File000089

Computer Hacking Forensic Investigator Exam 312-49
Audio File Forensics
Module XXII Page | 2226 Computer Hacking Forensic Investigator Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Computer Hacking Forensic Investigator (CHFI)
Module XXII: Audio File Forensics
Exam 312-49


 News: UCD to Lead Way in Audio, Video Forensics
Source: http://www.rockymountainnews.com/
Denver may become a Mecca for police nationwide and solve crimes by carefully analyzing audio and
video evidence.
A professor at the University of Colorado at Denver has won $710,000 in Federal Earmark Grants to
establish a new National Center for Audio/Video Forensics.
“Housed in UCD's Department of Music and Entertainment Industry Studies, the center would establish a
‘cutting-edge forensics center’ to spur new knowledge and methods in the field of audio and video
forensics”, Professor Richard Sanders said.
Undergraduates, graduates, and professionals could learn the latest techniques in tracking phones used
by prisoners, or discovering when someone is impersonating another's voice to move cash out of a bank
account.
Voice biometrics would work in combination with fingerprints, DNA, and facial recognition to identify
suspects.
The grant will give real-world research opportunities to students in recording arts, statistics, computer
science, and the health sciences programs, Sanders said.
“It also will give local police, attorneys, investigators and homeland security officers access to state-of-the-
art forensics technology,” he said.
Sanders' work in audio forensics was tapped by investigators working on JonBenet Ramsey’s case, the
Kobe Bryant case, the Columbine High School shootings, and the Oklahoma City bombing trial.
The grants were awarded by the U.S. Department of Justice. Additional support came from the university,
the international Audio Engineering Society, the American College of Forensic Examiners, the American
Board of Recorded Evidence, and the National Law Enforcement Technology Center.


 News: Audio Forensics Experts Reveal (Some) Secrets
Source: http://www.wired.com/
The conversation in traffic surrounding an urban parking lot was captured by a hidden surveillance
microphone where the following were heard:
 Slamming of the car door
 Someone sneezing
 Two voices, one male and a female voice
Allen, an audio forensic investigator, suddenly said, “Can anybody catch the sound that pops like a
needle?” He enhanced the tape by editing this pop and no audio forensic expert at Javits Convention
Center could find the other edit he made, as it was hidden behind a speaker’s cough and recognized using
sophisticated software only. Allen says that this sneaky edit proves that audio evidence is sometimes
difficult to find, and what forensic experts are paid for.
Sometimes, audio forensic examiners are asked to authenticate tape or audio in court that is used as
evidence, such as undercover surveillance tapes made by the police, recordings presented by feuding
parties in a divorce, or tapes from corporations seeking to prove employee wrongdoing or industrial
espionage.
According to Catalin Grigoras, a forensic examiner from Bucharest, digital recorders that are plugged into
electrical sockets capture the frequency signature of the local power supply, a signature that varies over
time. He told the workshop how he uses the frequency signatures of the local electrical power sources to
pinpoint when and where recordings were made using the software DCLive Forensics (by comparing
power signatures captured on suspect recordings with the signatures stored in his database).
The technique can even be applied to recordings made with battery-powered recorders, as long as they use
electret microphones: Because they act like capacitors, electret mics will register the electrical signatures
of nearby devices.
In one case, Grigoras claims to have identified the date of a recording broadcast in Europe, but made in
the Middle East, "probably in the mountains, or in a cave," he says. He did not mention any names, but it
was hard not to think of Al Qaeda. Grigoras holds a Ph.D. in electrical engineering and performs forensic
work for the Romanian ministries of justice and the interior.
Garrett Husveth, a court-approved forensic examiner, argued that audio forensics experts may soon find
themselves on the front lines in fighting terrorism.

According to Husveth, child pornographers, drug dealers, and terrorist groups are starting to use aural
steganography—a technique of hiding data in seemingly innocuous carrier files—to share information
surreptitiously.
Husveth hid a Bruce Springsteen tune after the end-of-file marker on an MP3 containing James Brown's
"I Feel Good." He pointed out that terrorists could use similar techniques to distribute secret files through
file-sharing networks or email.
Audio forensics was born during WWII, when acoustic scientists investigated the possibility of identifying
enemy voices on radio broadcasts. Their efforts were made possible by the newly invented sound
spectrograph, a tool for graphing the frequency and amplitude of voice patterns over time.
The police soon began using sound spectrograms to identify voices for investigative purposes, and
spectrographic evidence became widely admissible in courts of law.
The advent of digital audio made it far easier to tamper with recorded evidence, but it also gave
investigators a host of new and powerful tools.
Improvements in forensic-audio software have given the field a big boost. Allen, for example, used a
software package called EditTracker 2.0 to dissect his doctored recording. First he played the audio file for
the audience and displayed its spectrogram on a projection screen. Then he punched a key on his laptop.
Within seconds, EditTracker had scanned the file and flagged a bunch of "feature discontinuities"—
unexpected bumps in frequency and amplitude, miniscule gaps, and other unusual events. They are
undetectable to the naked ear, but can indicate tampering.
The field has benefited from the popular glamorization of high-tech forensics work in general. Industry
insiders call it "the CSI effect."
"It's changed demand and changed expectations," said Richard Sanders, a University of Colorado audio
forensics expert who has consulted in cases ranging from the Oklahoma City bombing to the Columbine
shooting.
Still, Allen stressed that the work of the audio forensics examiner is often slow and painstaking. An
examiner may have to analyze a recording hundreds of times in order to determine whether it was
fudged— and, if so, how.
Nonetheless, it pays well. According to his website, panel moderator Tom Owen charges a minimum of
$4,500 to authenticate an hour's worth of digital or analog recording, and $2,500 to testify in court.
Then again, it's not the kind of thing anyone could do at home with a copy of GarageBand or Audacity.
"This is very complex work," said Allen. "It doesn't happen with the push of a button, like I saw on
television the other night."

Module Objective
Audio forensics refers to the investigation of audio files that could be considered evidence. It not only
involves the collection of audio evidence, but also provides various methodologies in order to preserve,
analyze, and enhance the original samples. This module will familiarize you with the following:
 Audio Forensics
 Why Audio Forensics?
 Fast Fourier Transform (FFT)
 Methodologies
 Audio Forensic Process
 Sound Recordings as Evidence in Court Proceedings
 Tools

Module Flow

 Audio Forensics
Audio is an audible acoustic frequency that ranges from 20 Hz to 20,000Hz. It is considered evidence and
is subjected to court proceedings if it is recorded at the event where a crime occurs. It is considered a
useful tool for investigating cases. Audio recording is the process of recording acoustic signals with the
help of any recording device. Often, recordings may be unclear due to background voices and low pitch of
the speaker; they require analysis, evaluation, and presentation of the tape for gaining audibility and
intelligibility of the recorded audio. This is called audio forensics, and it is performed by audio
investigators.
“Audio forensics is the appellation for the engineering discipline involving the analysis, evaluation and
presentation of acoustic evidence in a judicial inquiry normally leading towards a presentation in court.”
It is also called an application of audio science and technology that helps to investigate and establish facts
in criminal or civil courts of law.

 Why Audio Forensics?
Audio forensics is necessary to solve cases where audio tape or recordings play a major role as evidence.
Various reasons for performing audio forensics are as follows:
 Audio tape verification and authentication: Tape verification and authentication is
verifying and checking the authenticity of the audio, if it is being tampered with or not. It
determines whether the tape is edited to change the meaning of the conversation or if the
intelligibility of the audio present on the original tape has been tampered with.
 Monitoring suspicious criminal targets: This involves placement of audio recorders to spy
on people or suspects who can provide information that may be important to building the case.
 Audio tape enhancement: Most recorded audio does not offer clarity in terms of what is
spoken and who is speaking. Audio enhancement makes the audio audible and intelligible. This
enables the court or the person listening to understand the conversation better.
 Voiceprint analysis: This is analysis for voice identification. It involves comparison of one or
more known voices to the unknown voice in the recording.
 Tracking missed information: This involves tracking information on the tape that may have
been missed.
 Spying on employees: Employing audio recorders in the workplace can allow an organization
to spy on its employees.
 Audibility analysis: Audibility analysis is the analysis of the audio for better audibility of the
voice in tape.
 Detecting attackers: This involves strategically placing recorders in various places to try to
detect attackers and attacks.

 Use of Voice as a Tool
Recorded voice is considered a tool of evidence as no two voices share the same phonetics; in other words,
no two people sound exactly the same. Investigators use this as an advantage and can solve cases by
editing the original tape to increase listenability and intelligibility of the audio.
Scenario: Person X calls the police to report a murder. The cops rush to the place where the incident was
reported, and does not find much physical evidence at the scene. The only thing they have is the
anonymous call recorded. With this call, an investigator has something to proceed with. He/she can try to
compare the recorded speech with a suspect’s phonetic components. If the court orders the suspect to
provide a voice sample, the investigator can possibly be able to tell if the caller was also the murderer.


 Fast Fourier Transform (FFT)
Fast Fourier Transform (FFT) is an algorithm used to analyze the authenticity of audio. It uses a “divide
and conquer” approach where it breaks the audio signal into a time-frequency spectrum. It also checks for
discontinuities in the audio spectrum.
For analyzing the authenticity of the audio, it generates two graphs:
 Audio signal: The normal spectrum in a time-frequency form
 FFT analysis graph: The graph that shows details of discontinuities in the audio signal spectrum

Figure 22-1: FFT Frequency Spectrum (Source: www.pcij.org)


 Methodologies of Audio Forensics
Audio forensics involves various methodologies for making audio audible and intelligible; therefore, it is
helpful as evidence in solving a case. Following are the methodologies of audio forensics:
 Voice identification
 Audibility analysis
 Audio enhancement
 Authenticity analysis
 Sound identification
 Event sequence analysis
 Dialogue decoding
 Remnant signal analysis


 Voice Identification
Voice identification is the aural and spectrographic comparison of a known suspicious voice to the
recorded voice. This helps in identifying the recorded voice. It involves voice print analysis using the T-F-
A (time-frequency-amplitude) spectrogram of the audio signal through a spectrograph. It is easy to
analyze and identify the speaker through the voice identification process as phonetic characteristics vary
from person to person. It compares elements of voice such as bandwidth, fundamental frequency,
prosody, vowel formant trajectory, occlusives, plosives, fricatives, pitch striations, formant energy, breath
patterns, nasal resonance, coupling, and special speech pathology of the speaker.
It is used as evidence in a variety of cases such as murders, bomb threats, terrorist activities, political
corruption, and so on. Following are the two factors that are involved in the analysis of speech through
voice print analysis:
1. Determining the uniqueness of the voice depending upon the size of vocal cavities such as throat,
nasal, and oral activities.
2. Determining the uniqueness of the manner in which the articulators or muscles of speech are
manipulated during speech.

Pre-identification considerations for voice identification methodology are as follows:
 Check whether the recording consists of a sufficient amount of voice for analyzing
 Look at the quality of the voice
 Check if the conversation volume is high when compared to the background noise


 Audibility Analysis
Audibility analysis is analyzing the audio or recording to try to gaining better audibility. It is the
reconstruction of an acoustic event to determine whether the event is audible for a person of average
hearing ability. It checks whether the audio signal is audible or obscured by the noise or masking signals.
It involves a signal-to-noise ratio evaluation, as it is necessary to check whether the event can be heard or
obscured by the dominant acoustic (masking) signal.


 Audio Enhancement
Audio enhancement is the technique of improving the quality of the audio in terms of listenability and
intelligibility.
Listenability enhancement: Listenability enhancement is applying equalization, compression, amplitude
increase, and limiting to make an intelligible audio signal more listenable.
Intelligence enhancement is breaking the audio into small portions/sections, processing them
independently, and then assembling them. It is a complex process because initially the audio sample is de-
assembled and after processing each section with different techniques it is re-assembled sequentially.
Sometimes it reveals unknown audio events that might be important for solving the case. This procedure
involves:
 Spectrographic analysis
 Complex de-convolution filtering
 Wideband and multiband compression
 Amplitude increase and limiting

Figure 22-4: Audio Enhancement (Source: http://www.mycert.org.my/)
The sound that makes the audio signal unintelligible is called noise and the main concentration of audio
enhancement remains the removal of this noise. The types of noises that are removed or minimized
through the enhancement technique are as follows:
 Clicks caused due to the discontinuity while recording
 Hisses caused due to the cassette tape
 Engine noise caused by car cameras
 Background noise recorded while recording a call
 Hums, buzzes, and pop noises caused due to power sources
 Ruffling sounds caused by recording the audio with hidden recorders


 Authenticity Analysis
Authenticity analysis is determining whether the audio origin is the same as the acoustic event represents.
It involves authentication verification of the recording by means of:
 Aural analysis: Aural analysis is critical listening of the audio tape. It provides direction to the
attorney/examiner by locating the sections of the audio to be physically inspected.
 Magnetic tape development: Signatures such as start, stop, and pause that are like fingerprints
can be detected when the tape recorder touches or leaves the magnetic recording tape. This
magnetic tape development allows these signatures to be examined under microscopic
magnification.
 Physical inspection: Determines the condition of the tape and therefore inspects for any damage
that would affect its functions.
 Manufacturing date: Investigators also check the manufacturing date of the audio or recording to
analyze its authenticity.
 Spectrographic analysis: Displays recording in a frequency, time, and amplitude form of the
spectrum. It clearly shows the gaps or alterations in the audio.
 Waveform analysis: A waveform display is obtained when the audio recording is fed to the
computer using any audio forensic software. It shows the time vs. amplitude form of a wave,
which allows identification and comparison of audio recordings considering signatures.


 Sound Identification
Sound identification is the comparison of unknown sound to known sound to identify it. It often requires
original recording devices for comparison as the original recording characteristics can be observed in the
exemplar recording. Sound identification techniques can be critical, for example, in determining whether
a barely audible sound is a voice or an acoustic illusion caused by the recording device or an extraneous
sound source.
Sound identification can be achieved by a device such as a spectrograph, which helps the investigator in
comparing the unknown sound with the known one.


 Event Sequence Analysis
Event sequence analysis is the analysis of the sequence of acoustic events in the recording that determines
components such as time, frequency, and amplitude. This analysis can either verify or negate the
authenticity of the recording. It also reveals absolute duplication of events.


 Dialogue Decoding
Dialogue decoding is an extraction of the message or speech from the recording. It is based on voice
patterns in a spectrograph. For example, if the spectrogram displays a broadband burst that has a
frequency range of approximately 4500 Hz to 8000 Hz, one may reasonably assume this component to be
some sort of sibilant sound such as an /s/ rather than a lower frequency vowel such as an /a/. Voiced
(vocal chord movement) and unvoiced (no vocal chord movement) areas are graphically displayed, as well
as are plosives, fricatives, occlusives, and formant patterns specific to certain vowels, consonants,
diphthongs, and so on. All of these components help in the process of decoding.
Figure 22-5: Dialogue Decoding (Source: http://www.mycert.org.my/)


 Remnant Signal Analysis
Other signal analysis involves analyzing the segment of audio that seems to be irrelevant to the
investigation. It involves sonic events evaluation. The segment of audio/recording can be a disturbance
caused due to the surroundings, background conversations, machine rhythms, reverberation, gunshot
discharge signatures, and so on.


 Integrity Verification of the Audio
Relying on audio (as evidence) requires investigators to verify the integrity of the audio/recording.
Integrity verification of the audio can qualify or disqualify the tape for further proceedings depending
upon its originality, that is, whether it was edited to change the meaning of the conversation or just edited
for enhancement to gain audibility.
There are various tape editing technologies that allow editing of the audio recording to gain audibility.
Electronic tape editing can detect acoustic irregularities in the audio through devices that can detect
additions. Some alterations to digitized recordings are difficult to be traced, if they are copied on another
tape. Suspicious acoustic events include the following:
 Total loss of the audio signal
 Change in the speaker’s frequency response during different telephone conversations
 Spikes that provide audible sounds of short duration (attributable to normal stop, start, and pause
functions of the recorder)
Editing options provide the ability to alter the recording into word processor mode. The traditional tape
technique involves looking for alterations by checking and noting:

 Unexplained transients
 Equipment sounds
 Extraneous voices
 Inconsistencies with provided written information


 Audio Forensics Process
Audio is considered evidence if:
 The conversation is recorded during the occurrence of crime;
 Or the conversation on the tape is providing information to solve the case
To examine and analyze the audio, it is necessary for an investigator to follow the audio forensic process,
which is as follows:
1. Evidence handling
2. Preparation of exemplars
3. Preparation of copies
4. Preliminary examination
5. Conversion of analog to digital audio
6. Preparation of spectrograms
7. Spectrographic analysis


 Audio Forensics Process: Evidence Handling
Evidence handling is one of the major steps involved in any forensic process. It helps investigators keep
the evidence safe. Steps for evidence handling in the audio forensics process are as follows:
 Gather all the tapes that are recorded and considered evidence
 It is essential to identify, to maintain physical integrity, and to ensure the audio as evidence for
forensic purposes
 Critically listen to the original tape
 Do physical inspection of the tape
 Check to see if the tape has been tampered with
 Document all the actions that are taken to protect the evidence


 Audio Forensics Process: Preparation of Exemplars
Preparation of exemplars involves comparison of the original spectrum to unknown voice samples. Here,
a suspect’s voice is recorded, where dialogue in the original recording is repeated and these exemplars are
prepared by investigators.
Investigators even need to check the performance of the recorder used for the original recording.
Conditions of recording and speech delivery must be duplicated for easy analysis. Therefore, analyze the
exemplar to compare voice in the audio file with the voice of the suspicious person, which can provide
voice identification.


 Audio Forensics Process: Preparation of Copies
The steps to be followed in preparation of copies of the audio file are as follows:
 Preserve the original recording for court proceedings
 Create copies of recording so that the original tape is not corrupted
 For voice identification, look for direct copies of the recording
 It enhances the original recording, removing noise for better audibility
 Playback of evidential audio depends upon track determination, azimuth alignment, speed
accuracy, and the reproducer of the recording


 Audio Forensics Process: Preliminary Examination
The steps for preliminary examination of the audio files are as follows:
 Check the audio files that are to be examined
 Determine the integrity and authenticity of the audio
 Check whether the recording is original or modified
 Determine if the known and unknown voice samples meet guidelines to allow further examination
 Analyze the quality of voice samples by suppressing the noise or distortion


 Audio Forensics Process: Analog to Digital Conversion
The audio forensic process involves analog to digital conversion or vice versa, depending upon the
requirements. The steps to be followed by an investigator are as follows:
1. Convert analog audio to digital audio: In most cases, the audio that is submitted for court
proceedings is analog audio, so use A-to-D converters such as successive approximation ADC,
Flash ADC, Dual slope ADC, and so on to maintain its integrity.
2. Extract the audio, if it is digital and corrupted: The audio that is used as evidence may not be
easily reachable or can be damaged or corrupted. Use tools such as Zune music recovery software
for recovering or extracting the corrupted audio.
3. Check for compatibility of the audio file: Digital audio has many formats and if the format is not
compatible, it is not possible to play the audio.


 Audio File Formats
Source: http://www.fileinfo.net/
File extensions or the file formats used for audio files are as follows:


Figure 22-6: Audio File Formats


 Audio Forensics Process: Preparation of Spectrograms
Preparation of spectrograms is necessary for the analysis of the audio. These spectrograms can be
prepared using tools such as a sound spectrograph. It helps:
1. To identify the speech by formatting and marking the spectrogram.
2. In retention of the spectrogram, which is necessary until the completion of the investigation.
Figure 22-7: Preparation of Spectrograms (Source: http://www.pcij.org/)


 Audio Forensics Process: Spectrographic Analysis
Spectrographic analysis is analysis of the audio signals with the help of a spectrograph. It involves pattern
and aural comparison of the voice sample. Pattern comparison is the comparison of the original and
enhanced samples for similar speech sound and the number of comparable words depending upon pitch
and energy distribution. The steps to perform spectrographic analysis are as follows:
 Perform pattern and aural comparison of the voice sample
 Perform spectrum and waveform analysis of the audio signals
 Check if any clues can be obtained from the comparison
 Document all the actions and their results


 Sound Spectrograph
A spectrograph is an automatic analyzer of audio signals. It is a basic instrument used for research studies
on audio recordings. It displays these audio signals of the recordings in the form of a graph or spectrum.
This spectrum lets the investigators know of any additions or enhancements made to the audio. The
spectrum of the audio signal is displayed in the frequency and amplitude form where time is on the x-axis,
frequency is on y-axis, and voice energy is in the form of a gray scale.
It is composed of four components, which are as follows:
1. A magnetic tape recorder/playback unit
2. A tape scanning device with a drum that carries the paper to be marked
3. An electronic variable filter
4. An electronic stylus that transfers the analyzed information to the paper
Figure 22-8: Audio Signal Spectrum (Source: http://www.mycert.org.my/)


 Sound Recordings As Evidence In Court Proceedings
Sound recordings are considered evidence and can be helpful in solving cases. This evidence in courts
should be accompanied by:
 Testimony by the defense, plaintiff, or government witnesses of tampering or other illegal acts
 A problem description should be complete, which includes the exact location of the recording,
type of alteration, scientific test performed, etc.
 The original tape must be provided as duplicate tapes cannot be authenticated and are not
accepted for examination
 Tape recorders and related components to produce the recordings must be provided
 Written records of any damage or maintenance done to the recorders, accessories, and other
submitted equipment must be provided


 Audio File Manipulation
Evidence has the ability to change a judgment, and the manipulation of evidence can cause a criminal to
go free. Factors that can cause alterations, tampering, or manipulation in a recording are as follows:
 Deletion: Deleting unwanted portions of the audio by splicing or using a recorder
 Obscuration: Involves distorting the recording, leaving the audio unintelligible is obscuration; it
is used for masking audio
 Transformation: Transformation is altering the portions of audio to change the meaning of the
conversation
 Synthesis: Generation of additional text such as background sound or conversation to original
recording is called synthesis
These can be suspected with gaps, fades, transients, and equipment sounds that are audible in the altered
recording.


Tools



 DCLive Forensics
Source: http://www.enhancedaudio.com/
The DCLive Forensics tool analyzes, enhances, and improves difficult recordings using a system with a
sound card. It is installed on the system with either the Windows XP or Vista operating system. Other
operating system users need to use DC LIVE/Forensics SIX software. It consists of the following:
 DSS filter: The DSS feature in the DC Live/Forensics software is a unique and powerful tool
capable of recovering speech from recordings containing loud music or other coherent noise.
Until now, a recording that was covered or masked by loud music was basically a lost cause. DSS
decoding is designed to make it possible to attenuate this music and uncover the speech.
 Adaptive filter: This filter is used largely in audio applications where the ambient noise
environment is constantly changing and the filter coefficients must automatically change to
maintain good intelligibility of an audio signal. The Adaptive filter adjusts itself to remove a
modeled signal representing the unwanted time domain waveform while preserving the target
signal.
 AFDF forensics filter: The Forensics Adaptive Frequency Domain Filter (AFDF) is a variation
on the basic theme of the Auto Spectrum CNF filter mode. The primary difference is that the

Forensics AFDF is optimized for forensics-oriented files and not “High Fidelity” files. It has a
faster response time and a narrower effective bandwidth while producing higher levels of noise
reduction at the expense of potentially producing higher levels of digital artifacts. The AFDF Filter
is “Adaptive,” which means that it will automatically adjust itself to varying noise environments
and no noise sample must be taken. It is fast and easy to use with little or no training, but can
garner incredible results.
 Polynomial filter: This allows mathematicians, scientists, and engineers to create their own
transfer function using a polynomial expression. For those not so inclined, there is a plentiful
assortment of presets to choose from.
 Spectral filter: This filter allows you to create a very high-resolution frequency response
contour using up to 32,000 bands of equalization by using FFT techniques. The user interface
system is intuitive and allows you to zoom-in on a particular portion of the spectrum that needs
accurate and specific frequency response contouring. By using the right mouse button, you can
add bands, or delete them simply by pointing and clicking on the graph. This is very useful in
forensic audio applications for removing in-band and out-of-band extraneous noises because of
its high degree of frequency selectivity and its very steep slope characteristic.
 Spectrogram: A spectrogram provides a method for displaying waveform data including Time,
Frequency, and Intensity, all on the same graph. Time is represented on the horizontal (X) axis,
frequency is represented on the vertical (Y) axis, while intensity (loudness) is represented by color
or gray scale. The spectrograph displays itself in the destination window when this is
checked. The spectrogram is calculated for whatever waveform is displayed, highlighted and
zoomed in on in the source window, and is time aligned with the same.
 De-Clipper: The De-Clipper can be used to repair signals, which were either clipped by digital or
analog mechanisms. It performs its magic by detecting signals with very low or zero values of
slope (user adjustable from 0–0.5) above a settable threshold amplitude value. When this
condition is detected, the routine mathematically interpolates a new signal and replaces the zero
slope portion of the bad waveform with one containing curvature.
 Flashback recording: Flashback is primarily designed to be used in real-time intelligence
gathering and forensics surveillance situations. It is a feature that allows you to go back and listen
to something that you may have heard during real-time operation of the software that may be of
immediate interest and needs rapid clarification.
 Dual stream recording: It automatically logs an unedited raw version of the recording along
with the enhanced version with a backup.
 VOX Record activation: This feature allows the recorder to start and stop itself based on the
presence or lack of presence on an audio input signal. The recording activation process is
triggered by signal level sensing as determined by your setting of the Trip Level control. The
record de-activation process is triggered by a combination of the signal level sensing system in
conjunction with the Minimum Duration control setting.
 Auto Date and Time Stamp: By checking the box labeled Automatic VOX Time/date stamp,
Live will add a marker each time recording starts in VOX mode. This is useful in remote locations
or for surveillance recording. By enabling this function, Live will record only when audio is
actually present to be recorded, and each recording event will be marked with the exact time and
date of the individual recording.
 Unlimited Recording Time: Windows has an inherent 2 Gig limit for wave files. This can be a
problem for very long recordings. With our products, the system automatically starts a new file
every time the 2 gig limit is reached and never misses a beat.
 Brick Wall Filter: Very steep digital filters used to attenuate signals that are interfering with a
poor quality audio signal. These are FIR (Finite Impulse Response) filters that exhibit a very high
degree of out-of-band attenuation.

Until DCLive Forensics was in existence, it was very difficult to analyze voice samples, but Live has made
the work of investigation easy with its exemplary features.
The features of DCLive Forensics are as follows:
 Higher resolution spectral filter offering a 32,000 band EQ: Filter sizes up to 65526 bands are
now properly supported
 Improved time domain adaptive filter: The stability has been greatly improved and the
Normalized version of this filter is dramatically faster, especially at very large filter sizes
 Popular formats of audio are supported: After the removal of noise and enhancement of
recordings, the audio can be saved in any audio format, such as MP3, WMA, and even directly to
CD
 Tune library organizes investigator’s collection: One can organize files by case, by investigator, or
even by the time depending upon the requirement. All files are presented in one easy to use
display and one can play, edit, or burn them at any time
 Impulse filter enhancements: Enhancements are done just to improve the facet of the impulse
filters. One can notice enhancements down the line when each slider is moved. This involves the
addition of a new check box that takes special consideration of brass and strong vocal passages
that are used to confuse the filters and remove good audio. With this enhancement, impulse
filters can be pushed to new heights for achieving better results over competing products
 CD making is included so CDs are easy to make with a drag-and-drop system
 Improved frequency ranges make waves, adding ultrasonic range (100 kHz)
Figure 22-9: DCLive Forensics


 Zoom H2 Portable Digital Recorder
Source: http://www.zoom.co.jp/
The Zoom H2 Portable Digital Recorder provides brilliant stereo recording in an easy-to-use, ultra-
portable device. It makes it easy for the user to record pristine audio in an infinite variety of applications.
From seminars and conferences, to electronic news gathering (ENG) and podcasting, to musical
performances, songwriting sessions, and rehearsals, the H2 provides amazing recording quality. No
matter what kind of music the user performs or instrument the user plays, the H2 can effortlessly record it
in high-quality stereo.
The features of the Zoom H2 Portable Digital Recorder are as follows:
 Records in WAV 96kHz/48kHz/44.1kHz at 16-bit or 24-bit, MP3 to 320 kbps, and Variable Bit
Rate (VBR) data formats
 Built-in USB 2.0 interface
 Time Stamp and Track Marker functions in Broadcast WAV Format (BWF)
 Accommodates up to 4-GB SD memory cards
 Auto Gain Control (AGC) for pristine recordings
 Auto Start function means you're always ready to record
 Low-cut filter eliminates wind noise
Figure 22-10: Zoom H2 Portable Digital Recorder


 CEDAR for Windows
Source: http://www.cedar-audio.com/
CEDAR for Windows is a radical departure from audio restoration systems. It offers both multi-channel
and simultaneous multiple-process restoration capabilities. It can be used in Windows applications such
as audio preparation for DVD and surround formats, as well as for stereo mastering. CEDAR for Windows
has been used and trusted for many years by national police forces and air accident investigation bureaus.
It includes few modules, as follows:
 Console
 Declick
 Decrackle
 Dehiss2
 NR-3 broadband noise reduction
 Phase corrector
 EQ and dynamics

 Spectral analyzer
 CEDAR for Windows: Console
The Console is a tool for the audio restoration process that controls up to 16 channels. It is the core of
CEDAR for Windows, which manages each of the ProDSP boards in the system, allowing any ProDSP
board to run any of the CEDAR for Windows audio modules.
Tthe features of the Console are as follows:
 It permits series processing of a stereo signal using up to eight processes
 Complex audio restoration
 It allows the user to configure the system for parallel processing of up to 16 audio channels
 It performs real-time restorations on 8-track and 16-track masters
 It permits real-time processing for DVD-Audio and other “surround” formats
Figure 22-11: Console
 CEDAR for Windows: Declick
Declick is an invaluable process that removes scratches and clicks that are encountered on audio files such
as film, tape, or disk, whether analog or digital. It is an invaluable process when dealing with master
tapes, film sound tracks, and videos. It eliminates up to 2500 scratches and clicks per channel per second.
It acts only on damaged signals, forwarding undamaged signals without any changes.

Figure 22-12: Declick
 CEDAR for Windows: Decrackle
Decrackle is the effective process of removing crackles and buzzes caused by faulty wiring and electrical
interference and surface noise, and reducing the unpleasant effects of distortion in the audio. Undamaged
signals pass without any changes, leaving the audio with no distortion, no loss of transients, and no loss of
ambience.
Figure 22-13: Decrackle
 CEDAR for Windows: Dehiss2
Dehiss2 includes an algorithm that offers broadband noise reduction with neither spectral analysis nor
offline processing. Though the algorithm is complicated, it is easy to use. Because it dispenses with
complicated audio engineering procedures, its simplified user interface allows experts and non-expert
users to obtain excellent results with the minimum time and effort spent.
With just three Dehiss controls and a learning curve of minutes, it is not only one of the most effective,
but also the simplest, quality noise reduction packages.
Figure 22-14: Dehiss2

 CEDAR for Windows: NR-3 v2
NR-3 v2 is powerful and flexible noise reduction system for speech and music developed for the audio and
video industries. It incorporates CEDAR's unique perceptual models and noise profiling, which help the
user to detect and eliminate more of the unwanted noise than can be removed using other methods, but
with little or no effect on the genuine signal.
The process also allows the user to define multiple noise reduction setups and select between them in real
time (for processing scene changes), or progressively move between them to cope with changes in the
noise content of the recording. With its 512-band Spectral Analyzer, 512-node FIR Equalizer, and unique
"Noise Free Equalization," NR-3 will rescue recordings that just a few years ago would have been
considered unusable. Noise Free Equalization also ensures that dehissed material can retain all the
brightness and ambience perceived in the originals.
Figure 22-15: NR-3 v2
 CEDAR for Windows: Phase Corrector
Phase Corrector improves mono compatibility and stereo imaging, extends high frequencies, and tightens
bass response of the audio signal. It will automatically identify and correct errors—without any user
intervention—to an accuracy of 0.2 samples. It will then track any changes in the error, dynamically
updating the amount of correction it applies at any given moment. In addition, a manual mode allows
users to shift a signal by as little as 0.01 samples—a tiny offset of just 0.2 microseconds. This makes it
possible to improve the frequency response and imaging of audio that cannot be restored using EQs,
dynamics processors, or any other audio processes.
The latest version of the Phase/Time Corrector incorporates a faster, more accurate Lissajous display, and
an improved tracking algorithm that locks on to phase errors more quickly than ever before.

Figure 22-16: Phase Corrector
 CEDAR for Windows: EQ and Dynamics
EQ and Dynamics provides up to 16 channels of dynamic processing and equalization with multiple
processes per channel. D/EQ allows the user to select the number of nodes in your curve—it does not limit
you to a high-pass, a low-pass, and a handful of parametric EQs. Furthermore, D/EQ offers a remarkable
frequency accuracy of 0.1Hz, and the parametric nodes offer a superb Q of 100 at 50 Hz. The shelving
filters are maximally flat in the pass-band and the stop-band, and offer roll-offs of up to 100 dB/octave.
It allows creating custom dynamics processors using any combination of the following processor types:
 Compressor
 Limiter
 Downward expander
 Upward expander
This allows crafting almost any dynamics response individually for each audio channel. Every processor
has an independent threshold, ratio (where appropriate), and envelope, and an “advance/delay” feature
makes D/EQ more transparent than conventional devices or software. Its accuracy and flexibility make it
particularly well suited to mastering and forensic applications.


Figure 22-17: EQ and Dynamics
 CEDAR for Windows: Spectral Analyzer
Spectral Analyzer analyzes the spectrum of the audio signal. It consists of 1023 parametric equalizers that
can have their spacing and bandwidths tailored by the user.
Figure 22-18: Spectral Analyzer


 Audio File Forensic Tools: DCVST
Source: http://www.tracertek.com/
DCVST is a plug-in based on the Automatic Forensic Adaptive Filter (AFDF) that is found in the
Continuous Noise Filter DC LIVE/Forensics. It is designed to help you quickly and easily dig deeply into
an audio file filled with noise and pull out a single voice or conversation. It constantly changes during
operation and can adjust on the fly to noisy environments. Since this filter is almost completely automatic,
little or no training is required to begin getting excellent results, the moment it is installed.
The Forensics Adaptive Frequency Domain Filter (AFDF) is a variation on a standard Adaptive filter. The
primary difference is that the Forensics AFDF is optimized for forensics-oriented files and not “High
Fidelity” files. It has a faster response time and a narrower effective bandwidth while producing higher
levels of noise reduction at the expense of potentially producing higher levels of digital artifacts.
Figure 22-19: DCAfdf
 Audio File Forensic Tools: Advanced Audio Corrector
Source: http://www.avlandesign.f2s.com/
Advanced Audio Corrector removes phase distortions in high-quality audio files before coding them to
MP3 format. It works in a batch mode.

Description: If during manufacturing of an audio soundtrack there is an analog stage (recording to a
tape or to a gramophone disk in an analog mode), an inevitable consequence will be the appearance of a
phase shift between stereo channels. In an uncompressed soundtrack, these distortions are inaudible but
only become apparent when stored in a compressed format (for example in MP3 Joint Stereo). These
distortions are heard as unpleasant high-frequency sounds.
Advanced Audio Corrector allows removing phase distortions in high-quality audio files (WAV, 16-bit
Stereo) before coding to a format MP3.
System Requirements: Pentium-100, 16 MB RAM
Figure 22-20: Advanced Audio Corrector


 Audio File Forensic Tools: Acoustica
Source: http://www.acondigital.com/
Acoustica records, edits, and processes audio on a system. It removes noise, add effects, and burns CDs or
DVDs. It is an ideal solution for audio editing and mastering where users can open or save files in
different formats including wav, wma, ogg, mp3, and so on.

Figure 22-21: Acoustica
 Audio File Forensic Tools: Smaart
Source: http://www.eaw.com/
Smaart is software designed for real-time sound system measurement, optimization, and control software
for both Microsoft Windows and Mac operating systems. It performs dual channel FFT-based audio
measurement in an intuitive, accessible interface that seamlessly integrates measurement, analysis, and
data logging. It can also remotely control an extensive, constantly expanding list of professional equalizers
and DSP processors.

Features:
 Runs native under both Mac and Windows
 Powerful new architecture and streamlined interface
 Now operates with ASIO multi-channel input devices
 New real-time measurement mode and enhanced Impulse Response mode
 Increased data storage and display capability
 Expanded Signal Generator functionality
Figure 22-22: Smaart


 Audio File Forensic Tools: DNS1500
The DNS1500 Dialogue Noise Suppressor suppresses noise content from recordings or live surveillance
and curbs excessive reverberation. It is capable of reducing or even eliminating the noises from sources
such as air conditioning, aircrafts, traffic, and other extraneous environmental noise. It enhances the
audio in terms of both listenability and intelligibility, thus helping forensic investigators.
Other “dynamics” processes generate pumping, distortion, and other unnatural effects, and
encode/decode processes, when used in this way, simply act as dynamic processors.
The features of DNS1500 Dialogue Noise Suppressor are as follows:
 It cleans up speech recorded in noisy environments
 It is quick and simple to use
 It is suited to situations where computer-based restoration and enhancement is found
inappropriate

Figure 22-23: DNS1500 Dialogue Noise Suppressor

 Audio File Forensic Tools: DNS2000
DNS2000 is an implementation of DNS1000 technology designed specifically for use in forensic
laboratories equipped with Pro Tool Systems.
The features of the DNS 2000 Dialogue Noise Suppressor are as follows:
 It removes background noise from recordings and live transmissions
 It removes motor noise from small covert recorders and eliminates electrical interference
 It compensates for unfavorable acoustic conditions and poor microphone placement
 It suppresses excessive reverberation
DNS2000 Remote Control Software runs on most Mac-based Pro Tools Systems, providing a fast and
intuitive user interface based on CEDAR's award-winning DNS1000 Dynamic Noise Suppressor, itself a
standard for audio forensic applications. The software controls all aspects of the DNS2000, and
automates its operating parameters.
Connected to its Mac-based Pro Tools host using a USB cable, the DNS2000 processor provides the DSP
and the 24-bit I/O for the system. Housed in a 1U rack, it offers a remarkable 198 MFLOPS of floating-
point power, and will process two independent channels simultaneously.


 Audio File Forensic Tools: DNS 3000
DNS3000 is automated dialogue noise suppression system with scenes, memories, moving faders, and
pro-tools integration.
The features of the DNS 3000 Dialogue Noise Suppressor are as follows:
 On-board scenes with a simple and intuitive recall system
 Automation to LTC time code
 Moving faders and sample rates up to 96 kHz
 Ensures that there is no loss of lip-sync
 Eliminates all manner of noises from recordings and live transmissions



 Audio File Forensic Tools: M-Audio MicroTrack 2496
Source: http://www.m-audio.com/
The M-Audio MicroTrack 2496 is a rugged high-fidelity mobile two-channel digital recorder that records
WAV and MP3 files to CompactFlash or microdrives that is perfect for everything from professional field
recording to corporate meetings, training, education, and worship. Record via balanced line inputs or
built-in high-fidelity microphone pre-amps complete with phantom power for studio-quality
microphones. Connect MicroTrack to a PC via USB and simply drag and drop recordings to your
computer for immediate editing or web posting. Power derives from a lithium-ion battery, and the unit
can recharge via the computer’s USB connection or USB power adapter. The MicroTrack combines quality
beyond that of DAT recording with the convenience and cost-effectiveness of personal digital recorders for
the ultimate solution in mobile recording.
Tthe features of the M-Audio MicroTrack 2496 portable digital recorder are as follows:
 Twol-channel WAV and MP3 recording and playback for pro recording, meetings, training,
education, and worship
 Storage via convenient CompactFlash or microdrives
 Immediate drag-and-drop file transfer to PC and Mac via USB 2.0 mini- connector
 Powered via USB, rechargeable lithium-ion battery or power supply (both included)
 Separate left and right input level controls with signal and peak indicators
 Professional balanced 1/4" TRS inputs with mic/line switch
 Digital I/O supports surround-encoded AC-3 and DTS passthrough
 Dual microphone preamps with phantom power for studio microphones
 1/8" TRS input with 5V power for use with stereo electret microphone (microphone included)
 S/PDIF coaxial input for digital transfers
 Monitoring via RCA line outputs or 1/8" stereo headphone output
 Stereo output level control
 Large LCD for navigation and statistics
 Dedicated buttons for navigation, record, hold, pause, delete, menu, and power
 Includes CompactFlash card

Figure 22-26: M-Audio MicroTrack 2496 Portable Digital Recorder
 Audio File Forensic Tools: Cardinal
Source: http://www.digrec.com/
Cardinal takes forensic audio processing and analysis to the next level. Fully integrating the capabilities of
both hardware and software, Cardinal seamlessly handles forensic analysis and processing of all analog
and digital media. Cardinal represents productivity enhancements through a seamlessly integrated audio
workstation environment capable of blending the merits of superb audio filtering with comprehensive
speech and signal processing
Features of Cardinal are as follows:
 Multi-tasking: Productivity-enhancing features such as asynchronous “batch-mode” processing
will allow multiple jobs to be handled simultaneously
 Power: The powerful AccelCore external processor hardware, based on the Analog Devices
TigerSHARC floating-point DSP, provides all audio I/O and performs lightning fast regardless of
workload
 Handles All Media: Common analog and digital media formats, including file-based media, can be
handled directly
 Seamless Integration: Both Direct-X and VST plug-ins are supported within the Audio Lab
environment. Audio Lab replaces the Master Control Panel found on previous products and
allows software-based tools to be mixed and matched with others that are AccelCore-based.
Further, the entire setup can be preserved in a single file for easy recall and repeatability at a later
date
 Flexible and Intuitive Interface: The redesigned graphical user interface is easy to navigate,
allowing for quick filter setup, recall, and adjustment
 Better Results: DAC’s proven methodology and built-in scientific approach help produce results
that win cases and survive legal challenges. It offers advanced filtering precision and ASCLD
reporting

Figure 22-27: Cardinal


 Audio File Forensic Tools: JBR 4 Channel Microcassette Playback/Transcriber Unit
The JBR 4 Microcassette Playback/Transcriber Unit was specifically designed to "safely" and "accurately"
play all known ¼-track stereo and ½-track monaural micro-cassette recordings.
Transcription:
In addition, the unit has a foot pedal to control the Play, Stop, and Backspace, and a variable speed
control and multiple headphone outputs to aid in efficiently and accurately transcribing hard-to-
understand covert recordings.
Copying/Duplication:
Adding a standard cassette dual-deck recorder and the optional duplication control unit creates a
professional quality micro-cassette-to-standard cassette duplicator. Adding a CD-Recorder in addition to
or in place of the cassette recorder creates a micro-cassette-to-CD-R duplicator.
Special Features:
The JBR Micro-cassette playback unit has two playback heads. The right head is located in the standard
position. The left head is located 3/4 of an inch before the standard head location. Therefore, this head
plays approximately 3/4 inch of virgin tape, then the original record head start transient, followed by the
original erase head start transient and the exact point where the audio starts being recorded on the tape.
This set of data is crucial in determining if a tape recording is authentic or has been changed or altered.
No other known micro-cassette playback unit can recover this set of data.
 Audio File Forensic Tools: JBR Universal DVD/CD Player/Transcriber Unit
JBR's Universal DVD & CD Player/Transcriber is specifically designed and optimized for playing and
transcribing all CDs (MP3 and WMA encoded) and most DVDs. This unit has features that will enhance
the efficiency and accuracy of the transcriber. If the track and time information is entered in the
transcript, a cross-reference is generated that enables the reviewer to check the accuracy of any
transcribed statement or conversely determine if any statement heard is accurately transcribed.
Following are the features of JBR DVD/CD Player/Transcriber Unit:
 Dual headphone outputs with limiter
 Foot pedal control of Play and Skip-back

 Near perfect performance
 Plays both 3" and 5" diameter CDs.
 Plays CD-Rs, CD-R/Ws and CD-Audio and MP-3s encoded at 32 kilobits-per-second (kbps) to
320 kbps
 WMA (Windows Multi-media Audio) encoded at 48 kbps to 192 kbps
 Plays DVD-RAM and DVD-Audio
 Limiter to protect listener's hearing

Summary
 Audio forensics is the name of the engineering discipline involving the analysis, evaluation, and
presentation of acoustic evidence in a judicial inquiry normally leading towards a presentation in
the court
 Voice comparison standards involve evidence handling; preparation of exemplars, copies, and
spectrograms; preliminary examination; and spectrographic analysis
 Integrity verification of audio is necessary to qualify or disqualify a tape for further proceedings
 Sound recordings are presented as evidence in court proceedings
 Audio forensics involves various methodologies that enhance audio to gain audibility and
intelligibility
 DCLive Forensics is the audio forensics tool that analyzes, enhances, and improves difficult
recordings using a system with a sound card

Exercise:
1. What is meant by the term “audio forensics”?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
2. Why is audio forensics necessary in solving computer crime cases?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
3. Briefly describe the Fast Fourier Transform (FFT) algorithm.
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
4. Discuss various methodologies of audio forensics.
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
5. Explain how integrity verification of audio helps the investigator to verify the integrity of the
audio/recording.
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
6. Discuss the audio forensic process.
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________

___________________________________________________________________
___________________________________________________________________
7. Describe the spectrograph and its advantages.
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
8. Explain how sound recordings are helpful in solving computer crime cases.
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
9. What are some of the factors that can cause alterations, tampering, or manipulation in a
recording?
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
10. Discuss various tools associated with audio forensics.
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________

Hands On
1. Visit http://www.law.cornell.edu/ and read about federal rules of evidence.
2. Visit http://expertpages.com/ and read how to use voice as a forensic tool.
3. Visit http://www.enhancedaudio.com/ and read about audio forensic techniques.
4. Download audio forensics tools from http://www.tracertek.com/, and run and check your
results.

File000089

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (20)

Similar to File000089

Similar to File000089 (20)

More from Desmond Devendran

More from Desmond Devendran (20)

Recently uploaded

Recently uploaded (20)

File000089