video Forensics Tools VideoDetective Jam Ikena Reveal dTective VideoFOCUS
  38. 38. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited dTective Capturing digital surveillance De-Multiplexing Frame averaging Highlighting/Masking Image stabilization Color correction dTective is the video evidence analysis and audio evidence analysis system You can easily enhance digital and analog evidence Features:
  39. 39. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited dTective (cont’d) dTective system consists of following tools: • dVeloper: • dVeloper removes noise and video graininess through a time-lapse processing technique called frame averaging • DVR dCoder • DVR dCoder aids in the conversion of digital surveillance files from a proprietary format into a format understood by the dTective system • dPlex Pro: • dPlex Pro demultiplexes multiple camera views at once, then interactively select which demultiplexed camera views you would like to view • SpotLight: • SpotLight highlights an area of video or just as easily obscure an area to hide sensitive information • MAGNIFi: • MAGNIFi enlarges a section of the video and displays the result either full screen or to a user defined portion of the screen
  40. 40. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited dTective: Screenshot
  41. 41. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited VideoFOCUS VideoFOCUS is the video forensics tool Camera stabilization makes it easier to view and present video evidence • Analog video captures • Digital video import and transcoding • Digital video screen captures • Demultiplexing • Improved image filtering • Digital video conversion and export • Preservation of original evidence and audit trail Features:
  42. 42. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited VideoFOCUS: Screenshot
  43. 43. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sarensix Video Forensic Services Sarensix Video forensic Services provides video enhancement services using patented technology that can take raw video surveillance footage and process it faster and more accurately through the implementation of super fusion enhancement The Sarensix method aligns and processes multiple frames of video as a complete segment for improved enhancement It accepts most recorded formats and mediums, even poor quality or amateur video
  44. 44. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sarensix Video Forensic Services (cont’d) • Automatically scan surrounding video frames for lost information • Stabilize blurry video caused by camera shake and subject motion • Correct dark and washed out scenes resulting from poor lighting • Clarify features and details not visible to the eye through resolution enhancement • Correct images that have jagged edges around objects and people • Create large and detailed panoramic pictures from multiple frames • Reduces noise and increase video quality produced by older equipment • Print still or panoramic enhanced images • Send images over the Internet or save digitally to disk Sarensix provides capabilities to:
  45. 45. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Audio Video Forensic Lab (AVFL) AVFL improves the quality of video surveillance tapes and digital video files It uses image clarification which involves digital techniques that can eliminate noise and reveal details from shadow With the use of Super Resolution technology, it improves and enlarges a degraded image AVFL provides following services: • Voice identification • Tape authentication • Video clarification • Crime scene video • Video enhancement • Video stabilization • Audio cleanup • Noise reduction • Crime scene videography
  46. 46. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Other Video Forensics Tools Video Detective is a real-time video surveillance and forensic analysis toolkit Jam is a family of software tools and plug-ins provide an integrated desktop environment for viewing and analyzing video Ikena Reveal is a video enhancement software package for security and surveillance applications
  47. 47. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Video forensic refers to the process of taking recorded video and enhancing it to a point where detailed faces of people and other investigative information can be seen All the evidence and documentations must be preserved in a secure location Keep video evidence away from external factors such as magnetic fields, static electric charges, and electrical hazards Create Standard Operating Procedures (SOPs) for analyzing video evidence dTective is the video evidence analysis and audio evidence analysis system
  48. 48. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

×