Free & Open Source Software (FOSS) has been used by Digital & Multimedia Evidence (DME) analysts since prior to the very first certifications in any of the related DME disciplines (e.g. computer forensics, mobile forensics, video forensics, audio forensics, image analysis). FOSS has transformed the landscape of each of those disciplines in the process. Below are some resources on a few of our favorite FOSS projects related to DME processing.
We’ll start by reminding everyone that tool validation is the responsibility of the individual and agency. While not everyone operates in an ISO accredited lab, everyone should be testing and validating their tools for each task at hand. For more information on tool validation and testing, check out the SWGDE Recommended Guidelines for Validation Testing as well as the NIST Computer Forensics Tool Testing Program
Even though many multimedia FOSS apps are simply a GUI front-end for FFmpeg or Libav on Windows, we’re all for the conveniences that some of them provide. Those conveniences often come at the cost of accuracy and control though, and maybe what bothers us more is that they often facilitate ignornance in regards to the actual processing of the evidence. EVERY piece of software ever made will have strengths and weaknesses; you should know them before you use them, especially on evidence, and certainly long before you’re asked about them in court.
We can provide introductory level training on all of the FOSS tools referenced below (and more), which includes discussion about their many strengths and weaknesses, as well as hands on practical use. In fact, we can provide introductory level training remotely 1-on-1 or we can bring the training to your location for teams & larger groups. Contact our sales staff to learn more about how we can help you with your DME related training needs.
Forevid is essentially a collection of FOSS applications tied together using Python and a GUI front-end developed with Qt; it leverages FFmpeg, AVIsynth, MediaInfo, and more. The project website is no longer active (www.forevid.org), but it is still available via SourceForge. Although it hasn’t been updated in years, it still provides more functionality than some commercial solutions. It was originally developed as a Master’s Degree Thesis project by Sami Hautamäki (more info).
Non-destructive; can open files via FFmpeg, DirectShow, VfW or AVIsynth; can generate a Project Report with all MediaInfo-scraped metadata, settings and steps applied; can easily review multiple videos & bookmark frames with notes, then export those frames as images OR generate a PDF with those frames & your notes; can encode lossless via x264; has a basic image editing application for simple redaction; can combine videos; has multiple clarification filters (e.g. levels, blur, sharpen, etc.); provides live preview for most filters, and more!
- Project Site: https://sourceforge.net/projects/forevid/
- Windows Downloads: https://sourceforge.net/projects/forevid/files/latest/download
- Project Activity: Inactive since 2013
- Strengths: GUI access to multiple FOSS tools; ability to open via multiple frameworks; project-based; project reports; lossless x264 encoding; quick & easy to review multiple videos and export frames of interest to PDF with notes.
- Weaknesses: No longer developed; no “undo”; outdated FOSS libraries (e.g. older releases of AVIsynth, FFmpeg, etc.); limited encoding options.
“A complete, cross-platform solution to record, convert and stream audio and video.” FFmpeg is the most widely used multimedia processing engine in the world, leveraged by everyone from those in the Fortune 500, to Joe video geek in his basement. It has been the “engine” for a plethora of widely used, Windows-based consumer multimedia applications almost since its inception in 2001 (e.g. Handbrake, Super, VLC, MPC-HC, etc). It was vital to the explosion of multimedia apps and websites, such as YouTube, and continues to be the engine for many.
As with any tool, however, it must be employed properly to obtain accurate and repeatable results. It’s also important to note that not all Windows builds of FFmpeg are the same, as it is comprised of many optional libraries, among other things.
Honestly, there are far too many to list, but a few of those that are most helpful in a DME workflow are: extracting metadata from video files & streams; opening files (including many proprietary files); extracting streams; re-wrapping files; extracting images; re-encoding; lossless encoding via x264; concatenating; merging streams, and many more.
- Project Site: www.ffmpeg.org
- Windows Downloads (Zeranoe’s Builds): https://ffmpeg.zeranoe.com/builds/
- SWGDE Technical Notes on FFmpeg: SWGDE’s document about FFmpeg is a great place to start learning this tool. Visit the SWGDE Current Documents page.
- Project Activity: Very active, frequent updates.
- Strengths: Cross platform; supports obscure formats (leverages libav filter libraries); highly portable; fast.
- Weaknesses: Command line (no GUI); commands & switches occasionally change (i.e. deprecated); plays proprietary files by ignoring container and metadata, like other tools, and may not identify all streams in proprietary files*; difficult to document & interpret errors encountered.
* – This is an issue for any tool that displays a proprietary multimedia file, despite not knowing how to parse the container. It is more of a concern with FFmpeg, in our opinion, because FFmpeg is typically more successful at playing proprietary multimedia files than other solutions.
“VirtualDub is a video capture/processing utility for 32-bit and 64-bit Windows platforms (98/ME/NT4/2000/XP/Vista/7)”…8, 8.1, and 10. It has been a go-to tool in my toolbox for dealing with video evidence since I began working in the field nearly 20 years ago, and remains just as valuable to my work today as it did then. VirtualDub was designed for working with the antiquated Video for Windows (VfW) and DirectShow frameworks, and is based largely on the AVI container (both AVI 1.0 and OpenDML).
Non-destructive; has many filters and import plugins available via 3rd parties that allow it to work with modern file formats (e.g. MPEG-2, MP4, MKV, etc); can open some proprietary file types using FFmpeg; can re-wrap video and/or audio streams; edit video and audio; extract audio; export frames, and more.
- Project Site: www.virtualdub.org
- Windows Downloads: http://virtualdub.sourceforge.net/
- Filters (Donald Graft’s VirtualDub filters): http://rationalqm.us/mine.html#virtualdub
- Import Plugins (VideoHelp.com): https://www.videohelp.com/software/Virtualdub
- Project Activity: Actively developed, rare core application updates.
- Strengths: Ability to interrogate, play & process AVI files; extracting frames; batch processing; integrated Hex editor & RIFF chunk tree viewer; re-wrap streams without transcoding; extensive filtering options; highly portable; fast.
- Weaknesses: Single track NLE; plugins used to open other file types add another link to the filter chain; only writes AVI files for video.
Exiftool, by Phil Harvey
ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.
MediaInfo & MediaInfoOnline
MediaInfo is a convenient unified display of the most relevant technical and tag data for video and audio files. Additionally, they now provide MediaInfoOnline, which is a browser tool that does not require any software on your computer, nor does it upload anything to their servers.