Sunday, December 28, 2008

December 2008 (2)

With Christmas I received this photograph of the mariage of my grandmother and grandfather in 1929. I like these photographs since they are sometimes more futuristic then one expects.

The end of December is always quiet, since deadlines still can be made before January 1st. I am also doing some evaluation work for the European Commission, and furthermore a new salary model will be implemented at our Institute, where a specialist does not need to be in management to get a higher scale anymore.

I also had to witness in court since the court expected me to do miracles with image processing such is seen in CSI. The issue is as always that I can not make anymore detail in a forensic proper way then is visible on pixel level. This time I had to answer the same kind of questions many times, however in the verdict it became clear that they understood the issue. Recognition of a person is different from identification. I always learn also from the expert witness testimonies. Sometimes they also give advise on how to write technical issues clearer for people that are specialised in law.

It is an issue in writing technical reports for the court, that we have to understand each other well, and sometimes word in technical context might mean something different for a lawyer or a judge. It is always good to be aware of these things.

On another topic currently we are working for FIDIS, and there we make some more open source products. For comparing pictures, the the NFI Comparator has been changed to .net since it will make things more stable (however not workable anymore under other operating systems as was our previous java-implementation. Also the defraser software is expanding now, and currently a new version of PRNU compare is being made which is expected to be available on line in February with implementation of wavelet filtering as described in literature by Fridrich and others. And finally we will also have an ENF-collector available for recording the variations of the 50 Hz-signal which sometimes can be used to find when a certain recording has been made. The ie

On these subjects I will also speak at the conference of the American Academy of Forensic Sciences in Denver. Where I am also happy that we have our first year of the Digital Evidence and Multimedia-section, where I am currently chairman of.
Posted by Picasa

Sunday, November 30, 2008

December 2008

I just came back from a week vacation in the Middle East and then it appeared that Zeno's Forensic Site was suspended for several days due to someone abusing one of the cgi-scripts (indeed hackers seem to develop better tools to be unrecognised). When returning back from my vacation I had a delay of two days due to bad weather in Europe. So, now everything is fixed again, however I learn that it is always wise to monitor everything constantly. And of course, I also have to make backups of the ever expanding website. And after a week of vacation I can start again with a fresh mind.

At my work we had some nice results with the research projects. Several people are working on the projects I wrote on before, such as ENF and PRNU, also for FIDIS. I think we will make also new developments on these open source. And finally the encyclopedia got finished, so thanks to all, I think it will be published in 2009.

Also in European FP7 projects more forensic topics are included, so it appears to work fine. Furthermore I have some backlog with publications etc, however that is the way life is, since casework is first. Next Wednesday I have to go to court to testify as an expert witness in a case.

Sunday, October 26, 2008

October 2008 (2) by Kelly Kilpatrick

Kelly Kilpatrick asked me if she could contribute to this blog with a guest article, and of course I am happy to do so.

5 Computer Forensics Blogs Worth Investigating

The field of computer forensics is constantly changing and evolving due to its inherent nature. Those who are tracked and investigated using forensic methods involving computers are usually trying to stay ahead of the curve, finding new and improved ways to evade their pursuers.

Computer forensics professionals work in a variety of settings, locations, and institutions for different groups that require their services and many of these professionals maintain blogs with news, tips, and advice for their colleagues. Here a few good computer forensics blogs that are worth a look.

Computer Forensics/E-Discovery Blog: This blogger works hard to share information, tips and tricks on a variety of issues related to the field of computer forensics. His proprietary software, Drive Prophet, has been tested by regular visitors to his blog and will be on the market soon. The software will be able to run many reports based on the drive in question and will help maximize time used when investigating hard drives.

Computer Forensics, Malware Analysis, and Digital Investigations: For extremely detailed explanations of a variety of procedures used by computer forensics experts, take a look at this blog. Simple, easy-to-use steps are part of this blogger’s way of giving back to the online computer forensics community. Browse the archives for specific tips you may be looking for.

Forensic Incident Response Blog: If you are interested in real-life scenarios in computer forensics and the proper way to deal with these scenarios, visit the Forensic Incident Response Blog. The protocols for various situations are laid out, including some tips on the latest in remote disk image analysis. Visit this blog for more information.

A Day in the Life of an Information Security Investigator: This blog is full of real world scenarios and advice from a self-proclaimed digital security guru. The blogger has worked for various technological, financial, and military institutions and has a wealth of knowledge to share on a wide array of topics. Browse through his archives and see what you can learn from the Security Monkey.

Forensic Computing: The Forensic Computing blog is a great one that examines the intricate relationship between computer science, information technology, and information security—as they all work together from the perspective of a computer forensic scientist. Looking at these details and how they work in helping to break down the processes utilized by criminals in real world applications is central to the blog. Discussion of digital evidence and admissibility, along with tips and advice make this blog worth a read.

By-line:
This post was contributed by Kelly Kilpatrick, who writes on the subject of the benefits of degree in corrections. She invites your feedback at kellykilpatrick24 at gmail dot com

Sunday, October 05, 2008

October 2008

Starting with the ENFSI meeting in Madrid, the forensic IT working group meeting, it was an excellent start of the month. Many new developments were presented in the different fields, and the organisation in Madrid was excellent.

The week before we had a FIDIS meeting in Dresden, and that was also very nice, so we can work further on PRNU also perhaps on sourceforge. We tried to link the different videos in Youtube with PRNU, however it did not work well yet, perhaps due to compression.

Also casework is going on. When I was in Madrid, I received an invitation to testify in court on a case, however this was such a short notice, that it was not feasible anymore.

Also enough new developments in the organisation, so it looks like a busy month.

Wednesday, September 24, 2008

Sunday, September 14, 2008

September 2008

Currently working on several nice projects and cases. In August I was at the workshop Computational Forensics in Washington DC and enjoyed the talks that were given. Next year it will be held at the Netherlands Forensic Institute in The Hague.

The projects are now starting again, and one of the projects is ENF where two students are working on, and for FIDIS we are working on a deliverable on PRNU (Pixel Response Non Uniformity) and matching cameras on YouTube, as well as forensic face comparison. This event will be held in Dresden this month.

I am also a very enthousiastic user of the small notebooks of 900 grams which can also be used for presentations and just internet use under way. It is convenient also for presentations and in the train.

Finally I recovered completely from my lung infection I had earlier this year, and currently I feel healthy again. However for that reason I decided earlier this year not to go to Australia in Melbourne in October since the doctor did not recommend to fly 24 hours. The agenda looks excellent of that meeting, and otherwise I certainly would have participated.

Sunday, July 20, 2008

July (4)

This month is really interesting in forensic way. Last Thursday I had to testify in court on a face comparison case. First I had to wait for four hours outside of the court room, before I was called to testify (these are small disadvantages of being a forensic scientist, an expert often has to wait for long times in court, however Dutch courts tend not to call expert witnesses as often as in the United States).

It appeared that they were ready for asking the questions, since all three judges, the two lawyers and the prosecutor were asking questions. It was slightly more difficult compared to other cases, since I was not allowed to have my notes and the reports that we had written in front of me (they took them away). I just had to answer the questions, without looking to any written material.

Then the questioning started. The usual questions were asked concerning expertise, however now there were more questions. We had written our report in a Bayesian conclusion, so I had to explain how this worked, and how it developed. Also some nice questions were concerning the software we used (image visualisation software) and if it was validated, and how it was validated. Furthermore questions concerning proficiency tests between different laboratories and how the field works.

Of course it would be nice if face comparison would be more objective, then with the method that we use now with three different examiners filling in sheets concerning the comparison of the different parts of the face. However the issue is that there is not enough solid research to make it more objective.

This is in many fields in forensic science the case, that the experience of the expert counts for the conclusion. More research should indeed be done in these fields, to make them more objective, and it was for me somewhat disappointing that the European Commission did not put this in the seventh Framework Research projects yet, however I understand they have to make a selection. In the past several efforts have been made in European projects, such as ear comparison fearid etc, however it appears that we need more solid research on the different fields in forensic science to make the conclusions more objective and make the different conclusions of different experts become more calibrated.

Saturday, July 12, 2008

July (3)

Some software is more complicated to develop then other software, and sometimes it takes much more time then expected, however the results count. With one of the projects were I am project leader of, defraser, it appears that we have now a stable product which can be used to analyse MPEG-1, MPEG-2, MPEG-4 and 3GP. Broken video streams can be analyses as well as many others, and since it is open source others can also develop on it. Students from the Hogeschool Amsterdam have developed plugins for AVI and JPEG, and we expect them also to be available soon. You can download it for free from https://sourceforge.net/projects/defraser/ and of course we are more than happy if you can also develop plugins. The software works for broken or parts of 3GP-files for example from mobile phones.

Monday, July 07, 2008

July 2008 (2)

Just for two days in Brussels at a review meeting for the FIDIS www.fidis.net project at the European Commission. It is nice to see which deliverables have been made in this project. Also got some time to do so planning, en even to update sourceforge with our newest PRNU tool for identifying cameras in Java. It can be found at https://sourceforge.net/projects/prnucompare/ and is made by a student Maarten van der Mark from the Haagse Hogeschool and I was supervisor for this project. It is nice to see how we can develop nice tools in Java, however validation remains important.

One should take many flatfield images (white/grey area) to determine the PRNU. With this possible a small database can be made, and several cameras can be entered. We also would like to add this software to a deliverable of FIDIS, where we try to link cameras on Youtube or other sources.

Sunday, June 29, 2008

Dunes of Zandvoort





When cycling from my work to my home (with train connection), I go through the dunes, which is convenient and nice to see.

July 2008

It is a month of reviews, writing, planning and doing some casework. Also the vacations are starting these months, so everything is more quiet. However it is a good time to do the work. We will put a Java applet on sourceforge for computing PRNU of cameras. It has been developed by a student at our lab and works very nice for making databases of Pixel Non Response Uniformity of cameras. I will post the link here as soon as it is available, which is expected in a few weeks.

We might consider linking cameras on Youtube with this method (with the University of Dresden) which is one of the research topics of the new deliverable of FIDIS . I am also happy that our deliverable on forensic profiling is ready for review by the European Commission now.

In the meantime I decided (due to my earlier health issues) not to make long trips to Australia, so unfortunately I can not attend the meeting in Melbourne. Also some preparation of the ENFSI meeting of the Forensic IT Working group in Madrid 1-3 October. And also invited as speaker at 2nd International Workshop on Computational Forensics in Washington DC.

Saturday, May 31, 2008

June 2008

Last month I had a lung infection, and was sick for a whole time, so I did not have much time to do work. Perhaps some allergic/hypersensitive reaction which caused this, so still some examinations at the hospital, howevever it seems to be more stable now. It all started when I came back by airplane from Madrid and was hospitalized at the airport due to health issues.

I could just do some emailing and some work from home, and then it is still convenient to have the connection, however since health is also important, I also took a week vacation to recover.

Just had some extra time to do some writing articles from home, do some research, and make some planning, and yes.. time to review articles. Casework is not possible from home, however I still had discussion concerning a case since we had different opinions. I am not sure if I will make trips with airplanes that take more than 12 hours this year. The other things are continuing, so it is all progressing with ENFSI, AAFS and FIDIS. I will submit a proposal for a workshop and a paper I think.

Thursday, May 01, 2008

May 2008

There have been a lot of things going on, and I did not have enough time to fill this blog. Last week I went to Madrid for ENFSI, in order to prepare our meeting for the Forensic IT working group www.enfsi.eu . I am also invited for the 19th conference of ANZFSS http://www.anzfss2008.org.au/ and it is the week before Madrid to give a plenary talk and a workshop.

And finally finished a deliverable for FIDIS www.fidis.net on Forensic Profiling. I took over a small website for our apartements in Zandvoort www.trompborgh.nl . And finally I have to rewrite some chapter of a book on forensic science. And of course some work for the encyclopedia. Still we are wondering if there are partners for EU projects on the forensic toolbox in digital evidence.

There are many holidays in the end of April and beginning of May. In forensic science we always have discussions on time of delivery however quality is always most important.

Also discussions on the market in forensic science. If we look at the Forensic Science Service http://www.forensic.gov.uk, it is an example where it did not work out that well at the moment. It appears that the police groups itself with procurements and that there is not a real open market, since there are only a few bidders. Also the prices of forensic casework are not undermined, and it is questionable if the so much needed Research and Development can be paid for if you leave it open to the market. It is however a relatively small market, where we see the figures of 40-50 millions euros available.

However the market is as such interesting for people that like media attention, and so it can be a spin off for other research. Also in the United States we see that there is not a real market in forensic casework in criminal justice, and of course in civil cases it is a real market.

Also in the Netherlands we see some developments with companies and universities that are starting forensic casework. There are also developments with a register where experts are certified for forensic casework.

Of course it is good to have more source where one can get forensic expertise of, however we should make sure that the quality is maintained. In the common law countries it is more obvious to have defense expert witnesses. They have a market on these, where they read the reports and will give comments on the methods being used.

Also in the system of Dutch Law (which is influenced by Napoleon), we have the prosecutors that are standing magistrates. In some cases a different opinion is needed, and a defense expert might be asked for.

There are people that claim that we should have a market in forensic science. And when I discuss with some of them, they claim I do not understand economics, since the market should work as such. Often the large laboraties are from the state, and are nearly monopolies, since the bills are paid directly by government. If we open the market everyone should have equal rights, of course under the condition that they have a good quality assurance system.

I am not sure what will happen. Since most labs have large backlogs it is also not good that these exist. If there is a market these back logs might vanish. It is good to do some small tests and look what works best. We also see that in healthcare some market working was good, since the waiting times have been improved very much. However there should be enough casework to keep the experience ready for each lab, and with some niche markets this might not work.

Saturday, March 22, 2008

March 2008

It is a very nice start of the month. However it appears that there is some bad weather, so going on bicycle from Zandvoort to Heemstede is not always possible. We have started new projects.

Currently two students are working on PRNU, Pixel response Non Uniformity, and we try to use these methods in court. I am always aware of validation issues, and of course it should be more easy to use for the common user, for that reason we make them publicly available in Java on sourceforge if it works out fine.

Also students from Hogeschool Amsterdam are working on several projects. The project defraser, which is also open source at www.sourceforge.net/defraser, is really developing. We asked students to write plugins for JPEG, AVI en perhaps rewriting it for Linux. The software works for the analysis of videofiles, such as 3GP en MPEG, and could be used as assistance for repairing files. Since I am project leader of the project and also the database, I am very happy it works out fine.

Another project we are looking into is ENF collector. Electric Network Frequency appears to vary due to large generators, as is described by Catalin Grigoras. Currently we are looking into Java-applets for the collection of these, and of course we also need to do some more validation.

This month I also have a meeting of FIDIS www.fidis.net in Berlin. Our deliverable on forensic profiling is nearly ready, and I am very happy with the good collaboration. Also the JIDIS journal is getting good shape now, and our proposal for a new deliverable on identification (PRNU and face comparison) is also getting shape now.

The casework is also good, and sometimes surprising to find new solutions. This month I finished several reports, and now we add a form were the reader of the reports can give comments to the readability, since that is always an issue, especially if we make Bayesian way of conclusions (which are certainly in case with many hypothesis less easy to read).

Saturday, February 23, 2008

February 2008

The AAFS-meeting www.aafs.org in Washington DC was really nice. Finally the Section Digital Evidence and Multimedia got started this week, and I got elected as chairman. It was good to see that all green lights are on and all the efforts of many collegues in this field got rewarded, and it will be good for the forensic community to have this exciting field with fast developments within the scope. Also many presentations and one workshop where at the conference at this field.

Sunday, January 20, 2008

January 2008

This month is just warmer than normal in many senses. With my website I had some issues with traffic and spamming which was difficult to prevent, and as always takes more time than expected, however now everything seems to work again.

Sometimes you experience that some training at work can help you in you household as well. When moving we had a safe where we had lost the key from. As I had done in the past some lock-picking training when I was a tool mark examiner, now it appeared to work. After one hour working it appeared I could enter this safe, so I was happy again.

We also had some results of the somewhat worse housing market when selling our apartments in Amsterdam. It appeared that the buyer could have his mortgage ready much later than expected, since the banks are not so easy anymore. For that reason it was several weeks later than scheduled that the apartment was sold.

We started with several students this year on several research and development projects. It appeared that the deliverable for FIDIS is also progressing now as well as some work for the encyclopedia.

In February I will go to the AAFS, and of course look forward to this. Washington DC is a very nice place, and for Europeans it is not expensive anymore.