Just for information SWGIT group is not recommending watermark because this process modifies the content of the files and can persist as a part of the file.
Lessons Learned from Video Forensics Expert Grant Fredericks
Published Jun 28, 2013 04:00 AM
How video is used in court is a source of great interest and, often, confusion. Many ask: Will H.264 be thrown out of court? Does video need to be watermarked? How much resolution is necessary? Is a certain frame rate too low?
We spoke with Grant Fredericks, a leading video forensics expert and the the coordinator of Law Enforcement and Emergency Services Video Association (LEVA) Forensic Video Emergency Response Team. Inside, we present answers to these questions and more.
Key ********
**** *** *** *** ******** **** the *********:
- ***** ****** ****** ***** ** **********, but *** ***** ** ********** *** be ********
- ***** **** *** ****** *** ***** problems ** ********* ***** / *****
- **** *-***** ********* ******** ***** / risk ** ***** ********
- ***/*** ************ ***** *******
- ***** ***********
Codec ****** *** *********, *** *********** **
********** ********* **** ***** ****** ****** does *** ********* ** ******* *** type ** *****, ** **** ******* a ***** ** *.***, ****-* ** MJPEG **** *** ********* *** ********** in *****. ******, ***** ********* ******* will ******* *** ******* ** *** video.
*** *****, * ****** ******* ****, is **** ***** ** *** ******* compressed ** ****** *********, ******* **** of ******** *******. ** *** ***** hand, *** *.***, ****** ******** ******* long * ***** ********* *** ********** in ****** ** * ******.
Frame **** *** ****** *** ***** ******** ********* ***** / *****
******** *** *** ** “******* ******** the *****” ** ********* ***** ******* rates, *** ****** ***** ***** ******* the **** ****** **** ** ***** to *********** ********. *** ***** ******* images, ********* ************, *** ** *** difference *********** ******* *** ****** *** a ***** ** * ****. *********, the ******* *** *** *** **** reliable *** *********** ** *** *****, Fredericks ****. ***** **** **** ***** where ******* ** **** *****, ****** have **** **************.
*** ******* ** ********* ***:
"**** *** **** ** * ***** that ** ** ****** *** ****** and ***'** ****** ** ***** ** speed, ****** ** *****, *** ***** actually **** ** ******* ***** *** second, *** *** ***** ****** ***** be ** ************ *****, **** * big ***, *** *** **** ***** 400 ************ *****. ** **** ******* ** seen ****** ***** **** ****** ******* (like * ****** ******* ****** ***** hand ****** ********'* ********) ** *** **** like ****'** ****** ***** **** ****** and **** ******** ******** ******* ** the ********.
“** *** **** *** *** ****. We see *********** ** ****** ***** *** they're ******. '**** *****'* ***** ** hit ***,' *** ** *** **'* moving *** **** ** ** **** interval ***** **** ******, *** **** there ** * ***** ** * second delay. *** **** *** **** ** the ******, ** ***** **** * regular ******* **** -- **** *** hand ***** ***** ***** ******* ** the **** **** ******. ** ***** the ******** ** ***** **** ****'* exist."
“*** ** *** **** ****** ******** are ******* *** ** **** *******," ********** ****. "**** *** ****** *** predictive ** **-*********** **** ***’* **** proper **** *******, ** ** ***’** trying ** ******* ** ****** *** speed, ************** ** ****** ********, *** have ** ** ****** ******** ** the ***** *** ****** ** **** sure **** *** ****** ** ********,” he ****.
Long *-***** ********* ******** **** / *****
** *** ******** ***** ****, *********** errors ** ****** ** ********** ** subsequent ****** *** **** ***** ******* what ******** ********. * ****** ******* / *********** ****** ** **** *-***** interval (*.*., *** ****** ** **** between *** ************** ***** *** *** next). ********** ********* ******** ** * or ** ****** *-***** *********, ************ that *** ******** ** **** ** 1 *** ****** ** ****.
****'* ** ******* ** * **** world ******* ********* * ******:
"*** ***** *****, ***, ** **** pattern. **** *** *** ***** ** ** MPEG *****, ***** *** **** * motion ******, *** *** ****** ****** is **** ******* ** *** *-*****, in **** *****, ***** *** ****** who **** ** *****, *** *** can *** * ****** ******** ** a ******* ********, ***** **** ****** in * ******* ***. ***** **** reference ***** ** *******, ***** **** isn't ******** ******* ** *** ***** direction, ****** *** *****. **** ****** may **** *** ***** *** ***, "Yeah, * ******* *** *** ***** the ***." *** *** **** ** the ***** *** **'* ******* *** ***** way **** *** ****** ***** *** pulled **. *** *** ***** *** wrong."
DVR/VMS ************ ***** *******
"************ ***** *******," **** **********. "************* who ***** ***** ***** ** ********** [because ** ************] *** *** ***** honest. ***** ******** ***** ** *** extract *** ****** ***** ******* **** having ** ** ******* ************ ** the ********** *******. ************ ****** *****'* mean * ***** ** **."
******* ********* *** *** ***** ****** to *** ************ ** ************ ************, even ** ** ** *******. ***** forensic ******* ********* ******* *** ******* of *** ***** ** **** ** examining ******* ***** **** ***** ******** tampering. **********, **** ** *** ********* way ** ******** *** ************ ** the *****, *** * ************ *********.
Avoid ***********
*** ******* *********** *** ******** ** that **** **** ******* *** ******** for *** **** ** *** * convenient **** ** *****, *** *** *** original ************ *******.
“**’* *********** ** ******* ********** ****** into a additionally ********** ********** ****,” ********** ****. “The ******* ******* ********** ***** *** information. ** ******* *****. ** ******* edge *******. ** ******* *** *********. And **** **** ********* ****** *********** and ************."
********** **** ** ****** ******** ** acquire *** ****** ***** **** ******* video *** ********. “***** **** *****, whatever **** ****** ** **, *** going ** ** *** **** ********,” he ****. ***** “******** ***** **** allow ** ** ****** *** ****** going ** *** ******* *** ********* an ************ ****” **** *** **** to **** ***** *****.
** ************, "** *** ** * pixel ***** ********** ** **** **** it *** **** **********. *** ***** are *****, *** **** *** ***** for ***** *** **** ** *** original ****”, ** ****.
Multiplexing ** *** *******Multiplexing is not an issue in IP cameras, but when pulling video from older analog systems, analysts will occasionally run into issues with “missing video.” Fredericks explains:
“** **** *****, **** ***** **** with ****** ** *** **. *** suspect **** [*** ******’*] *** **** and **** ************* **** ** ******* the *****, *** ****** ***** *** examination ****’* ********** ************. **** ****’* realize *** ****** ****** (*** ****** was ********* **** ****** *** ** camera ***) *** *****. **** *** go ***** ** ***** ***’** ******* camera *** ***** ****. *** ***** later *’* ***** ** ****** *** video *** * *** *** ****** video *** ****** ** *** *****’* the ****** ** ***** ******* ***** up ***** *** ******'* *** ****.”
LEVA ******** ****
****'* ******** **** [**** ** ****** available], ** ***** ********** ** *** coordinator, ** **** ** ** ***** forensic ******** **** *** **, ** and ****** *** *** *********** ** provide * ******** *** ******** *** a ***** ** ******* ***** ******* of ***** ** *** ***** ** a ***** ***** ********. *** ****** agency *** **** ** *** ********** to **** ******* ***** ********. ** ***, it *** **** **** ****** ** assist ** ********* ******* **** *** ********* ***** ** ****. *** **** ******** **** **** 5,000 ***** ** ***** ** ** days, ****** **** **** **,*** ******** acts *** ******** ******** **** *** to **** **** *** ****** ***** charged **** ******. *** **** *** also ********* ** *** ***** ***** after *** ****** ********, *** *** not *********.
Comments (6)
TS
Tariq Saleh
Jun 28, 2013
Carl Lindgren
Jun 28, 2013John,
I totally agree with the I-frame interval statement. I find it interesting that a number of VMS manufacturers default their systems to large GOP sizes. When asked, they either can't explain the reasoning or say something to the effect that it reduces bit rate.
Hogwash! Larger GOPs have little, if any effect on bit rates. In my testing I discovered that increasing the GOP size (I-frame interval), increases the size of P-frames on most h.264 systems, resulting in approximately the same bit rate. The only noticeable difference I can see is the interval between I-frame noise pulses gets longer with larger GOPs, making them slightly less apparent.
JH
John Honovich
Jun 28, 2013Tariq, good feedback. I was not aware of SWGIT's position. That said, typically how manufacturers do digital watermarking, is to generate a hash that can later be recalculated to determine if any bits have been changed in the file. That should not modify the content. Of course, a visual watermark, like an image/text overaly would.
Carl, I agree about the tradeoff with the I frame internal. Longer I frames mean that P frames need to predict / record more motion, meaning that they will have to be bigger.
TS
Tariq Saleh
Jun 29, 2013Exactly, and we have to differentiate between digital signature and watermark. Another aspect that we need to be aware of is the encryption and many vendors are using encryption while exporting the video and few of them are using encryption while the data is still in the storage. The SWGIT is almost the only source I found that cover the recommendation of these three aspects.
JH
John Honovich
Jun 29, 2013Tariq, do you have a link to the current doc? Here's their current doc page but I am not sure which particular one you are referencing.
TS
Tariq Saleh
Jun 29, 2013Here is some of the documents
"Best Practices for Maintaining the Integrity of Digital Images and Digital Video - Section 13"
"Best Practices for Maintaining the Integrity of Digital"
"Digital Imaging Technology Issues for the Courts - Section 17"