Lessons Learned from Video Forensics Expert Grant Fredericks

By: IPVM Team, Published on Jun 28, 2013

How video is used in court is a source of great interest and, often, confusion. Many ask: Will H.264 be thrown out of court? Does video need to be watermarked? How much resolution is necessary? Is a certain frame rate too low?

We spoke with Grant Fredericks, a leading video forensics expert and the the coordinator of Law Enforcement and Emergency Services Video Association (LEVA) Forensic Video Emergency Response Team. Inside, we present answers to these questions and more.

Key Findings

Here are the key findings from the interview:

  • Codec choice itself makes no difference, but how video is compressed can be critical
  • Frame rate and jitter can cause problems in analyzing speed / force
  • Long I-frame intervals increase doubt / risk of video problems
  • DVR/VMS watermarking means nothing
  • Avoid transcoding

Codec Choice Not Important, but Compression Is

Fredericks explained that codec choice itself does not guarantee or exclude any type of video, so just because a video is H.264, MPEG-4 or MJPEG does not determine its acceptance in court. Rather, video forensics experts will analyze the details of the video.

For MJPEG, a common problem seen, is that video is too heavily compressed to reduce bandwidth, causing loss of critical details. On the other hand, for H.264, common problems include long I frame intervals and variations in timing of P frames.

Frame Rate and Jitter Can Cause Problems Analyzing Speed / Force

Analysts can try to “reverse engineer the video” to determine image refresh rates, but higher frame rates provide the most detail when it comes to determining movement. The space between images, sometimes milliseconds, can be the difference determining whether and action was a punch or a push. Generally, the shorter the GOP the more reliable the information in the video, Fredericks said. There have been cases where because of time lapse, images have been misinterpreted.

One example he mentioned was:

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

"When you look at a video that is 10 images per second and you're trying to opine on speed, motion or force, you might actually have 10 refresh rates per second, but the first images might be 10 milliseconds apart, then a big gap, and the next image 400 milliseconds later. So when someone is seen moving their hand toward someone (like a police officer moving their hand toward somebody's shoulder) it may seem like they're moving their hand slowly and then suddenly punching someone in the shoulder.

“We see that all the time. We see accusations of police abuse and they're saying. 'Look there's where he hit him,' but we say he's moving his hand at an even interval until this moment, and then there is a third of a second delay. But when you look at the images, it looks like a regular refresh rate -- like his hand moved three times further in the same time period. It gives the illusion of force that didn't exist."

“One of the main things analysts are looking for is edge pattern," Fredericks says. "When the images are predictive or bi-directional they don’t have proper edge pattern, so if you’re trying to measure an object for speed, identification or height analysis, you have to be really cautious of the image you choose or make sure what you choose is reliable,” he said.

Long I-Frame Intervals Increase Risk / Doubt

As the examples above show, compression errors or delays in generation of subsequent frames can make video distort what actually happened. A common culprit / confounding factor is long I-frame interval (i.e., the amount of time between one initialization frame and the next). Fredericks mentioned examples of 5 or 10 second I-frame intervals, recommending that the interval be kept to 1 per second or less.

Here's an example of a real world problem involving I frames:

"The other thing, too, is edge pattern. When you see light in an MPEG video, where you have a motion vector, and the motion vector is only updated at the I-frame, in some areas, there are people who look at video, and you can see a person standing in a certain position, their head turned in a certain way. Until that reference frame is updated, their head isn't recorded looking in the other direction, toward the crime. That person may take the stand and say, "Yeah, I watched the guy knife the guy." Yet you look at the video and he's turning the other way when the actual knife was pulled up. But the video was wrong."

DVR/VMS watermarking means nothing

"Watermarking means nothing," said Fredericks. "Manufacturers who claim their stuff is admissible [because of watermarking] are not being honest. Using forensic tools we can extract the native files without ever having to go through watermarking or the encryption process. Watermarking really doesn't mean a thing to us."

Defense attorneys can and often object to the authenticity of manufacturer watermarking, even if it is digital. Video forensic experts typically analyze the details of the video as well as examining visible signs that would indicate tampering. Ultimately, this is the strongest way to validate the authenticity of the video, not a manufacturer watermark.

Avoid Transcoding

The biggest frustration for analysts is that many CCTV systems are designed for the user to get a convenient copy of video, but not the original uncompressed footage.

“It’s transcoding an already compressed medium into a additionally compressed convenient copy,” Fredericks says. “The process changes everything about the information. It changes color. It changes edge pattern. It changes GOP structure. And that does sometimes impact reliability and authenticity."

Fredericks says he trains analysts to acquire the native files when pulling video for evidence. “Those data files, whatever they happen to be, are going to be the best evidence,” he said. Using “forensic tools that allow us to sample the signal going to the monitor and intercept an uncompressed copy” they are able to pull those files.

To authenticate, "we can do a pixel value comparison to make sure it was done accurately. The files are large, but they are pixel for pixel the same as the original file”, he says.

Multiplexing in Old Systems

Multiplexing is not an issue in IP cameras, but when pulling video from older analog systems, analysts will occasionally run into issues with “missing video.” Fredericks explains:

“In cold cases, that still deal with analog we see it. The suspect used [the victim’s] ATM card and when investigators went to examine the video, the person doing the examination didn’t understand multiplexing. They didn’t realize the second camera (the system was switching from camera one to camera two) was there. When you go frame by frame you’re missing camera two every time. Ten years later I’m asked to review the video and I get the analog video and review it and there’s the images of their suspect close up using the victim's ATM card.”

LEVA Response Team

LEVA's response team [link no longer available], of which Fredericks is the coordinator, is made up of video forensic analysts from the UK, US and Canada and was established to provide a facility for training and a venue to process large amounts of video in the event of a large scale incident. Any member agency can call on its activation to help examine video evidence. So far, it has only been called to assist in analyzing footage from the Vancouver Riots in 2011. The team examined more than 5,000 hours of video in 14 days, tagged more than 15,000 criminal acts and provided evidence that led to more than 400 people being charged with crimes. The team was also contacted by the White House after the Boston Bombings, but was not activated.

1 report cite this report:

Avigilon Sales Warning: Panoramics 'Useless for Investigation', 'Evidence Dismissed' on Jun 28, 2016
Are panoramics useless for investigation? Will evidence from those cameras be...
Comments (6) : Members only. Login. or Join.

Related Reports

The Future of H.266 For Video Surveillance Examined on Aug 17, 2020
First H.264, now H.265, is H.266 next? H.266 was recently announced amid...
Video Surveillance History on May 06, 2020
The video surveillance market has changed significantly since 2000, going...
VSaaS 101 on Mar 25, 2020
Video Surveillance as a Service (VSaaS) is the common industry term for cloud...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...
Dynamic vs Static IP Addresses Tutorial on Apr 16, 2020
While many cameras default to DHCP out of the box, that does not mean you...
Worst Camera Manufacturers 2020 on May 06, 2020
Which camera manufacturer have integrators had the worst experience with in...
Hanwha 8K / 33MP Camera Tested on Sep 14, 2020
Hanwha Techwin has released an 8K / 33MP resolution camera, the TNB-9000 with...
AHJ / Authority Having Jurisdiction Tutorial on Aug 06, 2020
One of the most powerful yet often underappreciated characters in all...
New Axis M30 Cameras Tested on Mar 26, 2020
Axis has released a new generation of, for them, relatively low cost M30...
Fever Camera Sales From Integrators Surveyed on Jun 01, 2020
Fever cameras are the hottest trend in video surveillance currently but how...
Directory of 206 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
Favorite Video Surveillance Hard Drive Manufacturer 2020 on Aug 27, 2020
Western Digital and Seagate effectively have a duopoly in hard drives but...
YOLOv5 Released Amidst Controversy on Jul 27, 2020
YOLO has gained significant attention within video surveillance for its...
Density Presents Occupancy Monitoring For Coronavirus Protection on May 22, 2020
Density presented its cloud-based occupancy sensor to deal with Coronavirus...
IP Networking Course Fall 2020 - Register Now on Aug 27, 2020
Register now for only networking course designed specifically for video...

Recent Reports

FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...
China Bems Temperature Measurement Terminal Tested on Sep 22, 2020
Guangzhou Bems (brand Benshi) is the manufacturer behind temperature...
Axis Exports To China Police Criticized By Amnesty International on Sep 21, 2020
Axis Communications and other EU surveillance providers are under fire from...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...
Mobile Access Control Usage Statistics 2020 on Sep 21, 2020
Most smartphones can be used as access control credentials, but how...
Axis Compares Fever Camera Sellers to 9/11 on Sep 18, 2020
Axis Communications, the West's largest surveillance camera manufacturer, has...
Avigilon Elevated Temperature Detection Camera Tested on Sep 17, 2020
Avigilon has entered the temperature screening market with the release of...
Chilean Official Investigated for Motorola And Hikvision Contracts on Sep 17, 2020
A corruption investigation is underway in Chile after a crime prevention...
Huawei HiSilicon Production Shut Down on Sep 17, 2020
Huawei HiSilicon chips are no longer being manufactured or supplied to...
Virtual ISC West and GSX+ Exhibiting Contrasted on Sep 17, 2020
Both ISC West and ASIS GSX are going virtual this year, just weeks apart, but...
X.Labs Sues FLIR on Sep 16, 2020
X.Labs, the maker of Feevr, has sued FLIR, the publicly traded thermal...
Video Surveillance 101 September Course - Last Chance on Sep 16, 2020
Today is the last chance to sign up for the Fall Video Surveillance 101...
No Blackbody Mistake, Half Million Dollar, Hikvision Fever Camera System in Georgia on Sep 16, 2020
A Georgia school district touted buying Hikvision fever screening "about...
Costar Technologies / Arecont H1 2020 Financials Examined on Sep 16, 2020
Costar's financial results have been hit by the coronavirus with the company...
Startup Cawamo Presents Live Alerts With Edge AI and Cloud VMS on Sep 15, 2020
Cawamo, an Israeli edge-to-cloud analytics and VMS startup, presented its...