File Analysis And DVR Conversion Training From Amped Software

Si Biles, co-host of the Forensic Focus podcast, reviews Amped Software’s “File Analysis and DVR Conversion” training module, an advanced course for users of Amped FIVE.

One thing which is quite telling about the nature of digital video is that one of the entries listed on the Wikipedia page on video file formats[1] is called “Matroska”[2], named after the infamous Russian stacking dolls (матрёшка[3]) and so-called because there seems to be a never-ending set of things contained within other things.

There are thirty container formats and containers can (depending on which you select) contain a choice of video codec[4] from a cast of dozens of lossless and lossy options, and also audio codec[5] from a similarly well stocked stable. This is quite a large number of permutations and combinations of things that can be stuffed inside virtual boxes (almost as large a number as the varieties of KitKat that you can buy in Japan[6])!)

All of this comes before we get around to acknowledging that some of the manufacturers of video recording devices are – and I’ll be very generous here – interested in “pushing the state of the art” by coming up with their own implementations of video storage.[7]

This leaves us in an interesting position when it comes to video evidence. Once we have managed to pry the data from the icy grip of whatever device it has been recorded on – which, as I’m sure many readers of this review have experienced, can be less than straightforward – we then have to figure out how we import this into an analysis tool in a way that permits forensically sound examination. Fortunately we have Amped FIVE and the “File Analysis and DVR Conversion” training module to get us on the path to sorting out this conundrum.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


The training module I followed for this review was led by the inspirational Blake Sawyer. This is the second training course that I’ve attended from Amped – both with Blake and both online in the US time zone running 1100 – 1500 EDT, 0800 – 1200 PDT, which equated to 1600 – 2000hrs UTC for me. Other presentations of the course run in the European (CEST) time zone during the year as well, so there may be some better choices for our Antipodean colleagues!

A few days before the class I received an e-mail from Blake with a download link for course material (from Dropbox), a link to a Zoom meeting for the module and some suggested requirements for the course.

The recommended technical specifications are as follows:

  • 10Mbps or more internet connection
  • 5GB of disk space
  • Webcam
  • Suitable audio input/output for the call (does anyone not have this after COVID ?)
  • Two monitors or one big monitor

I suspect that all who have applied to the course are well aware (as I was) that Windows is required too – albeit only for running Amped FIVE, not for attending the training. Personally I was running a Mac with a virtualised instance of Windows for Amped FIVE, and I had no issues at all with keeping up with the examples and exercises given, and I was using just one (big) monitor to do it all on.

Blake started by covering the basic etiquette of muting when not speaking and reminded us of our data sanitation in not leaving PII on the screen if we were to share. Additionally he pointed out the prohibitions on screen capture or recording and not sharing the training material. I totally understand this – these courses are charged for, and thus being able to replay it without paying would be rather unfair. That said, playing devil’s advocate for a moment, it might be nice if someone who has paid could re-run things in their own time as a refresher or to help in grasping a concept between training days. This is always going to be a challenging balancing act, and I don’t think that it’s unfair of Amped to do it the way they’ve chosen, but it’s something to be aware of when you put your money down – make sure that you’re good at taking notes, and ask the questions while you have the chance, as later review isn’t an option.

The downloaded course material contained all of the samples for the course – with a wide range of content across a significantly wide range of scenarios that are representative of the real world. They proved to be sufficiently challenging for everyone involved in the course. Nobody seemed to be pulling hugely ahead or significantly dropping behind, so I think that these scenarios were well scaled in complexity for the audience. The download also contained a copy of the Amped FIVE software, with a license for the duration of the course plus a few extra days.

Over the course of the three days, Blake ran us through all of the examples and showed us how Amped FIVE can be used to get the most out of things that don’t initially seem to want to comply with examination. Blake’s skill with the product was impressive, and he demonstrated and shared this with us throughout the three sessions, using the tools deftly to resolve various ingest issues.

There were some power issues in Blake’s locality during the training, which of course were way beyond his or Amped’s control, but these challenges were quickly addressed with a very rapid redirect via Zoom on his mobile phone to let us all know what was going on, returning shortly after, a lot less ruffled than I think I would have been in his shoes!

Blake also did a good job of pointing us to online resources that were pertinent – I personally found those from the Scientific Working Group on Digital Evidence (SWGDE) really good[8] – and he touched on a few other things in selected slides from a shared deck although I would like to have seen more of the theoretical aspects of the subject matter referenced in these slides covered in the course. That said, I understand that attendees coming from the standard course may have found this overly repetitive. Perhaps, going forward, Amped could either offer a short refresher to ensure everyone has a solid baseline, or let attendees know before the course if there is any specific knowledge to brush up on (potentially by sending out the slide deck and highlighting such topics in advance).

This is a review of a training course, rather than a product, but needless to say, Amped FIVE is a very powerful tool, and the training unequivocally will assist a user in getting the most from it in an efficient way. Other than the point above about giving the theoretical aspects a little more airtime, I couldn’t recommend the course more.


[1] https://en.wikipedia.org/wiki/Video_file_format

[2] https://en.wikipedia.org/wiki/Matroska

[3] https://en.wikipedia.org/wiki/Matryoshka_doll

[4] https://en.wikipedia.org/wiki/List_of_codecs#Video_compression_formats

[5] https://en.wikipedia.org/wiki/List_of_codecs#Audio_compression_formats

[6] https://en.wikipedia.org/wiki/Kit_Kats_in_Japan – apologies if KitKats are not part of your nation’s normal confectionary supply – but seek some out, they’re worth it.

[7] Less generously, they’re an almighty proprietary pain in the neck.

[8] https://www.swgde.org/documents/published-by-committee/video

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 12th June 2024 5:51 pm

Digital Forensics News Round-Up, June 12 2024 #dfir #digitalforensics

Forensic Focus 12th June 2024 5:39 pm

Internal investigations and eDiscovery face rising challenges in the data collection landscape. There is an urgent need to preserve and analyze data; rising costs for server infrastructure and overhead and the increasing complexity and volume of data from emerging sources is overwhelming. Laptops, computers, phones, tablets, cloud sources, and messaging applications – data is stored anywhere and everywhere with employee communications being the riskiest data sources.

The scope and specific challenges of data collection affect organizations and law firms differently, presenting a need for a variety of solutions to best fit their needs. With Cellebrite’s suite of SaaS (Software-as-a-Service) cloud-based collection solutions, corporate investigators and eDiscovery practitioners can close investigations and get to review faster.

Cellebrite's market-leading SaaS based solutions minimize business disruption and save organizations money by:

- Eliminating the need for large upfront costs and maintenance expenses
- Minimizing overhead costs without hosting the solution, no hardware shipping, and no technical calls for assistance
- Minimal and predictable data collection costs, allowing you to scale your usage according to your specific needs and budgetary considerations
- Stay up to date with continuous updates to data sources with updates pushed to the Cellebrite cloud
- Close investigations and review discovery faster with cloud-based innovation
- Manage customer requests and provide transparency throughout your organization across the globe

Watch Cellebrite's webinar where Monica Harris, Product Business Manager, showcases how Cellebrite’s range of SaaS-based solutions have you covered whether you need remote collection across all devices, including computers, cloud sources, chat applications, and mobile devices or full-file system advanced collection capabilities across the widest range of mobile devices and applications.

Internal investigations and eDiscovery face rising challenges in the data collection landscape. There is an urgent need to preserve and analyze data; rising costs for server infrastructure and overhead and the increasing complexity and volume of data from emerging sources is overwhelming. Laptops, computers, phones, tablets, cloud sources, and messaging applications – data is stored anywhere and everywhere with employee communications being the riskiest data sources.

The scope and specific challenges of data collection affect organizations and law firms differently, presenting a need for a variety of solutions to best fit their needs. With Cellebrite’s suite of SaaS (Software-as-a-Service) cloud-based collection solutions, corporate investigators and eDiscovery practitioners can close investigations and get to review faster.

Cellebrite's market-leading SaaS based solutions minimize business disruption and save organizations money by:

- Eliminating the need for large upfront costs and maintenance expenses
- Minimizing overhead costs without hosting the solution, no hardware shipping, and no technical calls for assistance
- Minimal and predictable data collection costs, allowing you to scale your usage according to your specific needs and budgetary considerations
- Stay up to date with continuous updates to data sources with updates pushed to the Cellebrite cloud
- Close investigations and review discovery faster with cloud-based innovation
- Manage customer requests and provide transparency throughout your organization across the globe

Watch Cellebrite's webinar where Monica Harris, Product Business Manager, showcases how Cellebrite’s range of SaaS-based solutions have you covered whether you need remote collection across all devices, including computers, cloud sources, chat applications, and mobile devices or full-file system advanced collection capabilities across the widest range of mobile devices and applications.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_SE7Cl5jkigk

Maximising Data Collection With SaaS Innovations

Forensic Focus 10th June 2024 12:42 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles