Embed Size (px)
Citation preview
www.encase.com/ceic
Project Vic
Law Enforcement Proof of Concept Project
· Promoting a “Victims First” No Child Left Behind approach
· Improving the quality of law enforcement exchange data
· Standardizing law enforcement data formats
· Promoting/facilitating grass roots data exchange efforts
There are tens of thousands of images of child exploitation materials seized by police, much of which are destined to be left on hard drives and in evidence lockers all over the United States. Traditional forensic workflows combined with sentencing guidelines and the sheer volume of offenders has created an epidemic and an environment where child victim images are undetected, undiscovered, and never investigated. The failure of this detection enables the continued access and abuse of these children.
Selection for Prosecutorial
Review
NCMEC
(4 – 8 weeks)
Seizure
Forensics
(3 – 18 mos)
Image/Video Review
Manual Submission
No Hash Standards
Binary Hashing
No Quality Control
Proprietary formats
Uncategorized
ALERT!
Non-Pertinent set: 42M hashes to filter outCat 1: Illegal material alertCat 2: Non abuse but depicts victims alert
Category 2 CAM
Supporting
Category 1 CAM
Non-Pertinent
Create robust hash sets (including
PDNA) at C3 VIP
Automated NCMEC
Submission
Prosecutorial Review
SeizureIntegrated Forensics
Image/Video Review
Robust Hashing/advanced
Technologies
Categorization
Robust Hashing Service
Quality Control
Automation
Interoperability
Submit o
NCMEC
…
Putting it all Together !
An ecosystem and structure that creates an environment for efficiencies and work practices to promote rescuing children earlier in the investigation process.
Typical Process Flow
Hashing Protocols – PV1 Hash
Image Hash Records
New comprehensive PV1 Hash is based on a Json Odata hash record
Includes all Meta data
Security
Ownership
Meaning
Flexible
Protocol
A new approach
Law enforcement-led data model, industry standard protocol
Data model
Non-Proprietary Hashing
Formats
Protocols and formats of the
hashes are managed on a
well known developer portal
called “GitHub”
Vendors or anyone relevant
to the furtherance of Child
Exploitation Technology can
access and adapt their tools
to contribute to the
Data Model of PV1 Hash Record
Allows for additions and subtractions without requiring vendors and services to change input and output routines.
Allows for the addition of “Alternative Hashes” so vendors can add their own proprietary hashes .
Project Vic
PV1 Data model 1.0
Our Tools
Media Tools allow us to closely examine Images and Video and leverage the attached
Meta-Data.
These tools complement your forensic tools and allow for a closer examination of the
media, allowing for categorization work and Victim ID practices.
Odata into the Hash Cloud Service
Blue Bear LES
Building an Ecosystem of Law Enforcement
Tool Providers
Categorization
Autopsy
ZIUZ VizX2
Image Matching Capabilities
Hashing Protocols
Video Hash and Fingerprinting:
Goal to establish an open source standard much like PhotoDNA
Non Proprietary
Lightweight
Performance and accuracy
Licensed to Law Enforcement and LE Tool Providers to build ecosystem
Look at Industry for Answers
Video Finger Print Fingerprint size (in bytes) = [duration of video in seconds] x 8
Example sizes:
A 5 second video: 40 bytes
A 1 minute (60 seconds) video: 480 bytes
A 5 minute (300 seconds) video: 2,400 bytes ~ 2.3KB
A 15 minute (900 seconds) video: 7,200 bytes ~ 7KB
A 30 minute (1,800 seconds) video: 14,400 bytes ~ 14KB
A 1 hour (3,600 seconds) video: 28,800 bytes ~ 28.1KB
A 3 hour (10,800 seconds) video: 86,400 bytes ~ 84.4KB
100 hours of video: ~2.7MB
1000 hours of video: ~27.4MB
10,000 hours of video: ~275MB
100,000 hours of video: ~2.7GB
1,000,000 hours of video: ~27GB
What can we remember Compared to what
technology can remember and compare
Where are we Today:
Image Submissions and Analysis:
Have categorized and quality controlled 1.5million into three categories.
An additional 2.5 Million files have been collected of which 2 Million are unique.
Additional images are being worked on so the set can be increased.
New Data Model 1.0 of the ODATA Hash records can now be exported and imported into NetClean Analyze, Blue Bear LES , ZiuZ ViZX2, Magnet forensics, Autopsy and imported / exported by the HubStream Cloud.
Multiple forensic vendors are cooperating in the ODATA Protocol hash initiative.
Video fingerprinting technology is being tested and evaluated in order to establish a video fingerprint standard much like PhotoDNA for images.
Conclusions
Movement focused on how you want to share your data
Movement to identify bottlenecks and un-necessary practices impeding
your workflows
Movement to find solutions we can live with in the next 5-7 years
Movement to make incremental changes and improvements suggested
by a collective group
The payback
• A fundamentally more scalable response to victim identification.
• An ecosystem of compatible products bringing new innovation.
• And ultimately, faster rescue of victims.
For More Information:
www.Projectvic.org
https://www.facebook.com/projectvic
