JPEG, AVI Info and selcall info

Hello All,

I'm new to the digital forensics side of things but have been in IT for many years and have touched on many areas of the IT profession. In truth, I probably know just enough to get me in trouble. Also, this side project is quite real and vast but much of the evidence has been tampered with or lost. PLEASE know I completely understand that your skills and talents in digital forensics ARE your stock in trade. What I hope to achieve is a genital nudge, some sound advice and the opportunity to contribute back to the forensic community my circumstances of being both a victim and investigator so to help others. What I learn I share.

My system Ok, HP envy, win 8.1 machine, playing with Paladin, OSforensics, lots of open source, Data rescue 3 for recovery and others. Very much a mix of os's and equipment etc… Not a production environment. Please note any evidence of real value is imaged to work drive so please assume if I say a procedure was preformed it's on a work drive.

Overall QuestionWhere do I look for ANY metadata in a JPEG photo and/or AVI file when EXIF has been tampered with or deleted ? I am looking for ANY information that tells about camera make, photo editors used (is there a id # from editors software to look for) etc…

What I know and what I have done

Devices examined
1. (2) JPEG photos taken from Motorola razor 2.mp cam (black flip phone type)
2.(6) AVI files taken from sd card from cheap spy cam, files split in 70 to 90 mb about 3 min run time on each.

First step short list
1. On JPEG files- Looked for EXIF data- Appears to have been striped, dates changed etc… Used different exif sw. Flat-lined…
2.Looked for pixel differences in photo for editing- maybe yes-
3. Used Hex editor to look under the hood- found copy rite form At&t (gms phone check)
Note Not real good working with Hex, yet.

Special note concerning the spy cam. It belonged to me. They, the criminals, after stealing it and producing the filth on it and then returning it to its place of origin for me to find later left me that very special horse t**d gift of an illegal recording between myself and a dear elderly lady friend of mine, who I was taking to the doctors for an appointment that day and to really make it horrific, served it up with distorted, filtered Porn video of ?? (my guess,themselves) while the audio portion was of our conversation we had in route to her doctors appointment that day.

Only on the first 3 avi files retain the illegal conversation, 4 thru 6 seem to be native to the spy cam functions of audio/video capability but all have been edited. What technical level of a criminal am I dealing with that can manipulate video/audio data this way and strip exact evidence in a 4 day turn-around time period. I know when sd card was clean, when trip was made and when I retrieved it and its contents changed. I don't think this is high school punks.

1. On AVI files I used abcavi tag editor on all 6 avi files, big flat-line… CLEAN.
2. Trying to find a way of cleaning video. I noticed a slight delay in filter response time when going frame by frame and adjusting speed. It appeared that some frames were cleaner for moment then filter effect distortion kicks in. I am new to video editing.
3. On audio of #4 avi I hear what could be a "selective calling tone" or "tone signal" from a 2-way radio. Just curious to know if anyone has used something like this as evidence or this raises a red flag and we now need to consider xyz company . From my understanding of selcall , it is designed to be a unique identifier for the organization. The tone converted, like assembler 0-9, A-F. produces its intended purpose. Also has anyone decoded a wav file selcall sound?

Thanking any and all in advance for any help you may provide.