33. Introduction to Video Files

Question 1

What info can be embedded in video files?

Answer 1

• User Added Info. E.g during creation or editing of the file. Creation info could be added to pretend to be the creater of an image for credibility.
• Could add an Email/Username/Nickname
• Could add other Identifying Information the means it was captured or created or software used to create or edit.

Question 2

What tools can be used to capture / analyse embedded info?

Answer 2

• FTK Imager
• Encase
• Hex View or text view
• Hex Editor
• G Spot for lab based analysis. Helps us work out what is needed to render the files / analyse the data and output it in a number of ways.

Using VLC player to open the image can let you look at the media information (like an image exif data) - can be filled in by the user or automatically filled if someone wants you to see it.

Question 3

Video File Type and Hex File Signatures

Answer 3

Some examples:
AVI, RM, RAM, MKV, MOV, MPG, FLV, SWF, MP4.

Look at below link for common file type.

http://www.garykessler.net/library/file_sigs.html

Question 4

Video Processing

Answer 4

• number of frames
• frequency of frame captures
• frequency of context changes

Various propcessing tools depending on need.
Irfanview - has option to extract all frames (not recommended unless necessary for a reason)
NetClean Analyze - Good tool
VidReport - (Sanderson Forensics - paid tool)

Question 5

Audio processing

Answer 5

Can extract and analyse. Extract using VLC.

Analyse for:
- Principle sounds (voices / accents / language / dialect)
- secondary sounds (music / TV)
- Tertiary Sounds (ambient like trains, road noise, animals).

Can be free audio analysis tools as well as paid for.

Question 6

Video processing - output & outcomes

Answer 6

Depends on nature of what is being sought - intel or evidence.

Capacity for analysis (time / resources).