Lessons Learned from Video Forensics Expert Grant Fredericks

Author: IPVM Team, Published on Jun 28, 2013

How video is used in court is a source of great interest and, often, confusion. Many ask: Will H.264 be thrown out of court? Does video need to be watermarked? How much resolution is necessary? Is a certain frame rate too low?

We spoke with Grant Fredericks, a leading video forensics expert and the the coordinator of Law Enforcement and Emergency Services Video Association (LEVA) Forensic Video Emergency Response Team. Inside, we present answers to these questions and more.

Key Findings

Here are the key findings from the interview:

  • Codec choice itself makes no difference, but how video is compressed can be critical
  • Frame rate and jitter can cause problems in analyzing speed / force
  • Long I-frame intervals increase doubt / risk of video problems
  • DVR/VMS watermarking means nothing
  • Avoid transcoding

Codec Choice Not Important, but Compression Is

Fredericks explained that codec choice itself does not guarantee or exclude any type of video, so just because a video is H.264, MPEG-4 or MJPEG does not determine its acceptance in court. Rather, video forensics experts will analyze the details of the video.

For MJPEG, a common problem seen, is that video is too heavily compressed to reduce bandwidth, causing loss of critical details. On the other hand, for H.264, common problems include long I frame intervals and variations in timing of P frames.

Frame Rate and Jitter Can Cause Problems Analyzing Speed / Force

Analysts can try to “reverse engineer the video” to determine image refresh rates, but higher frame rates provide the most detail when it comes to determining movement. The space between images, sometimes milliseconds, can be the difference determining whether and action was a punch or a push. Generally, the shorter the GOP the more reliable the information in the video, Fredericks said. There have been cases where because of time lapse, images have been misinterpreted.

One example he mentioned was:

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

"When you look at a video that is 10 images per second and you're trying to opine on speed, motion or force, you might actually have 10 refresh rates per second, but the first images might be 10 milliseconds apart, then a big gap, and the next image 400 milliseconds later. So when someone is seen moving their hand toward someone (like a police officer moving their hand toward somebody's shoulder) it may seem like they're moving their hand slowly and then suddenly punching someone in the shoulder.

“We see that all the time. We see accusations of police abuse and they're saying. 'Look there's where he hit him,' but we say he's moving his hand at an even interval until this moment, and then there is a third of a second delay. But when you look at the images, it looks like a regular refresh rate -- like his hand moved three times further in the same time period. It gives the illusion of force that didn't exist."

“One of the main things analysts are looking for is edge pattern," Fredericks says. "When the images are predictive or bi-directional they don’t have proper edge pattern, so if you’re trying to measure an object for speed, identification or height analysis, you have to be really cautious of the image you choose or make sure what you choose is reliable,” he said.

Long I-Frame Intervals Increase Risk / Doubt

As the examples above show, compression errors or delays in generation of subsequent frames can make video distort what actually happened. A common culprit / confounding factor is long I-frame interval (i.e., the amount of time between one initialization frame and the next). Fredericks mentioned examples of 5 or 10 second I-frame intervals, recommending that the interval be kept to 1 per second or less.

Here's an example of a real world problem involving I frames:

"The other thing, too, is edge pattern. When you see light in an MPEG video, where you have a motion vector, and the motion vector is only updated at the I-frame, in some areas, there are people who look at video, and you can see a person standing in a certain position, their head turned in a certain way. Until that reference frame is updated, their head isn't recorded looking in the other direction, toward the crime. That person may take the stand and say, "Yeah, I watched the guy knife the guy." Yet you look at the video and he's turning the other way when the actual knife was pulled up. But the video was wrong."

DVR/VMS watermarking means nothing

"Watermarking means nothing," said Fredericks. "Manufacturers who claim their stuff is admissible [because of watermarking] are not being honest. Using forensic tools we can extract the native files without ever having to go through watermarking or the encryption process. Watermarking really doesn't mean a thing to us."

Defense attorneys can and often object to the authenticity of manufacturer watermarking, even if it is digital. Video forensic experts typically analyze the details of the video as well as examining visible signs that would indicate tampering. Ultimately, this is the strongest way to validate the authenticity of the video, not a manufacturer watermark.

Avoid Transcoding

The biggest frustration for analysts is that many CCTV systems are designed for the user to get a convenient copy of video, but not the original uncompressed footage.

“It’s transcoding an already compressed medium into a additionally compressed convenient copy,” Fredericks says. “The process changes everything about the information. It changes color. It changes edge pattern. It changes GOP structure. And that does sometimes impact reliability and authenticity."

Fredericks says he trains analysts to acquire the native files when pulling video for evidence. “Those data files, whatever they happen to be, are going to be the best evidence,” he said. Using “forensic tools that allow us to sample the signal going to the monitor and intercept an uncompressed copy” they are able to pull those files.

To authenticate, "we can do a pixel value comparison to make sure it was done accurately. The files are large, but they are pixel for pixel the same as the original file”, he says.

Multiplexing in Old Systems

Multiplexing is not an issue in IP cameras, but when pulling video from older analog systems, analysts will occasionally run into issues with “missing video.” Fredericks explains:

“In cold cases, that still deal with analog we see it. The suspect used [the victim’s] ATM card and when investigators went to examine the video, the person doing the examination didn’t understand multiplexing. They didn’t realize the second camera (the system was switching from camera one to camera two) was there. When you go frame by frame you’re missing camera two every time. Ten years later I’m asked to review the video and I get the analog video and review it and there’s the images of their suspect close up using the victim's ATM card.”

LEVA Response Team

LEVA's response team, of which Fredericks is the coordinator, is made up of video forensic analysts from the UK, US and Canada and was established to provide a facility for training and a venue to process large amounts of video in the event of a large scale incident. Any member agency can call on its activation to help examine video evidence. So far, it has only been called to assist in analyzing footage from the Vancouver Riots in 2011. The team examined more than 5,000 hours of video in 14 days, tagged more than 15,000 criminal acts and provided evidence that led to more than 400 people being charged with crimes. The team was also contacted by the White House after the Boston Bombings, but was not activated.

1 report cite this report:

Avigilon Sales Warning: Panoramics 'Useless for Investigation', 'Evidence Dismissed' on Jun 28, 2016
Are panoramics useless for investigation? Will evidence from those cameras be dismissed? That is what an Avigilon sales person told one of our...
Comments (7): PRO Members only. Login. or Join.

Most Recent Industry Reports

Final Day Save $50 - IP Networking Course September 2017 on Aug 17, 2017
Today, Thursday, August 17th is the last day to save $50 on the September IP Networking Course. This is the only networking course designed...
Directory Of Consumer Security Cameras on Aug 16, 2017
The consumer camera segment continues to grow, with new startups and models from existing players released seemingly every month. In this report we...
Cat 5e vs Cat 6 vs Cat 6a Network Cable Usage Statistics on Aug 16, 2017
Cat 5e? Cat 6? Cat 6a? What do integrators use in practice, today? 140+ integrators told IPVM. Here are the results: For those who want to...
Hikvision Responds To Cracked Security Codes on Aug 15, 2017
Hikvision has responded to IPVM's report on Hikvision's security code being cracked, both with a 2 page update to dealers and communication...
Stolen Video NVR / DVR Statistics on Aug 15, 2017
"But what happens if someone steals my recorder?" Anyone who has done more than a handful of jobs has probably heard this question several times....
Hikvision Europe Cutting Out Unauthorized End User Sales on Aug 15, 2017
The days of anyone buying Hikvision from anywhere off the Internet are numbered, at least in Europe, if Hikvision's plan comes to fruition. In...
Axis Laser Focus PTZ Tested on Aug 14, 2017
Axis has been touting its new Q6155-E laser focus PTZ as 'always in focus' and 'always in color'. Does it really deliver? We bought and tested...
Vulnerability Directory For Access Control Cards on Aug 14, 2017
Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types...
IP Camera Specification / RFP Guide 2017 on Aug 14, 2017
RFPs are hard. Do them 'right' and it takes a lot of knowledge and time. Do them 'wrong' and you can be (a) unwittingly locked into a specific...
Cellphone Usage Issues For Integrators (Statistics) on Aug 11, 2017
Cellphones clearly offer significant advantages in communication and problem solving. But they can also be a major pain point if employees...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact