Lessons Learned from Video Forensics Expert Grant Fredericks

By: IPVM Team, Published on Jun 28, 2013

How video is used in court is a source of great interest and, often, confusion. Many ask: Will H.264 be thrown out of court? Does video need to be watermarked? How much resolution is necessary? Is a certain frame rate too low?

We spoke with Grant Fredericks, a leading video forensics expert and the the coordinator of Law Enforcement and Emergency Services Video Association (LEVA) Forensic Video Emergency Response Team. Inside, we present answers to these questions and more.

Key Findings

Here are the key findings from the interview:

  • Codec choice itself makes no difference, but how video is compressed can be critical
  • Frame rate and jitter can cause problems in analyzing speed / force
  • Long I-frame intervals increase doubt / risk of video problems
  • DVR/VMS watermarking means nothing
  • Avoid transcoding

Codec Choice Not Important, but Compression Is

Fredericks explained that codec choice itself does not guarantee or exclude any type of video, so just because a video is H.264, MPEG-4 or MJPEG does not determine its acceptance in court. Rather, video forensics experts will analyze the details of the video.

For MJPEG, a common problem seen, is that video is too heavily compressed to reduce bandwidth, causing loss of critical details. On the other hand, for H.264, common problems include long I frame intervals and variations in timing of P frames.

Frame Rate and Jitter Can Cause Problems Analyzing Speed / Force

Analysts can try to “reverse engineer the video” to determine image refresh rates, but higher frame rates provide the most detail when it comes to determining movement. The space between images, sometimes milliseconds, can be the difference determining whether and action was a punch or a push. Generally, the shorter the GOP the more reliable the information in the video, Fredericks said. There have been cases where because of time lapse, images have been misinterpreted.

One example he mentioned was:

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

"When you look at a video that is 10 images per second and you're trying to opine on speed, motion or force, you might actually have 10 refresh rates per second, but the first images might be 10 milliseconds apart, then a big gap, and the next image 400 milliseconds later. So when someone is seen moving their hand toward someone (like a police officer moving their hand toward somebody's shoulder) it may seem like they're moving their hand slowly and then suddenly punching someone in the shoulder.

“We see that all the time. We see accusations of police abuse and they're saying. 'Look there's where he hit him,' but we say he's moving his hand at an even interval until this moment, and then there is a third of a second delay. But when you look at the images, it looks like a regular refresh rate -- like his hand moved three times further in the same time period. It gives the illusion of force that didn't exist."

“One of the main things analysts are looking for is edge pattern," Fredericks says. "When the images are predictive or bi-directional they don’t have proper edge pattern, so if you’re trying to measure an object for speed, identification or height analysis, you have to be really cautious of the image you choose or make sure what you choose is reliable,” he said.

Long I-Frame Intervals Increase Risk / Doubt

As the examples above show, compression errors or delays in generation of subsequent frames can make video distort what actually happened. A common culprit / confounding factor is long I-frame interval (i.e., the amount of time between one initialization frame and the next). Fredericks mentioned examples of 5 or 10 second I-frame intervals, recommending that the interval be kept to 1 per second or less.

Here's an example of a real world problem involving I frames:

"The other thing, too, is edge pattern. When you see light in an MPEG video, where you have a motion vector, and the motion vector is only updated at the I-frame, in some areas, there are people who look at video, and you can see a person standing in a certain position, their head turned in a certain way. Until that reference frame is updated, their head isn't recorded looking in the other direction, toward the crime. That person may take the stand and say, "Yeah, I watched the guy knife the guy." Yet you look at the video and he's turning the other way when the actual knife was pulled up. But the video was wrong."

DVR/VMS watermarking means nothing

"Watermarking means nothing," said Fredericks. "Manufacturers who claim their stuff is admissible [because of watermarking] are not being honest. Using forensic tools we can extract the native files without ever having to go through watermarking or the encryption process. Watermarking really doesn't mean a thing to us."

Defense attorneys can and often object to the authenticity of manufacturer watermarking, even if it is digital. Video forensic experts typically analyze the details of the video as well as examining visible signs that would indicate tampering. Ultimately, this is the strongest way to validate the authenticity of the video, not a manufacturer watermark.

Avoid Transcoding

The biggest frustration for analysts is that many CCTV systems are designed for the user to get a convenient copy of video, but not the original uncompressed footage.

“It’s transcoding an already compressed medium into a additionally compressed convenient copy,” Fredericks says. “The process changes everything about the information. It changes color. It changes edge pattern. It changes GOP structure. And that does sometimes impact reliability and authenticity."

Fredericks says he trains analysts to acquire the native files when pulling video for evidence. “Those data files, whatever they happen to be, are going to be the best evidence,” he said. Using “forensic tools that allow us to sample the signal going to the monitor and intercept an uncompressed copy” they are able to pull those files.

To authenticate, "we can do a pixel value comparison to make sure it was done accurately. The files are large, but they are pixel for pixel the same as the original file”, he says.

Multiplexing in Old Systems

Multiplexing is not an issue in IP cameras, but when pulling video from older analog systems, analysts will occasionally run into issues with “missing video.” Fredericks explains:

“In cold cases, that still deal with analog we see it. The suspect used [the victim’s] ATM card and when investigators went to examine the video, the person doing the examination didn’t understand multiplexing. They didn’t realize the second camera (the system was switching from camera one to camera two) was there. When you go frame by frame you’re missing camera two every time. Ten years later I’m asked to review the video and I get the analog video and review it and there’s the images of their suspect close up using the victim's ATM card.”

LEVA Response Team

LEVA's response team [link no longer available], of which Fredericks is the coordinator, is made up of video forensic analysts from the UK, US and Canada and was established to provide a facility for training and a venue to process large amounts of video in the event of a large scale incident. Any member agency can call on its activation to help examine video evidence. So far, it has only been called to assist in analyzing footage from the Vancouver Riots in 2011. The team examined more than 5,000 hours of video in 14 days, tagged more than 15,000 criminal acts and provided evidence that led to more than 400 people being charged with crimes. The team was also contacted by the White House after the Boston Bombings, but was not activated.

1 report cite this report:

Avigilon Sales Warning: Panoramics 'Useless for Investigation', 'Evidence Dismissed' on Jun 28, 2016
Are panoramics useless for investigation? Will evidence from those cameras be dismissed? That is what an Avigilon sales person told one of our...
Comments (6) : Members only. Login. or Join.

Related Reports

VSaaS 101 on Mar 25, 2020
Video Surveillance as a Service (VSaaS) is the common industry term for cloud video. But what does it mean? How does it all work? Inside this...
Dynamic vs Static IP Addresses Tutorial on Apr 16, 2020
While many cameras default to DHCP out of the box, that does not mean you should use it. This may seem basic for some, but those new to the...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now, they have released their Prime Series Deep Learning cameras, with an...
Video Analytics 101 on Mar 16, 2020
This guide teaches the fundamentals of video surveillance analytics. Inside we cover: Why Use Video Analytics Video Analytics Warning Where...
Surveillance Storage 101 on Mar 23, 2020
This guide teaches the fundamentals of video surveillance storage. Inside we cover: Surveillance Storage NVR / Recorder Storage Camera /...
Intersec 2020 Final Show Report on Jan 21, 2020
IPVM spent all 3 days at the Intersec 2020 show interviewing various companies and finding key trends. We cover: Middle East Enterprise...
Directory of 170 "Fever" Camera Suppliers on Jul 09, 2020
This directory provides a list of "Fever" scanning thermal camera providers to help you see and research what options are available. There are...
VMS 101 on Mar 03, 2020
This guide teaches the fundamentals about video management software. Inside, we cover: NVR vs VMS Viewing Video - What are common client...
Worst Camera Manufacturers 2020 on May 06, 2020
Which camera manufacturer have integrators had the worst experience with in the past year? 200+ integrators told us. 200+ integrators...
"Fever Camera" Online Show June 2020 - On-Demand Recordings on Jun 03, 2020
IPVM has successfully completed the world's first "Fever Camera" show. Recordings from both days are posted at the end of this report for on-demand...

Most Recent Industry Reports

Camera Course Summer 2020 - Last Chance on Jul 15, 2020
Thursday, July 16th is your last chance to register for the Summer 2020 Camera Course. This is the only independent surveillance camera course,...
Bias In Facial Recognition Varies By Country, NIST Report Shows on Jul 15, 2020
While many argue that face recognition is inherently racist, results from one of the most extensive studies done on demographic bias in AI, the...
Video Surveillance 101 July Course - Last Chance on Jul 15, 2020
Friday, July 17th is your last chance to sign up for the July 2020 Video Surveillance 101 Course. This 2-day course is designed to help those new...
Brazil Assembly Powers Hikvision Local Expansion on Jul 15, 2020
Hikvision has grown considerably in Brazil ever since the 2017 opening of an assembly operation in a free-trade zone in the middle of the Brazilian...
50+ Security Industry Companies Take $40 Million PPP Funding on Jul 15, 2020
50+ security industry companies have taken more than $40 million in PPP funds, IPVM has confirmed from US government records. Inside this...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now, they have released their Prime Series Deep Learning cameras, with an...
Drako's Companies (Brivo, Eagle Eye) Take $4+ Million in PPP Funds on Jul 14, 2020
While centimillionaire Dean Drako is the owner of two of the largest SaaS businesses in the security industry (Brivo and Eagle Eye), Drako's...
Defendry Presents AI Active Shooter Security System on Jul 14, 2020
Defendry presented its Active Shooter security system at the May 2020 IPVM Startups show. A 30-minute video from Defendry including IPVM...
Ban Rules Released: Use Dahua or Hikvision, No US Government Contracts on Jul 13, 2020
The US government has released the rules implementing the "Prohibition on Contracting with Entities Using" Dahua, Hikvision, and Huawei based...
JCI Sues Genetec For Patent Infringement on Jul 13, 2020
Surprisingly, security giant JCI has sued their partner, security software developer Genetec, for patent infringement. Inside this note,...