Lessons Learned from Video Forensics Expert Grant Fredericks

Author: IPVM Team, Published on Jun 28, 2013

How video is used in court is a source of great interest and, often, confusion. Many ask: Will H.264 be thrown out of court? Does video need to be watermarked? How much resolution is necessary? Is a certain frame rate too low?

We spoke with Grant Fredericks, a leading video forensics expert and the the coordinator of Law Enforcement and Emergency Services Video Association (LEVA) Forensic Video Emergency Response Team. Inside, we present answers to these questions and more.

Key Findings

Here are the key findings from the interview:

  • Codec choice itself makes no difference, but how video is compressed can be critical
  • Frame rate and jitter can cause problems in analyzing speed / force
  • Long I-frame intervals increase doubt / risk of video problems
  • DVR/VMS watermarking means nothing
  • Avoid transcoding

Codec Choice Not Important, but Compression Is

Fredericks explained that codec choice itself does not guarantee or exclude any type of video, so just because a video is H.264, MPEG-4 or MJPEG does not determine its acceptance in court. Rather, video forensics experts will analyze the details of the video.

For MJPEG, a common problem seen, is that video is too heavily compressed to reduce bandwidth, causing loss of critical details. On the other hand, for H.264, common problems include long I frame intervals and variations in timing of P frames.

Frame Rate and Jitter Can Cause Problems Analyzing Speed / Force

Analysts can try to “reverse engineer the video” to determine image refresh rates, but higher frame rates provide the most detail when it comes to determining movement. The space between images, sometimes milliseconds, can be the difference determining whether and action was a punch or a push. Generally, the shorter the GOP the more reliable the information in the video, Fredericks said. There have been cases where because of time lapse, images have been misinterpreted.

One example he mentioned was:

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

"When you look at a video that is 10 images per second and you're trying to opine on speed, motion or force, you might actually have 10 refresh rates per second, but the first images might be 10 milliseconds apart, then a big gap, and the next image 400 milliseconds later. So when someone is seen moving their hand toward someone (like a police officer moving their hand toward somebody's shoulder) it may seem like they're moving their hand slowly and then suddenly punching someone in the shoulder.

“We see that all the time. We see accusations of police abuse and they're saying. 'Look there's where he hit him,' but we say he's moving his hand at an even interval until this moment, and then there is a third of a second delay. But when you look at the images, it looks like a regular refresh rate -- like his hand moved three times further in the same time period. It gives the illusion of force that didn't exist."

“One of the main things analysts are looking for is edge pattern," Fredericks says. "When the images are predictive or bi-directional they don’t have proper edge pattern, so if you’re trying to measure an object for speed, identification or height analysis, you have to be really cautious of the image you choose or make sure what you choose is reliable,” he said.

Long I-Frame Intervals Increase Risk / Doubt

As the examples above show, compression errors or delays in generation of subsequent frames can make video distort what actually happened. A common culprit / confounding factor is long I-frame interval (i.e., the amount of time between one initialization frame and the next). Fredericks mentioned examples of 5 or 10 second I-frame intervals, recommending that the interval be kept to 1 per second or less.

Here's an example of a real world problem involving I frames:

"The other thing, too, is edge pattern. When you see light in an MPEG video, where you have a motion vector, and the motion vector is only updated at the I-frame, in some areas, there are people who look at video, and you can see a person standing in a certain position, their head turned in a certain way. Until that reference frame is updated, their head isn't recorded looking in the other direction, toward the crime. That person may take the stand and say, "Yeah, I watched the guy knife the guy." Yet you look at the video and he's turning the other way when the actual knife was pulled up. But the video was wrong."

DVR/VMS watermarking means nothing

"Watermarking means nothing," said Fredericks. "Manufacturers who claim their stuff is admissible [because of watermarking] are not being honest. Using forensic tools we can extract the native files without ever having to go through watermarking or the encryption process. Watermarking really doesn't mean a thing to us."

Defense attorneys can and often object to the authenticity of manufacturer watermarking, even if it is digital. Video forensic experts typically analyze the details of the video as well as examining visible signs that would indicate tampering. Ultimately, this is the strongest way to validate the authenticity of the video, not a manufacturer watermark.

Avoid Transcoding

The biggest frustration for analysts is that many CCTV systems are designed for the user to get a convenient copy of video, but not the original uncompressed footage.

“It’s transcoding an already compressed medium into a additionally compressed convenient copy,” Fredericks says. “The process changes everything about the information. It changes color. It changes edge pattern. It changes GOP structure. And that does sometimes impact reliability and authenticity."

Fredericks says he trains analysts to acquire the native files when pulling video for evidence. “Those data files, whatever they happen to be, are going to be the best evidence,” he said. Using “forensic tools that allow us to sample the signal going to the monitor and intercept an uncompressed copy” they are able to pull those files.

To authenticate, "we can do a pixel value comparison to make sure it was done accurately. The files are large, but they are pixel for pixel the same as the original file”, he says.

Multiplexing in Old Systems

Multiplexing is not an issue in IP cameras, but when pulling video from older analog systems, analysts will occasionally run into issues with “missing video.” Fredericks explains:

“In cold cases, that still deal with analog we see it. The suspect used [the victim’s] ATM card and when investigators went to examine the video, the person doing the examination didn’t understand multiplexing. They didn’t realize the second camera (the system was switching from camera one to camera two) was there. When you go frame by frame you’re missing camera two every time. Ten years later I’m asked to review the video and I get the analog video and review it and there’s the images of their suspect close up using the victim's ATM card.”

LEVA Response Team

LEVA's response team, of which Fredericks is the coordinator, is made up of video forensic analysts from the UK, US and Canada and was established to provide a facility for training and a venue to process large amounts of video in the event of a large scale incident. Any member agency can call on its activation to help examine video evidence. So far, it has only been called to assist in analyzing footage from the Vancouver Riots in 2011. The team examined more than 5,000 hours of video in 14 days, tagged more than 15,000 criminal acts and provided evidence that led to more than 400 people being charged with crimes. The team was also contacted by the White House after the Boston Bombings, but was not activated.

1 report cite this report:

Avigilon Sales Warning: Panoramics 'Useless for Investigation', 'Evidence Dismissed' on Jun 28, 2016
Are panoramics useless for investigation? Will evidence from those cameras be dismissed? That is what an Avigilon sales person told one of our...
Comments (7): PRO Members only. Login. or Join.

Most Recent Industry Reports

Camera Multi-Streaming Usage on Nov 22, 2017
IP cameras typically support multiple streams, allowing a single camera to transmit multiple streams at different resolutions, frame rates and even...
Law Breaking Longse Enters USA on Nov 22, 2017
Longse has established itself as world class, at least in spamming the industry, ripping off Milestone and Video Insight as well as Hikvision. But...
Amazon Key In-Home Package Delivery Examined on Nov 21, 2017
Interesting idea or invitation for criminals to rob you? Amazon's recent announcement of Key, a service that will help manage visitors, welcoming...
Top Maglock Provider Warns Against Using Maglocks on Nov 21, 2017
Do not buy my company's product. It sounds strange indeed, but a senior Allegion consultant stated that maglocks should not be used in common...
CBR vs VBR vs MBR - Surveillance Streaming on Nov 21, 2017
How you stream video has a major impact on quality and bandwidth. And it is not simply CODEC choice (e.g., H.264 vs H.265). Regardless of the...
Hikvision Chinese Government Owner CETHIK Exposed on Nov 20, 2017
Hikvision deceives about its Chinese government ownership. Contrary to their claims about 'independence' and simply having 'shareholders' that are...
Dahua Hard-Coded Credentials Vulnerability on Nov 20, 2017
A newly discovered Dahua backdoor is described by the researcher discovering it as: not the result of an accidental logic error or poor...
Panasonic Unified Surveillance Strategy Analyzed on Nov 17, 2017
Panasonic is now a "Unified Surveillance" offering, as their ASIS 2017 booth proclaimed: Looking to make a comeback in the security industry,...
Amazon Cloud Cam Is Poor (Tested) on Nov 17, 2017
Retail behemoth Amazon has entered the surveillance market with the Amazon Cloud Cam, the eyes of its just-announced Amazon Key delivery...
Nest Secure Alarm System Tested on Nov 16, 2017
Google's expansion continues, this time into home security with their Nest subsidiary's move into alarm systems. They paid more than a...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact