Basis Technology has just released v1.0 of a new module for the Autopsy Digital Forensics Platform – Video Triage for Autopsy. Video content analysis can be time consuming for an investigator. Normally an investigator would need to watch an entire video either at normal or accelerated speed or scrub through and potentially miss key components. The Video Triage module for Autopsy creates a storyboard of a video by grabbing key frames at equally spaced intervals in the video and displaying these as thumbnail images.

There are typically two major use cases for what the Video Triage module provides:

  1. Getting a gist of what a video file contains in terms of its primary content
  2. Identifying whether or not there is content embedded in the middle of an otherwise mundane video (read: abusive acts at minute 35 of a scenic home video)

It’s important to realize that using the Video Triage module isn’t a replacement for deep analysis, but given the potential amount of video footage analysis that some investigations require, it can provide a good first step towards data reduction and identifying candidates for deeper analysis.

autopsy-video-1-resized-600

This is the first time we’ve released a public module as an add-on to take advantage of the platform aspect of Autopsy. We’ve even included an auto-update feature for the module so that as new features are added and bug fixes get applied, as long as you have Internet connection, you’ll get a notification about the update and be able to apply it right from Autopsy (no external web browsing needed).

Check it out at the Autopsy Modules area of our site.

Extensibility of Autopsy

Autopsy was built as a platform specifically to allow for these types of modules to be created. Any organization or individual can develop these types of extensions. A great place to start is by looking at the developer docs for the project. We’ve also put forth an Autopsy developer challenge for OSDF 2013.

Another example of a similar content viewer module we’ve created integrates Basis Technology’s Rosette Linguistics Platform to translate and highlight names, organizations, and locations from documents viewed in Autopsy across a variety of languages. Currently this module is in the proof-of-concept stage, but could be further expanded for a full featured module.

autopsy-video-2-resized-600

Both the Video Triage and RLP viewer modules are examples of content viewer modules. For a description on the other types of modules that Autopsy supports, check out the API docs.

Video Triage Future Updates

In v1.0 we’ve released the core of what we wanted to get out to the community, but there are still areas for improvement. Most notably, we’d like to include some user options to increase the size of the thumbnails that are generated as well as the number of thumbnails (currently set at 12 for each video). These decisions were initially made to balance some of the performance trade-offs that would accompany larger thumbnails and more key frames, but we’ve got some ideas on how to counter those such that we can leave it up to the user based on their preferences.

Other ideas include allowing sub-segments of the video to be played independently from where the thumbnail was captured to give more context to the investigator about the key frame and pre-processing video on ingest (versus on demand to improve performance).

If you download the module and have ideas for future improvement, we’d love to hear about them. Feel free to email us at digital-forensics-support@basistech.com to share your ideas for this or any other modules you’d like to see developed.

 

[rb_sharing facebook=”true” twitter=”true” google=”true” pinterest=”true” width=”1/1″ el_position=”first last”]