Troopers tamper with patrol car video evidence

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
D

DeepThroat

Thread Starter
I'm involved in a court case where we filed a discovery motion for a patrol car video that would depict an illegal search and siezure. After months of foot dragging, the state patrol delivered a DVD containing a file that was supposed to be 40 minutes long, but was only 17 minutes long. We believe the lost data was intentionally edited out because the lost portion would have exposed the arresting officers to charges of committing felony perjury, conspiracy to commit perjury, lieing to obtain a search warrant, etc.

At the first suppression hearing, the computer trooper claimed he did everything the way he had done over a hundred times before, and thought he had downloaded and burned the DVD with the entire 40 minute clip. He had no explanation as to how the clip obtained by the defense had lost half of its content; he did speculate, however, that some sort of "accident" might have occurred, e.g., that something got "bumped" somewhere in the process. Meanwhile, of course, he failed to make a backup, and the patrol car video hard drive has been recycled, and so there is no means to make another copy, supposedly.

This is a .mpg file. We simply use Windows media player to view it. It works flawlessly.

Naturally, we don't believe a word they're saying, but the judge wants direct evidence. The first step would be to prove beyond a shadow of a doubt that the video was in fact shortened because someone loaded the video into an editing program and then deleted the last half.

I talked to two computer guys. One guy said the fact that the file plays at all is proof that it was edited; .mpg files are integrated wholes; you can't just randomly delete half the file, and expect it to play properly. The other guy said that he could see how a video file might lose the last half of its content through some mishap and still be able to play. He did say however, that there should be a header to the file that indicates how long the file should be. If the data was accidently lost, the header should say the length of the file is expected to be 40 minutes; if the file was edited, then the header should say that the expected length is only 17 minutes.

I tend to believe the first guy WRT to the fact that the video plays at all is proof that it was edited. Heck I tried to resave my test video from Notepad with no alterations, and now it won't play. That indicates to me that these files are extremely fragile.

On the other hand, the second guy has a good point WRT to the header. In Notepad, the file starts out with:

º! T9€"Õ » €"Õ !ÿ¹à. ¾óÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ . . . .

However, I also noticed that it has a similar looking trailer at the end:

. . . . ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ!#” F¿€"Õ ¾ ÿÿÿÿÿÿÿÿÿMCü

It seems to me if half the file was missing because of a mishap, there would be no trailer.

To sum up, there must be one way or another that can tell to a virtual certainty whether the lost data had been edited out with an editing program, or whether the data was lost through some sort of unknown mishap.

What do you guys think? Thanks in advance for your input. :)

DT
 

1002richards

Retired Trusted Advisor
Joined
Jan 29, 2006
Messages
5,333
Hi,
Are you looking for a qualified expert to provide expert opinion in a Witness Statement and testify under oath in Court and to be prepared to uphold their expert opinion in the face of experts put forward by the Prosecution?

Or are you just wanting a discussion on the possibilities? As this matter is sub judice you'll need to bear that in mind of course.

Richard
 

cwwozniak

Trusted Advisor
Spam Fighter
Joined
Nov 28, 2005
Messages
65,220
First Name
Chuck
You can probably find an expert knowledgeable enough to look at the pattern of ones and zeros at the start and and of a file and tell if the file has been edited or if it was corrupted. However, you need to understand that, given the right software, the same expert knowledge could be used to manipulate the ones and zeros to make an edited file look like it was corrupted or vice-versa.
 
D

DeepThroat

Thread Starter
Hi guys, Thanks for the input.

Richard said:
Are you looking for a qualified expert to provide expert opinion in a Witness Statement and testify under oath in Court and to be prepared to uphold their expert opinion in the face of experts put forward by the Prosecution?

Or are you just wanting a discussion on the possibilities? As this matter is sub judice you'll need to bear that in mind of course.
Both actually. I'm not even sure where to begin to find such an expert. We probably want some with specific video expertise; ordinary Microsoft Certified Programmers that I've talked to say they don't know enough about the specifics.

Meanwhile, I've been trying to educate myself as much as I can about the format. I've been fooling around with a bit editor, but can't find a key to .mpg headers (though I found a nice key that completely translates .mp3 header info).

One other avenue might be to try and recover the "lost" data. Supposedly, we have a court order to be allowed access to the hard drive; but I'm not optimistic about that; it's been recycled, and recovering video and putting it back together so it will play is like trying to put Humpty Dumpty back together.

Woz said:
You can probably find an expert knowledgeable enough to look at the pattern of ones and zeros at the start and and of a file and tell if the file has been edited or if it was corrupted. However, you need to understand that, given the right software, the same expert knowledge could be used to manipulate the ones and zeros to make an edited file look like it was corrupted or vice-versa.
These guys are keystone cop amateurs. I don't think they're that sophisticated. That's a good point to remember though. You never know.

@ Mumbodog: Thanks for the link! That's interesting; will have to try it out.
 
Joined
Oct 3, 2007
Messages
7,889
Getting the hard drive is the first thing you should do, then you will need a data forensics expert to analyze the drive and recover any files still on the hard drive, if the file was overwritten, then no one can recover it, then you will need your video expert to analyze any video files found.

Good Luck on your case.

.



.
 

1002richards

Retired Trusted Advisor
Joined
Jan 29, 2006
Messages
5,333
This link is the standard practice for digital media for many UK Police Constabularies. It's designed to ensure the integrity of digital images for Court purposes. Can the Police service that you're dealing with give you their version of this 'standard operating procedure so that you can look at what audit trail they should have?

http://www.kent.police.uk/About Kent Police/policies/n/n124.html
 
Joined
Jun 11, 2007
Messages
2
Richard said:
This link is the standard practice for digital media for many UK Police Constabularies. It's designed to ensure the integrity of digital images for Court purposes. Can the Police service that you're dealing with give you their version of this 'standard operating procedure so that you can look at what audit trail they should have?
Thanks for the link Richard. I like these parts:

9. Master CD copy

9.1. The master copy should be placed in an envelope specifically designed for a CD
9.2. The envelope should then be closed with a signature seal
9.3. The master CD should be stored in a dark, clean, dry and secure environment e.g. a filing cabinet.
9.4. Make a note within your audit trail of the Master copies reference number and location.
9.5. The master copy is your primary evidence and will be used in court to verify images you subsequently produce.
9.6. Any access to the master copy must be recorded in your audit trail.

...

12. Statutory period of retention

12.1. If the contents of the discs are used in a conviction the relevant discs must be kept for a period of 7 years or the duration of the sentence, which ever is longest.
12.2. If discs are not used in a criminal conviction, the period of retention is 5 years.
That's another fishy aspect about this. I work with computers everyday. Every day I make a new directory and save all my work for that day, so I can go back to any given day and show you what I did. That's just standard operating procedure just about anywhere. I told my lawyer to obtain a copy of the state police data preservation manual or whatever they call it. He's rather feckless though.

MumboDog said:
Getting the hard drive is the first thing you should do, then you will need a data forensics expert to analyze the drive and recover any files still on the hard drive, if the file was overwritten, then no one can recover it, then you will need your video expert to analyze any video files found.

Good Luck on your case.
I think you're right. It might not be too late to recover something. Unfortunately, the judge is hellbent on rushing this trial through. The suppression hearing is tomorrow. Then trial on Monday. Hopefully it will get continued. We'll see. If you don't hear back from me, it's because I'll be starting on my two-year mandatory minimum for having a little bit of weed....
 

EAFiedler

Retired Moderator
Joined
Apr 25, 2000
Messages
14,172
Warren Platts AKA DeepThroat, please be advised that you may have only one account.
Let us know which account you want to keep and the other will be deleted.
Thank you
 

Cookiegal

Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
116,622
First Name
Karen
Since you haven't replied to EAFiedler's post or to my e-mail sent a bit earlier, I've deleted the DeepThroat account.
 
Joined
Jun 11, 2007
Messages
2
Wow, I honestly don't remember signing up for this forum. Is this the one where the two guys used to have a radio show? So much for anonymity in the computer age eh? :eek:

I gotta laugh... :rolleyes:

@Cookiegal: Only email I got was one saying Mumbodog replied to my post.

@ Mumbodog: Thanks for the link. The point about the computerized log that details all access to the file was very interesting, and something I did not know about.

Also, there was a front page news article in the local Altoona paper where the cops beat up a guy, then charged him with assault; the whole thing was on the video camera, but the tape mysteriously disappeared. I guess police surveillance video is optional evidence.

Got a two week reprieve. Finally got a look at the actual file; the end of file marker usually present in .mpg files was missing. Perhaps these guys are more clever than I give them credit for, or perhaps that's just how their editor works. (Somewhere there must be a discussion forum for cops to discuss the tricks of their trade.) We're going to ask for an uncorrupted example of one of their video system, so we can compare the two.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top