File Analysis And DVR Conversion Training From Amped Software

Si Biles, co-host of the Forensic Focus podcast, reviews Amped Software’s “File Analysis and DVR Conversion” training module, an advanced course for users of Amped FIVE.

One thing which is quite telling about the nature of digital video is that one of the entries listed on the Wikipedia page on video file formats[1] is called “Matroska”[2], named after the infamous Russian stacking dolls (матрёшка[3]) and so-called because there seems to be a never-ending set of things contained within other things.

There are thirty container formats and containers can (depending on which you select) contain a choice of video codec[4] from a cast of dozens of lossless and lossy options, and also audio codec[5] from a similarly well stocked stable. This is quite a large number of permutations and combinations of things that can be stuffed inside virtual boxes (almost as large a number as the varieties of KitKat that you can buy in Japan[6])!)

All of this comes before we get around to acknowledging that some of the manufacturers of video recording devices are – and I’ll be very generous here – interested in “pushing the state of the art” by coming up with their own implementations of video storage.[7]

This leaves us in an interesting position when it comes to video evidence. Once we have managed to pry the data from the icy grip of whatever device it has been recorded on – which, as I’m sure many readers of this review have experienced, can be less than straightforward – we then have to figure out how we import this into an analysis tool in a way that permits forensically sound examination. Fortunately we have Amped FIVE and the “File Analysis and DVR Conversion” training module to get us on the path to sorting out this conundrum.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

The training module I followed for this review was led by the inspirational Blake Sawyer. This is the second training course that I’ve attended from Amped – both with Blake and both online in the US time zone running 1100 – 1500 EDT, 0800 – 1200 PDT, which equated to 1600 – 2000hrs UTC for me. Other presentations of the course run in the European (CEST) time zone during the year as well, so there may be some better choices for our Antipodean colleagues!

A few days before the class I received an e-mail from Blake with a download link for course material (from Dropbox), a link to a Zoom meeting for the module and some suggested requirements for the course.

The recommended technical specifications are as follows:

  • 10Mbps or more internet connection
  • 5GB of disk space
  • Webcam
  • Suitable audio input/output for the call (does anyone not have this after COVID ?)
  • Two monitors or one big monitor

I suspect that all who have applied to the course are well aware (as I was) that Windows is required too – albeit only for running Amped FIVE, not for attending the training. Personally I was running a Mac with a virtualised instance of Windows for Amped FIVE, and I had no issues at all with keeping up with the examples and exercises given, and I was using just one (big) monitor to do it all on.

Blake started by covering the basic etiquette of muting when not speaking and reminded us of our data sanitation in not leaving PII on the screen if we were to share. Additionally he pointed out the prohibitions on screen capture or recording and not sharing the training material. I totally understand this – these courses are charged for, and thus being able to replay it without paying would be rather unfair. That said, playing devil’s advocate for a moment, it might be nice if someone who has paid could re-run things in their own time as a refresher or to help in grasping a concept between training days. This is always going to be a challenging balancing act, and I don’t think that it’s unfair of Amped to do it the way they’ve chosen, but it’s something to be aware of when you put your money down – make sure that you’re good at taking notes, and ask the questions while you have the chance, as later review isn’t an option.

The downloaded course material contained all of the samples for the course – with a wide range of content across a significantly wide range of scenarios that are representative of the real world. They proved to be sufficiently challenging for everyone involved in the course. Nobody seemed to be pulling hugely ahead or significantly dropping behind, so I think that these scenarios were well scaled in complexity for the audience. The download also contained a copy of the Amped FIVE software, with a license for the duration of the course plus a few extra days.

Over the course of the three days, Blake ran us through all of the examples and showed us how Amped FIVE can be used to get the most out of things that don’t initially seem to want to comply with examination. Blake’s skill with the product was impressive, and he demonstrated and shared this with us throughout the three sessions, using the tools deftly to resolve various ingest issues.

There were some power issues in Blake’s locality during the training, which of course were way beyond his or Amped’s control, but these challenges were quickly addressed with a very rapid redirect via Zoom on his mobile phone to let us all know what was going on, returning shortly after, a lot less ruffled than I think I would have been in his shoes!

Blake also did a good job of pointing us to online resources that were pertinent – I personally found those from the Scientific Working Group on Digital Evidence (SWGDE) really good[8] – and he touched on a few other things in selected slides from a shared deck although I would like to have seen more of the theoretical aspects of the subject matter referenced in these slides covered in the course. That said, I understand that attendees coming from the standard course may have found this overly repetitive. Perhaps, going forward, Amped could either offer a short refresher to ensure everyone has a solid baseline, or let attendees know before the course if there is any specific knowledge to brush up on (potentially by sending out the slide deck and highlighting such topics in advance).

This is a review of a training course, rather than a product, but needless to say, Amped FIVE is a very powerful tool, and the training unequivocally will assist a user in getting the most from it in an efficient way. Other than the point above about giving the theoretical aspects a little more airtime, I couldn’t recommend the course more.


[1] https://en.wikipedia.org/wiki/Video_file_format

[2] https://en.wikipedia.org/wiki/Matroska

[3] https://en.wikipedia.org/wiki/Matryoshka_doll

[4] https://en.wikipedia.org/wiki/List_of_codecs#Video_compression_formats

[5] https://en.wikipedia.org/wiki/List_of_codecs#Audio_compression_formats

[6] https://en.wikipedia.org/wiki/Kit_Kats_in_Japan – apologies if KitKats are not part of your nation’s normal confectionary supply – but seek some out, they’re worth it.

[7] Less generously, they’re an almighty proprietary pain in the neck.

[8] https://www.swgde.org/documents/published-by-committee/video

Leave a Comment

Latest Videos

Digital Forensics News Round Up, February 28 2024 #digitalforensics #dfir

Forensic Focus 29th February 2024 4:58 pm

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles