Slashdot Mirror
Worried about Digital Evidence Tampering?
2marcus writes "As digital technology continues to improve and is used in more and more applications, the ease of tampering with digital files becomes more pertinent. This is especially important in the field of criminal justice, where even the appearance of possible impropriety can sway a jury. CNN has an article on the issues with digital photos being used for fingerprints and other forensics evidence."
Yeah, digital evidence tampering makes you worry about stuff like this
Visit Jonesblog and say hello.
make digital evidence inadmissable. Photoshopping/gimping/email fraud/video editing is becoming too easy and too difficult to trace.
There has always been the possibility that the evidence could have been tampered with before. Since it is digital this only makes it slightly easier to do. It shouldn't matter however because it is always based on the honesty of the law enforcement official to do what is right.
They appear to use photoshop in police stations, as opposed to fancy animated programs (scanlines included!) as shows like CSI would have you believe.
"How to commit the perfect murder, using Microsoft's debug.exe"
It was supposed to be about the upcoming Snorx/3.2 window manager! You can't trust any sources any more.
Seriously, this has been coming for a long time and there is plenty of material about the impact of a totally digital, totally manipulable reality in the SciFi archives.
It's a cycle anyhow. Eventually paper and touch will become valuable again because they mean something. Anyone want to buy a signed printout of this comment? Only $0.02!
Ceci n'est pas une signature
Any form of physical evidence can be tampered with. That's why the chain of custody is such an important concept. Everybody who had control of that evidence from the point it was discovered to the courtroom needs to testify that they didn't nothing funny, and they saw to it that nobody else did anything funny. That makes tampered evidence just as bad as any other lie to the court, somebody's on the hook for perjury.
Ahh, digital evidence tampering, where would I be without you! I was quite good a creating doctors office letterhead for getting out of school. :)
I always look at the created/modified date by right clicking the file in question. This proved handy when trying to track down the bastards responsible for deleting tables in my MS Access porn database.
We all know how convincing digitally altered photos or videos can be. I mean, what jury wouldn't be convinced that those dinosaurs in Jurassic park were real? They sure looked real to me.
It's happened with DNA, fingerprints, computer cracking.... Hopefully the technology is eventually ironed out such that this stops happening.
Meantime, this is cold comfort to victims of such miscarriages of justice, or their families. At least if you have the death penalty the vctim of the miscarriage of justice (eventually) isn't in too much of a position to care.
(That last comment was slightly tongue in cheek, karma be damned!)
Heck, where I come from not even regular (=non-digital) photos et al. are admitted as evidence in court - because they are too easily tampered with.
Basically only human intel is admitted as evidence (witnesses) - if you want to admit other evidence (such as footprints etc.) you show photos (as an illustration, not as the proof) of course, but _always_ backed up by witnesses (fellow officers, forensics guy) who could be called to testify under oath.
I try to hide the evidence after I tamper with my digits. The hamper is a good hiding place.
Thank you. I'll be here till im modded down.
Yes, but then the question of "what is tampering".
There are actually cases of people photoshopping fingerprints to "bring them out".
Is that evidence tampering?
What if they just use a large burn/dodge tool? what if they just use a small one?
Where is the line?
If tampering is possible, even if it's unlikely, there will always be an out for people who don't want to believe evidence.
In practice, the rejection of valid evidence will probably be a bigger problem than the creation of invalid evidence.
Simply require all digital evidence to be encrypted. That way anybody who has a thought of tampering would have to consider the wrath of DMCA.
Nobody would tamper with digital evidence given THAT outcome.
Have we finally found a legitimate use for DRM?
My second-to-last year of college, I had signed a lease for a house just off campus for the next school year. It was looking forward to it because it was a nice house and I'd be rooming with my closest buddies.
Unfortunately, when we went to move in, the place was trashed and grossly out of code for the city/county. In an effort to be released from the lease, I took a bunch of photographs of everything that was wrong with the house, but I took them on my digital camera. I even brought my camera to a developer and had the photos professionally developed.
Nevertheless, I brought my pictures to a lawyer (school-subsidized, provided for student lessor/lessee problems) and he said that if I wanted to use them in any practical way, I had to go take the pictures again with a real camera (and you could _barely_ tell it was digital).
Fortunately, we had enough evidence that the landlord caved (and we all learned many valuable lessons about leasing, and the law in that time period).
[This message has been deleted by the administrator]
Punish me now.
This is old news BTW, years old
A huge swarth of people who get convicted for life or death are poor and stupid minorities who are sentenced with usually little more than one person saying "I swear I saw the defendent...sure it was dark but I swear it!" The criminal justice system in the country (U.S.) is in such a poor state that I don't see how digital evidence is such a huge step backwards. Do you really think it would have been easier to free (or convict) O.J. if the photos of the crimescene were digital?
is there any way - besides dedicated locked up printers with numbered pages - that one can use to date and verify the authenticity of information? in such a way that will stand up at all in court? so far the only cheap way i know of verifying an idea is mailing it to yourself, but that requires going to the store for stamps... how 1998.
Myren
Seems kinda funny, the more you know about technology, the less trusting of it you are. Seems a bit like long time cops that remain paranoid for years after leaving the job. Witness electronic voting regularly get scoured here, as do other forms of tech that are supposed to be accepted as "unquestionable".
There has always been the possibility that the evidence could have been tampered with before. Since it is digital this only makes it slightly easier to do. It shouldn't matter however because it is always based on the honesty of the law enforcement official to do what is right.
... the fact that the jury recognized (and weighed most heavilly) was that the honesty of the law enforcement offical(s) was in serious doubt ... and quite frankly, often is.
... indeed, we even know of at least one case where the FBI insured that an innocent man was convicted of murder and sent to prison in order to protect their own informant.
... unless you want a scenerio where any Jury with any technical knowhow whatsoever will always vote to acquit, on the grounds that digital evidence is no more valuable than a he-said/she-said argument.
Bullshit.
This should matter a lot.
Mark Furman's bigotry was enough to create the appearance of "reasonable" doubt as to the veracity of the DNA evidence that unequivocably linked O.J. Simpson to the murder of his ex wife and her friend. Nevermind that the evidence was almost certainly NOT tainted or modified
Digital evidence is as fleeting as the wind. I can copy a file to your hard drive, make a phone call, and the assumption will be you're guilty. Or a cop could walk in with a CD, do the same thing, and convict you.
Gnupg and similiar encryption tools, combined with date and time stamping (perhaps even authenticated date and time stamping via ntp servers) could be deployed relatively simply and make data tampering virtually impossible (e-mails are certain to be real, and have been created on such-and-such a date, etc).
Similiar schemes might be applicable to preserving the integrity of digital imagry, video, etc., and it is very important that these issues be addressed.
We know that the police and the FBI do tamper with evidence. We know that they bear false witness in court
Law enforcement will tamper evidence on occasion, and making it easier for them to do so virtually insures that it will be tampered more often. In order to maintain (or even improve) the integrity of our justice system, we need to make modifying digital evidence as difficult (or impossible) as is possible, and we have numerous tools already to do so.
Dismissing this issue is foolish
The Future of Human Evolution: Autonomy
So technology has answered, its back in the hands of law enforcement to present their case properly.
At first, photography wasn't accepted right away, and it shouldn't have been. I mean, if I were to persuade you in trying my new revolutionary kind of car, which could put your life at risk, wouldn't you want to have enough details about the risks involved before making the decision of buying the vehicule? I sure would.
DrkBr
modify ONLY copies
originals all go onto read-only media
checksum religiously
WRITE GOOD POLICY for maintaining digital evidence...and post it before you start using digital media. Review it once a year, or more often to revise for unforeseen issues. Educate your detectives, and your Asst. DA's.
Rinse, later, repeat.
Always value the individual over the system. --Bruce Lee "I don't need a Sig - I have a custom 191" - me
I work in the field, I create and deploy records management systems for police.
There's always an auditable chain of custody with all eveidence, digitally the product i use accomplishes it with encryptions and checksums. If an officer takes a pic out to alter it (they have to crop/lighten/darken mugshots so they look consistent for use in a lineup), his actions are logged, and a copy of the original is always kept. Just like checking stuff in and out of any CVS.
There are some digicams out there specially designed for the task which create special checksums and hashes to prove, mathematically that the image on a disk is the same one the camera took.
This is all tied to the officer who took the picture and entered it into the system, and ultimately would be held accountable for it.
If needed, I could be called on to swear an affidavid that the file hadn't been altered since taken/entered.
Now, for the most part, the agencies I've dealt with only use digital imagine for mugshots, and a few take digital shots of traffic accidents. But more and more are expanding the use of technology. 911 calls, and police radio chatter, being encoded to mp3 and permanently attached to the case file, stills from dashboard cameras, crime scene photos.
Frankly, you can prove mathematically with some simple tech these days that not even a single pixel in a digital photograph had been altered. It'd much easier to fake an old-fashioned analog photograph.
Of course, sleazy lawyers will wow clueless jury members with how easy it is to change things in photoshop, which they'll understand. And those jury members will be asleep when the mathemetician demonstrates that there's only a 1 in 400 kajillion chance of altering time image without changing the checksums...
I don't need no instructions to know how to rock!!!!
oh brave new world, that has such people in it!
I think anyone who knows ANYTHING about computers would tell you that there is no guarantee of security or stability.
Lawmakers should take this into account and require the prosecution or plaintiff show beyond a reasonable doubt that the data can in fact be reasonably trusted and has not been handled by an untrusted or malicious party.
Overall, this question raises a lot of issues. But I feel the courts need to decide on a set of guidelines that can be used to assure the jury and the defense that the evidence presented to support accusations can in fact be trusted.
Because who's to say an overzaelous prosecuter didn't hire someone to "put" something on the suspect HD?
But even then the courts might have a hard time ahead. Already we've seen cases that raise this question in which there can be no "safe-guard" and in fact the defense relies upon the exploitablity of software. This was demonstrated in the kiddie porn trial in the UK in which the defendant got aquitted because his lawyers successfully argued that a virus planted the porn on his PC.
Ulitmately, it is double-sided issues such as this that are leading us down the path of Microsofts Secure Computing initiative. But that is a mission that is doomed from the start... history shows us that no matter how secure they make it, some one will break it.
And I'm sure it would work exactly well for the Justice Department as it does now for the music industry.
Of course film cameras (on the low end) don't have clocks in the first place, so this is not a new problem. But when folk blindly trust it "because it's in the computer", the simple process of tracking time becomes a bigger issue in credibility.
The cost of making the cameras (and media they write to) "secure" is high, whether you do it with technology or with process. Someone will find a way to question either.
Witnesses credibility has been under debate for years. Witnesses can be influenced by suggestive questioning, their own backgrounds and prejudices, or the amount of sleep they have had on a given day. And how do you quantify or qualify that kind of tampering? Witness testimony has been used for millenia. No evidence is foolproof. The problem is 1. to know what kind of tampering can be done and be aware and wary of it and 2. to get the trust of the public in that type of evidence so it can be admitted, falible or not.
Do something about world hunger. Click here
There is another problem for concern in this area. Law enforcement personnel are now relying almost entirely on digital recording for witness statements and suspect interviews. If you think digital photos are easily tampered with, think about how easy it is to tamper with a WAV file. "I did not do it," can become "I did do it" with the flip of wrist.
I've often thought it would be useful for digital cameras to provide an option of signing all images with a camera-specific private key stored in a tamper-resistant chip. That would allow third parties to verify that the image file had not been altered after the fact.
Mea navis aericumbens anguillis abundat
This is why we have Daubert hearings people.
No, law enforcement officers are required to maintain strict control and tracking of evidence now ("Chain of Evidence") to try and prove the evidence has not been tampered with. The mutability of digital records adds extra considerations, in some cases.
One way of hardening the chain is to burn the digital record onto a CD-R, with a least two witnesses and recording the serial number of the CD-R onto the evidence log.
that CNN is publishing this story; back in the late 1990s, they stole a frame from one of my computer generated animations of a pulsating star, and put it in a story on their website. They tweaked the colourmap a little, but apart from that the image is identical to my original animations.
They even had the gall to claim the copyright for themselves. Bastards.
Tubal-Cain smokes the white owl.
canon has announced its latest version of its data verification kitn ondvk e2.asp
http://www.dpreview.com/news/0401/04012903ca
We've already seen a few kiddie-porn cases in Great Britain thrown out because the machines had been compromised, thus making it impossible to conclusively prove that the individual arrested was responsible for the crime.
But this points up a scary possibility, one which has already been hinted at in various places, which is that there's no robust trace of events. Once there's a backdoor in your system, there are a lot of things that can happen:
- secrets can be observed.
- "evidence" can be planted.
- activities can be spoofed.
Say you live under a repressive government, and somehow offend someone with 'l33t h@x0r skillz. You may find, for example, that you published a series of articles critical of the leadership. Yup, it came from your personalized copy of Word, and was sent from your IP address. If they've planted a keylogger, it could even be digitally signed with your PGP key. In a less oppressive environment, you might discover that you just mailed a collection of kiddie porn to the FBI.
Now the person screwing you could be some vicious script kiddie, but there's also the potential for abuse in the political world. Like the case in Malaysia, where an opposition leader was tarred with a faked sex scandal, political operatives can be neutralized by opponents through these means (please don't let Karl Rove read this posting!).
Scary stuff...
Eloi, Eloi, lema sabachtani?
www.fogbound.net
I would like to subimt this photo into evidence. It clearly shows Bert and Ernie as the true culprits behind this heinous act!
If the image don't fit you must acquit.
Why worry? Each of us is wearing an unlicensed "nucular" accelerator on his back.
Sig changed for readability by G.W.
Your Honor, the prosecution submits to the court Exhibit B, a photograph of the shark in question attacking a man dangling from the helicopter.
And here is Exhibit C, film footage where President Kennedy can clearly be seen saying "Congratulations, how does it feel to be an All-American?" to Forrest Gump.
You are in error. No-one is screaming. Thank you for your cooperation.
That's yet another case, where I feel compelled to leave a shameless plug: We develop the solution over there!
It works, it's fun to work with and it's free. Come and find out!
http://www.dpreview.com/news/0401/04012903canondvk e2.asp
Obviously someone is thinking of this issue.
-Martha
If you are interested in verifying images I'd check out veripic. I don't know all the details behind it, but it seems like they are able to tell if the image has been modifed. From what I remember, the requirement is that you have to specify which digital camera it was taken with.
http://www.veripic.com/certified
My guess on how they do it would be by checking how the image was encoded? any ideas?
(referring to the parent post, not the grandparent): b b witch hunt.
ok, so the FBI raids someone's PC on suspicion of kiddie porn. Now, the PC has been out of the hands of the suspect. What's to stop the FBI from planting kiddie porn on the hard drive? And will it, in the end, even be neccessary to find porn on the hard drive? Links might be enough (links that might have resulted from IE's insecurities, for example?)I truly despise child pornographers, but are we heading for a police state in the name of anti-terrorism and anti-kiddie porn?
Maybe DRM actually makes sense in this context. I would rather be unable to get porn at all than be prosecuted for planted porn. (the OS could be programmed to reject any files that have porno-like meta-data in their headers, or however DRM works). Granted, this solution would keep all porn (including "legal" porn) out, but it would solve the problem.
So let's say someone breaks into the MegaCorp computer and causes billions of dollars in damage and causes a few powerplants to go off line in the East Coast of the US during a heatwave causing many people to die.
Now let's say that the person who did this is found because he forgot to modify/erace the system logs and a criminal trial begins.
Now let's also say he hires Jacky Childs as his lawyer who asks the system admins, under oath, if the system logs are nothing more than common text files. Then he asks if it is possible that any of the admins could log on and edit that text file log. Unless they got the logs being directed to a line printer an constantly printed out, Jacky Childs just found his reasonable doubt. Good luck with the civil suits!
Seriously though, this could be a real problem one day soon.
Losing faith in humanity one person at a time.
My father-in-law is a supervisor for Ameren and they are no allowed to use digital cameras when they photograph damage, etc. (For instance, if they drive across someone's lawn and tear it up).
Homer: Somebody had to take the babysitter home, then I noticed she was sitting on [edit] her sweet can [edit] so I grabbed [edit] her sweet can [edit] Ohhhh, just thinking about [edit] her can [edit] I just wish I had [edit] her sweet, sweet, s-s-s-sweet can.
It is discussed here.
I was told by a lawyer to get photographic evidence , not in digital, or film but Instant film format.
/developed.
Jury's, and judges consider the instant developed photos of the instamatic camera are considered unalterable because of how they are made
usually the oldest technology is the most accepted in the court of law.
are alterable. Film? Easy to manipulate, not as easy as digitable, but easy enough, esp if you convert to/from digital. Who would know?
The cesspool just got a check and balance.
at BrightNoise Inc that works with IP based cameras and video "servers" to stream images and detect motion, alarms, etc in sensitive areas . One of the biggest concerns I have had is tampering with jpegs or avi files exported from these softwares. AFAIK none has been challenged in a court of law here in the states, but we have had several schools and companies use it as proof of guilt for thieving and extortion!! The approach Milestone took was to make it exceedingly difficult to tamper with the original recording but allow exports. I train users to immediatly remove the original drives or enter server when there is an event of serious enough magnitude, lets face it whats a few thousand dollars when your talking about firing someone or worse? Personally I would like to see water marks or some embedded checksum in the images.
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
I'm surprised the RIAA managed to settle so many of their lawsuits with little more than an IP address as evidence.
If DNA wasn't enough to convict OJ Simpson of murder then how can some digital numbers on a piece of paper be enough to find anyone guilty of sharing a file?
After all, the numbers could be forged, spoofed, mistranlated....and the burden of proof is with the plaintiff.
The theory here is that, if somebody keysigns evidence to be entered, alterations to the evidence should be foregone. Granted this only works after the fact, but you can probably branch from there.
This sig no verb.
When I was in high school I was a "precocious" computer user; the school district filed to expell me after I demonstrated how poor the security was on their AS/400 -- then again, who'd put the database with all the student grades on the same system that has the library card catalog? Regardless, after I shared my findings as a part of the inquiry the district computer tech forged logs "proving" I was destructive and malicious when I was simply poking around.
In a few criminal cases recently there have been expert testimony that either logs can be forged or that the system that the attack hailed from was compromised due to a random MS-Worm or some-such, thus showing the innocence (or creating major doubt) about the defendant's role in any attacks.
I seem to recall another slashdot article about a year ago where someone was asking for opinions about using a digital cam in his/her field, which used photos for "important" purposes (insurance claims, I think it was).
The general opinion of the slashdot community was that digital photos are too easy to mess with and should be avoided. However, I've since wondered why someone hasn't come out with some digital camera that can cryptographically sign/watermark the photos that it takes. Not only could you charge a lot more for the cameras, but you'd probably make a decent chunk of change in the expert witness business, as you got called in to testify that the photos hadn't been altered.
Now, in this case, the particular focus of the article is on "enhancement". Now, I think that's perfectly fine for the cops to use in order to narrow their pool of suspects.... AS LONG AS they then go back and make sure that the suspect fits the un-enhanced evidence.
For example, with the finderprint enhancement stuff. Sure... go ahead... if AFIS doen't have enough to search with in the original, use your connect-the-dots program to fill in the blanks. However, if AFIS finds a match, then compare the AFIS print to the un-altered suspect print by hand.
To re-state my point, it's fine for narrowing your pool of suspects. Once you *have* a suspect, however, you should strive to make the best of un-enhanced evidence.
we have to scan lots of birth certificates. 7 million or so into single page tiffs.
to make sure they are not altered, a MD5 checksum will be recorded at the time of scanning for each file. So, to verify later, you should be able to make sure the MD5s match.
right?
is there a better way?
Kodak used to make a custom firmware for some of their digital cameras that applied a crypto stamp. By reading the key back out (I assume it was in the EXIF headers) you could say "this image was taken by this camera and hasn't been altered."
I haven't seen it for their newer cameras, nor by others, but I haven't been in any of the other manufacturer's software development programs either (I never did develop any software, but it was free to join and get their newsletters...)
Same story from Boston Globe was on /. 2 days ago.
[insert rant here]
Um, yeah. Well, if they're encrypted, you either:
I think what he meant to say was checksummed and encrypted. While this does provide a reasonable degree of security against tampering, it in no way establishes that the pictures were real in the first place. It is a very trivial matter to write a CD today with a date of 01/01/1998.
Yes, checksumming does provide a reasonable degree of security provided other safegaurds are taken. However, defeating this scheme is still too simple. Consider:
- Murder takes place in 1998. Detective has a hunch that suspect X has done it, but can't prove it.
- It's 2004 - suspect X is arrested on an unrelated charge, and fingerprinted.
- Said detective takes pictures of X's fingerprints.
- He then sets the clock on his PC back to 1998, a few days after the murder.
- Then he downloads the fingerprints he's just photographed to the machine, and burns the photos to CD. When he's done, he sets the PC's date back to the current date.
- Said detective files the freshly minted CD in the 1998 storage locker.
A few days later, the detective suggests to his subordinate that he run X's fingerprints against the crime-scene database. Lo and behold! - suspect X's fingerprints match those found at the crime scene!Tell me I'm more secure now. Evidence fakery has been around since mankind learned to lie. The digital age just makes it more convenient.
The society for a thought-free internet welcomes you.
This sounds exactly like something Microsoft wants to solve with their NCSB. (that's next generation secure computing base)
Though as someone else has mentioned, is it really doomed to fail? Logically, it would seem to be the natural path to take, assuming such digital evidence continues to be used.
Personally, I could see a market for that, but I'd rather have the option of not having to deal with it on my own machine. It would be similar to all the copy porteciton nowadays, but far more insidious and annoying.
...was, if I recall correctly, the headline on a story that appeared in Whole Earth Review in the 1980s. The article concerned Scitex's image-processing workstations, and their use to move pyramids on the cover of Time Magazine in order to achieve a more pleasing composition, to add or remove people from a picture, and so forth and so on. The cover, as I recall, showed a UFO landing on the street where Whole Earth's offices were located.
Now we can do it with Photoshop Elements on a home computer.
Yes, juries ''should'' be cautious in their approach toward photographic evidence. It was never true that "the camera doesn't lie," but the ease and inexpensiveness with which digital images can be altered certainly ought to alter the jury's Bayesian estimates of the likelihood that tampering could have occurred.
"How to Do Nothing," kids activities, back in print!
What about CD Camera's? I understand that yes, you could take the pictures off and put them back on, but you would still be able to see on the disc where the changes occured.
You should also be able to see if it is an untampered disc or not, based on the CD itself.
I would think anyway.
Scott Carr
I think the public, as a whole, doesn't understand the real possibilities and liklihoods of digital tampering. It's like magic to some people because it can't be "seen" in many circumstances without a lot of frightenly intelligent people interpreting the evidence FOR them. That scares people, because people don't like what they don't understand. Period.
If you asked the average juror what the signs of digital photo tamering are, they be baffled to answer. The bottom line is that this will be used by defense lawyers to plant the seed of doubt in otherwise ignorant minds (concerning digital media.)
Just because it is (perhaps) easier to tamper with pixels than crystals on substrate, doesn't mean it's going to happen more often. Better yet, if people don't understand that digital evidence is subject, but not PRONE, to tampering this myth will continue to perpetuate.
Maybe I'm wrong with my conclusion that it is not more likely, but it certainly isn't a new issue. In fact, I worries me that it's brought up in the context of a new issue because that just perpetuates a legacy of ignorance... and if you read the article you will find out that the issue is MUCH more a case of poor evidence. If the only evidence a prosecutor has is a previously unidentifyable fingerprint, and suddenly they can identify it, you're going to get skepticism. Furthermor, if that's the only evidence they had on the guy then there's no way you can prosecute on inconclusive evidence.
The professor was able to reproduce the visual effect that occured when the scientific software processed the finger print. I hate to say it, but SO WHAT? I happen to be an experienced photoshop guy, and artist, but just because I can reproduce what I see, doesn't mean the scientific process involved is invalid. I'm concerned about this kind of defense approach, because it involves voodoo...
I'd propose that a series of laws clearly define what is digitally permissable based on established algorthms. If a new one is created, it must pass through a panel of reviewers and eventually be passed into law before it can be permissable. In this way, there would be far less "reinvention of doubt" every time a digital photograph is brought into a court room that has a couple filters run on it.
It would probably involve a series of check and balances at each stage of processing, too.
"Politicians find new names for institutions which under old names have become odious to the people."
The md5sum would have to be digitally signed, or it could be modified too. So, then you have to deal with the issue of key management, and hope that organized crime doesn't spend a bunch of effort breaking the individual keys, or worse, the root keys.
Look here: http://www.dpreview.com/news/0401/04012903canondvk e2.asp
Basically, the way it works is that the camera computes a cryptographically strong hash of the image file at the time the picture is taken and stores it on a tamper-proof secure card. The kit is specifically targeted at law enforcement.
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
NIST has a test spec for drive imaging software for forensic use.
m
http://www.cftt.nist.gov/documents/Atlanta.pdf
They have been testing a bunch of programs, and so far dd on Free BSD has performed best:
http://www.ojp.usdoj.gov/nij/pubs-sum/203095.ht
"As God is my witness, I thought turkeys could fly." A. Carlson
> The md5sum would have to be digitally signed, or it could be modified too
Ummm, since we are talking about a write-once media, no, it could not.
Everyone knows that anyones whos worried about digital evidence eampering is guilty. Terrorists, geesh!
Quack, quack.
I'm sure we all see/hear about this stuff while people close to us are complaining about their jobs. If we could only reduce screw ups by 5%, I imagine the world economy would take off.
[Fuck Beta]
o0t!
having a kiddie porn on your disk is not against law. at least in my country (and i hope it is similar in other civilized countries). it is criminal to distribute it to other people.
SHE does throw dice.
There are digicams out there that record to CD-R. Also, there are portable CD-Burner that accept memory cards and burn them directly to CD-R. This could be done on scene. And the article mentionned the possibility to store images on the CD and lock them away before manipulating the image. Ok, this is still missing the md5sum, but it could be computed before locking the CD and stored on another CD.
I have discovered a truly remarkable proof for my post which this sig is too small to contain.
...if you're playing the Devil's advocate and expect someone like the FBI to frame you, why wouldn't they replace the write-only chip? Simply duplicate all the MD5 sums except those you want to plant.
Unless you want the camera to digitally sign them as well. Might work, if you have the secret key in a WOM not directly readable (i.e. you may sign the MD5 and verify the signature, but not read the actual key).
Kjella
Live today, because you never know what tomorrow brings
The article does bring up a very good point:
1. Light ---> lens ---> Negative ---> Print.2. Light ---> CCD ---> Onboard Software ---> Writable Media ---> Computer.
I'd rather the police go with choice #1 for the time being.
And why aren't they buying their polaroid film from India?
[Fuck Beta]
o0t!
Actually im more worried that bill gates will try and solve it in 2 years with DRM.
This comment does not represent the views or opinions of the user.
http://www.dpreview.com/news/0401/04012903canondvk e2.asp
Canon has a "Data Verification Kit" (DVK-E2) for law enforcement and related types that worry about tampering.
From DPReview's copy of Canon's press release, "The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original."
So it looks like, when you combine the EOS-1D/1Ds w/ the "Secure Mobile" card and put the camera in to a special data verification mode, it probably generates a MD5 or similar hash for each image that is generated.
This seems to be a fairly obvious way to defeat cries of tampering, although I have no idea how well this software/hardware has been pushed. Perhaps there is a hole somewhere? Hard to say. Hopefully Canon will release similar products for all of their higher-end (300D and up) cameras.
Exocet Industries - Taking over the world, one computer at a
It shows he was paid, but no one ever remembers seeing him!
Democracy? Hell no sonny!
We live in a kleptocracy!
"Can there be a Klein bottle that is an efficient and effective beer pitcher?"
Anybody notice how much porn is coming out of the former Soviet Union states and Bulgaria, just to name a few?
I suspect that given the environment of outlaw capitalism growing in these places, porn producers are not as concerned if the girl's age is 17 - or 16, 15, 14 - instead of 18.
Sadly, too many people (read: average American) won't know enough about this to care, however any jury I am on with digital evidence as the only (or major) supporting evidence will result in an acquittal for the defendant.
Being a computer professional, I realize that the concept of "secure, digital evidence" is as oxymoronish as "secure, digital voting".
That is, it MAY be secure eventually, but for now (and the forseeable future) it sure isn't, and there is the issue of "Do I TRUST the AG's office to not tamper?". I say no.
I don't have a link for it now, and am too lazy to look one up, but I saw somewhere that digital signiatures on data will be acceptable as some level of "proof". Isn't that idiotic?
So anyone who can brute-force, guess, social engineer, (whatever), your private key can cause YOU to become criminally liable for thier acts!
This isn't just "let's keep a secret", it's "go to jail if XXX determines your secret and wants to put you there".
Scary stuff, that. The sad thing is that Joe American probably won't realize this, and the Judge sure won't tell them. I bet that a lot of innocent people are going to be convicted for crimes that they either:
a) didn't do
b) no "REAL" proof they did it.
-dave-
The pig browse. With Google. Sigh is to the chicken. Chicken is fool. Giggle. The DailyWTF giggle.
Is the same thing as with physical evidence: At some point, we have to trust our law enforcement. No matter what safeguards we put in place, they can be circumvented. So what we have to do is develop a system that is as good as possable and work with it. This should include all the facets of the physical system such as a complete chain of evidence, sworn statements, ability for indepentand reanaylsis, and then also new things like MD5 signing and such.
But yes, ultimately, the police will be able to manufacture digital evidence, just as they can physical evidence. So we have to trust that they will do their job and that our system will ensure that. We then have checks in place (such as the police IAB and civilian review boards) to ensure that the trust is not misplaced.
It's NOT perfect, unfortunately, but it really is the best we can do. Hence the reason criminal trails are to beyond a reasonable doubt, not beyond any doubt. There is basically always some doubt. No matter how air-tight a case is, there is always the slim possibility that the whole thing is a huge snow-job and completely fabricated.
The media could always be replaced though, if someone had access to the device it was contianed within. Of course, some sort of tamper detection could be inscluded within the device itself. Since it would all come down to cost however, I beleive it would be extremely unlikely that any of these ideas ever get put into practice. Manufactures wouldnt take part unless required by law. The best solution would be to require a 3rd party observer (or someone representing the defence if possible) wheneever digital evidence is recorded.
Actually, the KGB tended to prefer actually kidnapping you, drugging you, and actually sitting you down at a titty bar.
It's a lot easier than airbrushing someone out, and impossible to disprove(whereas the airbrushed photos were usually very obviously airbrushed).
Please help metamoderate.
Wake up kids! Slashdot is chewing itself!
In other words: moderation on slashdot seems to work like a brake. We can see the parent poster at "3, interesting" while (ok my) comment (which points to the solution) is, uhm, ignored?
Actually, I feel this is just another instance of slashdot (once my prefered IT news channel) relegating. Where are those smart commentors, who where here 4 yrs ago? Did I miss the switch? Who is the successor?
If you weren't shilling your product, I think people would moderate your posts more favourably.
I have yet to meet an evil sys admin
You must be new here.
I started thinking about this problem, and think a mix of DRM and encryption could possibly be of use.
Once pictures are taken, use some hard-core DRM technology to make sure no Ordinary user can play with it. Also insert a couple of random pixels in random locations throughout the picture, with each picture having different locations. Keep the database of the position of the marker pixels seperate and encrypt the hell out of it. You can then certify the picture later as untouched if the random pixels are where they're supposed to be.
Poke some holes. I'm going to need a serious Breakafter trying to hack all this!
TripInvite.com: Group Travel Made Simple Evit
RFC3161
Take your (digital) evidence, get it signed and timed by a trusted third-party time-stamp service.
That way you can prove the exact digital bits you have in your possession existed at that point in time.
Also good for proving prior art.
- Lnr
Tripwire keeps a key-signed index of file hash values. It checks files nightly, and looks for changed files. Since the index of hash values is protected by PK signature, it's seen as a secure method to audit file changes.
tripwireSuncoast Linux - Sarasota, FL
And only days ago, as I just found out, Canon introduced the DVK-E2. As the press release states:
The EOS-1D MII, btw, is probably the biggest kicker in professional digital photography for a while, at 8.2 Megapixel and 8.5 frames per secondKarma? What's that again?