How To Acquire Video Data With MD-VIDEO From HancomGMD

Due to the rapidly growing need for securing safe environments around the world, digital surveillance systems have become ubiquitous. A significant number of new surveillance systems are installed each year, and the importance of acquiring actionable data from these systems is growing across the globe. 

According to a recent statistic, the amount of surveillance video data being recovered annually jumped by 66% between 2017 and 2018. With the volume of video data increasing at such dramatic rates, it’s clear that law enforcement agencies require a solution for acquiring and handling this type of data in a forensically sound way.

Due to the epic scale of the video data involved in investigations, support for a variety of media formats is a top priority for any video forensic solution. MD-VIDEO supports video data acquired from a number of different devices: IP-CCTVs, dashboard cameras, smartphones, desktops, cameras, camcorders, drones, and wearable devices. Moreover, MD-VIDEO also supports various DVR filesystems, such as those used by HikVision, Dahua, Zhiling, Samsung, Bosch, Honeywell, Sony, and Panasonic. 

We are very excited to introduce our video recovery solution, MD-VIDEO. Please consult the following demonstration on video acquisition and recovery. MD-VIDEO is easy to use and is sure to dramatically improve your digital video investigations.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Transcript

Please consult the following demonstration on video acquisition and recovery. 

MD-VIDEO is easy to use, and is sure to dramatically improve your digital video investigations. 

1. Choose Evidence 

Image Selection: Click on the opened image and select the ‘Next’ button on the bottom right of the program. 

2. Select Recovery Option

In this demo, we first identify the active files, and then attempt recovery if necessary. 

3. Enter Case Information

Enter case information in the right screen that appears after clicking the ‘Case’ node. 

4. Active File Reviews 

Click ‘Case’ and then ‘Analysis Results’ to check the active video analyzed. Check the signature and other data of the file using the hex viewer. 

5. Recovery

The recovery operates based on your selected settings. Here, we’re going to recover from the unused area of the file system. Select H.264 from the codec list, and check the ‘Details’ option in the right area. 

Click on the ‘Frame’ node under ‘Analysis Results’. 

6. Create a Video

Select the desired frame and recovery result, and click the ‘Create Video’ button. 

7. Export

Select the desired files and frames in the recovery result, and click the ‘Export’ button. 

Identify the exported file and report. 

8. Save Case

9. Close Case

Lastly, we would like to introduce MD-VIDEO Analysis. MD-VIDEO Analysis allows investigators to quickly identify and sort important video frames from massive amounts of video data. Humans, as well as vehicles such as cars, bicycles, motorcycles and trucks, will be automatically identified. 

Additional features in MD-VIDEO Analysis are currently under development, and will be included in updates very soon. 

Download MD-VIDEO Product Brochure

Visit our website and find out more about MD-Series www.hancomgmd.com

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...