Evidence Collection and Open Source

The manipulation of evidence collected from investigations has become almost automatically assumed. Many times, things like zooming into picture, increasing the volume of audio, or slowing video down is needed. But, this then begs the question: Are the paranormal phenomena captured actually occurring, or are they an artifact showing from manipulation of data?

Every manipulation of the evidence presented changes it in someway. Format conversions, zooms, clipping, etc. All of it. Due to what is known as compression. Most major formats use some sort of compression: JPEG, WMA, MP3, etc. There are a few formats that don't use any compression, such as WAV, BMP (Bitmap), AVI. These formats should be preferred above all others if possible.

Audio

The two most common audio formats these days are MP3 (MPEG, Layer III), and WMA (Windows Media Audio). These two formats are the most lossy of all formats, but lend themselves well due to their very small size. However, the manner in which the encode audio information tends to create what are known as artifacts. However, to record in WAV (PCM), using "what you hear is what was said" would require immense amounts of data storage. There are devices available that will record in PCM, and these should be used whenever available.

However, when working with the audio samples, splitting, editing, etc, due to the encoding, it can be expected that there will be alterations to the audio, possible creating new audio artifacts into the stream. To prevent this, conversion into WAV format for manipulation would be preferred. This conversion will add its own artifacts to the audio. This can't be prevented, but should be acknowledged. The process used for conversion should be well documented as well.

This documentation leads me to another point. The use of closed source software prevents one from seeing the exact process behind the manipulation. There is no way to see if the algorithms used introduced artifacts into the audio. The same concept holds true for modules used to amplify, analyze, etc. Behind the software is a blackbox of sorts, that only the vendor can see.

Also, recreation of the audio samples is impossible without the same software, and possibly the same versions.

Video

The standard for video encoding at this point in time for video is MPEG1. It is lossy, and small due to the fact that only changes between "reference frames" are recorded, thus lowering the storage required for video capture. This, as with any video capture loses some information, as described in the FAQ (Frequently Asked Questions) for the MPEG codec.[1]

There is no current way to record lossless video, as any capture method is subject to some loss of video information. However, as most capture codecs are open, they are able to be documented.

Video manipulation itself, however is not always open. The end result is open, but the interstitial steps are not. Again, unless the software used is subject to analysis. Several packages are available, that are completely open for trans-coding, clipping, and manipulation, thus allowing for analysis of the interstitial steps of clipping, zooming, and trans-coding.

Photographic

With photographs, the need for an open source tool is less critical, since the most common image formats are completely open, such as Bitmap (BMP)[2] and JPEG.[3]

However, when manipulating images (zooming, dithering, etc) it is crucial to document the changes made, the software (with version), as well as never overwriting the original, as recommended by the IEEE.[4]

Several open source image manipulation tools are available, the main one being The GIMP (GNU Image Manipulation Program). It has hundreds of plugins available, and the possibility of rendering 3-D models from a series of images are possible as well with this application. 3-D modeling is a crucial investigation tool when analyzing images, so approximate locations of phenomena can be ascertained.

Documentation

All operations on data should be documented in a standard manner, and cases should be managed in a standard fashion as well. For all evidence collected, a standard format log of operations performed should always be kept with the data, and data should be easy to analyze from cases, such as date/time of investigation, environmental findings, et al.

Conclusion

Several packages are available that are completely open, and are recommended to be used at all times. In addition to using an open sourced package to manipulate the evidence, a careful record of all operations should be kept. This will lend itself to the ability to easily recreate any samples produced as evidence.

Should the question of whether an EVP, an orb, or a shadow in any piece of evidence is the result of the casual effect of the software used, it can be easily dis-proven by analyzing the code, or by using a different software stack.

The following suggestions are put forth as a standard set of tools for use in analyzing evidence:

Audio

• FFMPEG
• Audacity

Video

• VirtualDUB
• FFMPEG
• VLC

Photographs

• The GIMP

Case Management

• ParaDB

References

1. http://www.faqs.org/faqs/mpeg-faq/part1/
2. http://www.digicamsoft.com/bmp/bmp.html
3. http://www.faqs.org/faqs/jpeg-faq/part1/
4. http://www.cs.dartmouth.edu/farid/publications/spectrum09.pdf

External Links

• http://virtualdub.org
• http://www.videolan.org
• http://audacity.sourceforge.net/
• http://ffmpeg.org
• http://www.gimp.org/
• http://www.paradb.org

Bibliography

• http://ostatic.com/blog/the-audacity-of-open-source-audio
• http://www.elec.qmul.ac.uk/people/stefan/publications/2000-paam2000-fipaos.pdf
• http://www.socialbrite.org/2009/06/03/the-importance-of-open-source-video/
• http://delivery.acm.org/10.1145/250000/244209/p219-tang.pdf?key1=244209&key2=0234939421&coll=GUIDE&dl=GUIDE&CFID=46323369&CFTOKEN=72225769

Contributors

Author:Corey Reichle

Other Contributors: Cathy S.