Free DME & DFIR Resources

By Joseph L. Flatley

Toshiba announced a new self-encrypting disk technology today, which is sure to be welcome news to the those of you who work with sensitive data, wish to keep your extensive True Blood fanfiction collection under wraps, or are just plain paranoid. The imaginatively named Wipe ships with the company's TCG-spec'd Self-Encrypting Drive models, allowing sysadmins to securely erase user data when a machine powers down, when an encrypted HDD is removed from the system, or when a leased machine is returned to its owner. And this ain't just for PCs -- the system is also designed to work with your copier and / or printer system. Interested? Of course you are!

Check out the complete PR:
http://www.engadget.com/2010/08/10/toshiba-wipe-deletes-your-encrypted-data-so-you-dont-have-to/

One thing I really stress when training video evidence Technicians & Analysts is to stay in your lane. Don't go beyond your training & experience levels on any topic/tool/etc., no matter who is asking you to.

A related one is that an expert's job at trial is to leverage their expertise to make sure the Trier of Fact has accurate evidence & information, not to be an advocate for one party or the other.

I've had several students over the years tell me that my passionate articulation of one or the other has saved their case or even their career. Two rather recently.

Honored & proud, of course, but I always like to point out to them that they are the ones that did all the hard work and stood their ground.

Keep being great & doing great things my friends! 😎

Videophiles, gamers and audiophiles are all too familiar with codec conflicts. What many people don't realize, however, is that not only can these issues prevent you from viewing, hearing or working with a file, they can also seriously impact system operation or performance. Fortunately, there are several freeware and/or shareware utilities to help identify and resolve codec related issues...even if you don't realize you have any.

Although disc-based storage is not as widely used as it once was for digital evidence archiving, it remains a viable solution when properly implemented and managed. In fact, many of the world’s largest technology companies are using and/or exploring disc-based storage systems for long-term offline storage of petabytes of customer data (e.g. Facebook uses 10,000 Blu-ray discs to store 'cold' data). They do so, however, in a managed environment with a thorough understanding of the medium’s strengths and limitations.

Many in law enforcement use write-once disc-based media for MASTER evidence storage, as it continues to be recommended via various industry best practice documents. Unfortunately, not everyone involved in the evidence chain understands the limitations and best practices as they relate to the care and handling of disc-based media. Adhesive labels, permanent markers, and ballpoint pens have destroyed more evidence than I care to even think about.

On 2/5/2015 SWGDE released a new draft document for public comment; "Best Practices for the Recovery of Data from CCTV Digital Video Recorders".

"The purpose of this document is to provide advanced practices for data recovery from CCTV DVRs when the data cannot be recovered via the guidelines provided in the SWGIT Best Practices for the Analysis of Digital Video Recorders."

Visit www.swgde.org for further details.

Booked my travel yesterday for next month’s DVR Assessment & Video Recovery course at the Osceola County Sheriff’s Office in Kissimmee, FL. This 3-Day course is designed for anyone who is doing digital video evidence recovery from DCCTV systems, from those brand new to the field to Certified Forensic Video Analysts with several years of experience.

Snow on the ground again this morning here in the pacific northwest, and looking at the pictures for the hotel options in Orlando made me anxious. ;) Hope to see you in class!

Seagate's demos its third-gen hybrid drive at CES 2013 and aims to replace all high-end laptop hard drives with hybrid drives.

Full story

That's a tall order, right?  VLC from VideoLAN.org has become the go-to media player for most, as it can play so many things that Windows Media Player won't, and it's free.  Well, how does it do that, play more than other players?  The Libavformat and Libavcodec libraries, the same ones created by and for the FFmpeg project (and so many other multimedia applications). 

VLC & DirectShow Filters

DirectShow is one of Microsoft's multimedia frameworks, formerly known as ActiveMovie, which replaced Microsoft's earlier Video for Windows framework.  VLC supports DirectShow-based input sources through a module (not very well, IMO, though), but the default Windows version downloaded from VideoLAN cannot reference 32-bit DirectShow filters installed on your Windows PC for audio/video decoding (i.e. filters/codecs registered in your Windows Registry), as the default version downloaded is x64.

As an example, a DCCTV video file exported from a GeoVision system to an AVI file may be using the proprietary GMP4 video codec. In order to play the video, you must install the GeoVision GMP4 codec necessary to decode the primary video stream; this is a DirectShow filter.  DirectShow filters can only be referenced by applications that can leverage DirectShow, which we've established, VLC x64 cannot. 

Bugs are a way of life in software--fortunately, so are bug fixes. Earlier this week, Adobe released Photoshop 12.0.1, which brings a number of stability enhancements to the professional image-editing software, including several specifically related to 64-bit operation on Mac OS X.
Though Adobe says that CS5 is more stable than its predecessor, CS4, there's always room for improvement. The 12.0.1 update addresses a number of issues that could cause slow performance, as well as several common crashing bugs, user interface and workspace issues, font-related crashes, and several painting-related issues, including problems with video layers.

Full Story

It’s sometimes difficult for traditional Computer Forensic (CF) examiners to understand why they should treat video and multimedia any differently than other types of digital evidence. After all, a bit is a bit, and a byte is a byte. Right? CF examiners are typically highly trained and highly technical people. If anyone is going to understand how to recover and interpret multimedia data, one would think that a traditional CF examiner would be at or near the top of your go-to list. The problem with this assumption is that multimedia data is fundamentally different than most other types of data, and in more than one way.

Government Video magazine recently spoke with Laura Teodosio, Salient Stills President and CEO. Check out the full story via the Government Video Website

The Scientific Working Group on Digital Evidence (SWGDE)has released a DRAFT of version 3.0 of their "Best Practices for Computer Forensics" for public comment. As stated on their Web site, "The purpose of this document is to describe the best practices for collecting, acquiring, analyzing and documenting the data found in computer forensic examinations."

Visit SWGDE

Just back from vacation and read Jennifer Apple's post on this tool.  I keep this one with me on a thumb drive when I'm out and about.  If you're not familiar with it check out Jennifer's post at photoshopsupport.com.

Full Story