Monday, December 26, 2005

this is an audio post - click to play

Looking back to 2005

Just finishing work and cleaning up the administration. This year has been a year with a wide variety of issues. The organization of conferences, doing some casework, several research initiatives and chairing the ENFSI-FIT group and the AAFS Engineering Sciences Section. I look back to nice conferences from ENFSI, IAFS and AAFS this year, and hope the cooperation in 2006 will be even better.

We see that the Internet is evolving and initiatives as the wikipedia are a good example how book publishers have a real problem to survive with their current marketing situation. I also have to write several contributions, however it appears to be more difficult, since information is not as fast as on the Internet. The valuable reviews are of course important, however for the reviewer it is getting more complicated to do an in-depth review. It is for example when I started in forensic science feasible to do some review of source code of software. Also this gets more complicated, since we have to take into account that also the operating systems upgrade very fast, and it is in theory possible that a certain program will work different on a different version of the OS with a bugfix. Having said that, we certainly should put effort in validating and reviewing the information in a prompt and proper way as is feasible.

What did I learn further this year ? As always projects tend to take more time then expected. I have some backlog with several projects. In contrary there are also projects that work better then expected, since not all things are predictable. It is the same with casework. It is nice to think that in some ways we are working in a casino-society as some people call it. The forecasts influence the results, and in this way many processes become inpredictable.

Also this year we did some step forward with the Bayesian conclusions in our report. The readability is still a problem :

In the past we had conclusions as probable etc. Now we have conclusions as there is support for a certain conclusion. This year we had discussions to modify it to from the examination results hypothesis 1 is more probable then hypothesis 2. We will see what happens, however the form of this conclusion might also change.

Tuesday, December 06, 2005

December

As allways December is a month to reconsider and finish work (especially the last week of December is very quiet, and is good to do that research you had never time for if you have to go to work). In this month of course casework, and always the conflict between speed and quality. Managers want to have the cases processed faster each time, however the problem is that chances for mistakes are somewhat higher then. However of course, I may not complain, since they are also aware of this issue.

This month some vacation time, a meeting in Rome with the ENFSI chairpersons of the working groups, some meetings etc. I was also busy with our internal certification process. The rules around this system are sometimes to strict in my opinion. Last week a colleague should have an exam with expert witnesses from Germany and the UK. Suddenly they stopped this examination since some of the details in new rules (that were not approved yet), were not fulfilled. It is the bureaucrazy;) that rules. A better alternative might be an independent or perhaps several bodies that does this kind of testing, and not a combination of colleagues. There are several efforts for this, for instance in the UK, the USA and within the ENFSI.

Of course also preparing work for the AAFS-conference and several other meetings. For FIDIS a re-review of a document. All to be finished at the end of December, so perhaps it will not be a quiet month after all.

Wednesday, November 02, 2005

November

This month we had a part of our deliverable with spoofing biometric devices ready, which is available from

http://forensic.to/webhome/geradts/Biometric_devices.doc . The final version of the complete FIDIS document will be ready in two months and available from www.fidis.net . I also received many questions and some remarks of manufacturers for the presentation that I gave at www.biometrics.e-symposium.com . It appears that people download the presentation from this site later on. It was my first experience with this kind of e-symposium. Normally the information will be corrected later on in questions. Since the voice is recorded, in this case it appeared that one of the claims I did was somewhat overstated. We could not circumvent the vein scanner liveness detection with the version that was delivered later in our research. What did I learn from this ? In these kinds of presentations it is better to write out the information first, and then record the information.

This month I was also busy with some ddos-attacks on the www.forensic.to site and moving the forens-l mailing list www.forensic.to/forens to this server.

Wednesday, October 19, 2005

October

This month was quiet. I had vacation (this time we went to Izmir, Turkey), and could finish some reports for FIDIS. Of course always busy with preparing meetings, some casework, some research and development and new project plans for 2005. I was somewhat confused by a Dutch journalist/writer who wrote that I am an ubernerd.

The eyes still went well, and I could see more than in the past. I was wondering how this works out in visual comparison in the day to day job as a forensic scientist. It would be good to start a project on this. Now I can see 140 percent and it used to be 120 percent (compared to the average person who can see 100 percent).

Friday, September 23, 2005

September -3

The laser-operation worked out well. I can see more clearly then ever before. Last week we had the ENFSI Forensic IT conference joint with FIDIS and IOCE. There were over 50 participants, and it was organized in Amsterdam, with a visit to our new lab in Den Haag. It seemed to be excellent and there were many good presentations. Much was focused on mobile devices.

Our lab was in the dutch news, more information is available from http://www.expatica.com/source/forum_thread.asp?channel_id=1&thread_id=29307 . There was lots of discussion on this during the last week in dutch press.

Wednesday, September 07, 2005

September 2005-2

Yesterday evening I went to have laser surgeon of my eyes with LASIK. It was an interesting experience. They made a thin flap of 110 microns, which also was verified and appeared to be correct, in order to correct my astigmatism of -7.0 . The laser procedure in total only took 20 minutes in total. For making the flap the sight was shortly black, and then during the laser, I saw a green light with red and white light. There was some pressure on the eye, however it was not painful. During the procedure there was a smell of burnt tissue. With one eye I had moved a little, however the laser tracker worked fine and switched off. After the procedure the eyes had some glare vision, and after several hours it became clear. I can see without glasses of contact lenses, and it appears to be OK. The equipment used is shown at www.opticlinic.nl .

Sunday, September 04, 2005

September 2005

Last month the IAFS www.iafs2005.com in Hong Kong was a very well organized event, with much on digital evidence going on there. For the first time I also did some demonstration in a workshop on this field, with two software products that we develop at the forensic institute, TULP2G http://tulp2g.sourcefourge.net and rdddisk (this will be available also as open source distribution). Further in the scientific session I gave a talk on biometric systems and some of our Research and development. It was of interest to see that in the medical systems, the 3D-measurement systems (with laser and interferometry).

It was very nice to meet so many colleagues in different fields from all over the world. Still there were only a few African countries involved in this field, so who knows the next meeting in New Orleans in 3 years will also resolve this.

This month will be somewhat hectic. When back from Hong Kong I had a flue (even in summer that appears possible). However in one week I am looking forward to the organization of the FIDIS and ENFSI Forensic IT working group meeting www.enfsi.org . So, we have to finalize the first report for FIDIS www.fidis.net . This weekend I worked further on that, and the contents and contribution seems more promising than I expected. We will look to different issues on forensic identity management, from biometric devices to mobile systems combined with a law perspective on the various law systems in different countries. The multidisciplinary approach of this network gives more insights of a subjects and more views, than would be possible with just the forensic field involved in it.

On September 28th http://www.biometrics.e-symposium.com/ will be held, and I hope to present some of our new results with biometric devices and the FIDIS project. It is my first experience with presenting on such an online-conference. The access is free to anyone who registers.

Sunday, July 24, 2005

July 2005

This month I just work, and now the vacation period starts. I had several things to finish. The nicest thing is I can go the International Association of Forensic Science www.iafs2005.com meeting from 20-26 August in Hong Kong. I will give a presentation at a workshop and a scientific paper on biometric devices in the digital evidence session.

The other things I have to finish are abstracts for the AAFS www.aafs.org meeting next year in Seattle. The deadline is August 1st. I was planning to submit a workshop on Video and Image Investigation with the same team as last year. Furthermore a paper on Formats and CODECS, Biometric Devices and perhaps a paper on image processing of fingerprints. As chairman of the Engineering Sciences section I also have to write a contribution to the newsletter before August 1st.

This month I also had some casework, which was mostly routine. The worst thing I had was with the audit reports on a European Network of Excellence project FIDIS. Although I like doing the work in the project, this did not work out with the accountants. Our accountants are very afraid to give an audit report since cases as Enron etc, and that means that they will look after any small detail, and for a relatively small sum, 10 percent of the cost and work is in the meantime audit costs. They still refuse to give such a report, and are on vacation untill September (which is of course to late for the European Commission). That is the dark side of these projects, they cost lots of bureaucracy and the creativity and enthousiasm is lost for the work if it works like this. This is also true for many other project management models, such as Prince 2. This month I had so many reports with lots of text, that it was not easy to find how the project is working out. Although there are good things in them, I prefer to keep reporting simple and transparant, and that does not work out with the implementations that I have seen with these models.

I am looking forward to our conference that we organize in Amsterdam on ENFSI/IOCE/FIDIS. More information is available at http://www.enfsi.org .

Friday, July 01, 2005

June 2005 -2

The summer vacation for many colleagues has begun. That is the time that I have some time for writing, finishing articles and publications. We are currently just testing the biometric devices, and also some claims of the manufacturers. For example with the vein pattern detection methods. This week we were freightened how easy veins could be imitated with very simple equipment at our laboratory. Just a pen and paper will do the trick. More information will follow in the FIDIS report.

The social acceptance of fingerprints in biometric systems is rapidly improving. Of course the fingerprint can be spoofed, however it can be useful in various applications. It is also for convenience. For instance with the credit card banks and customers accept that data can be copied and lost easily, since there is trust in the system. When developing and implementing such systems the user and manufacturer should be aware of the risk of theft of information. Of course at one side people with claim if you have nothing to hide, you can share all your information, however at the other side is that databases can be used later on (maybe in 20 years), when many rules, laws and or governemnts have been changed, which makes is inpredictable what happens with this data.

This month I also changed my web provider, and migrated all the data. The advantage is more storage, bandwith and scripting possibilities against lower costs ! This week I also received permission for the IAFS in Hong Kong www.iafs2005.org .

Tuesday, May 24, 2005

June 2005

Several papers had to be finished. One on identity theft on biometric systems and the other one on profiling in forensic databases for FIDIS www.fidis.net . Finally I also have some time for doing more casework. I had organized a workshop on digital video as evidence, and that also took some time.

Red tape procedures also had to be taken care of. In my experience it is often easier to get used to the procedures then to be against them, since that often does not make much sense. On the end even bureacracy in European projects and government can be handled if you have some experience with them.

What did I write on profiling for FIDIS ?

Profiling in Forensic Science
Author Zeno Geradts – Netherlands Forensic Institute

Introduction

Current situation

In forensic science, currently there exist many different databases that can be used to link cases and suspects :
Firearms : Cartridge cases, bullets
Fingerprints
DNA
Faces
Tool marks (e.g. screwdrivers )
Shoe prints
Handwriting
Paint and glass
speaker
….
In practice there is experience with combining those databases for combining evidence, however often searching between databases is not easy, since the data the data models and entry of data is often different between them.

If we look at digital evidence on the internet, for example in internet hacking cases, then one needs to examine log files and other files. In this field also some cases have been submitted. A question that always arises with these cases is however who was really behind the keyboard at a given moment. If biometric devices are used more (and spoofing of biometrics is not used), it is also possible to follow persons. The logs of the antenna’s mobile operators, can also be used to examine the position of a person at a given time.

Expectation

We expect that in future databases, the data models will become more standardized, in such a way that they can be combined with other databases such as :
Face and 3D images and other biometrics of everyone (ear, iris, fingerprints, DNA etc)
Banking and insurance transactions : money laundering
Telecommunication traffic and interception (location GSM and internet)
All computer actions and storage
Records of toll ports / public transportation
Board computer in private transportation (cars etc)
GPS
Customer loyalty programs (air miles etc.)
Surveillance cameras (also satellite images)
Digital traces in domestic applications (e.g. coffee maker, microwave, heater)
Ambient intelligence

Examination and combination of data is currently possible in Dutch law if there is a severe crime involved and a court order is needed (depending on the kind of information).

For the passport for example it will be possible to track someone if the ICAO-standard is implemented without any protection. The passport will have a wireless chip in it, and information concerning face and fingerprint can be extracted from a distance. Currently in trials in the Netherlands more protection is used in such a way that one needs more information concerning the machine readable zone of the passport. However if countries do implement it without any protection, then possibilities exist that information concerning the passport they carry can be extracted from a distance.

Discussion

The question arises if the kind of evidence with the combination with many different databases, such as surveillance systems with non-structured data, is feasible. Also the amount of data that is collected grows very rapidly, and the question is if it is feasible to store this data in a proper way.

Furthermore, it is expected that there are more false positives when combining different databases. If a ‘cold’ hit is found in the database, which means that there was no prior information that a certain suspect would be involved in the case, false positives are possible. For example, if DNA would be collected of all citizens of the world, and the search would be against this database, then roughly at least 6 suspects would be found with current methods, and probably more since family relations are not accounted for.

The questions also arises if the databases are filled correctly. In most databases data entry errors exist. For this reason standardization of databases is required before the databases are searched through routinely. At final the evidence for one case might be stronger, since other relations that were not found before can also be used in a certain case. How far society would like to go with profiling in (forensic) databases, depends of course on the laws.Appendix RFIDS

Introduction

Radio Frequency Identification TAGS are expected to be used very often in products at retailers and cards for traveling. Currently the Wal-mart in the USA, Metro in Germany and Tesco in the United Kingdom are requiring RFID-tags on the products. Also the department of defense in the United States is requiring tags on the products from the suppliers. Tracking and tracing are the most important reasons for this requirements (also in the war in Iraq this was convenient for the transportation of equipment and tracking). Losing or misplacing products, parts or equipment will result in higher costs.

It is expected that in 2008 more than 20 billon RFID-tags are used[i] . Most of them will use the EPC-standard (Electronic Product Code). For reading those tags it is expected that 100.000 EPC-readers will be sold. It is expected that the tags will drop to several euro-cents per tag.

RFID-technology

A RFID-system consists of different components :
One or more tags (transponders), consist of a microchip and an antenna
One or more reader and writers including the RF-modules
Application software connected to the reader/writer

RFID-tags exist in two forms :
Active (with a power supply )
Passive (need power from the signal of the reader)

Active RFID-tags are somewhat larger and more expensive, however they can be used at a larger distance. Passive tags can be used in consumer articles and are cheap. They can also be used in labels.

Furthermore, RFID-tags can be read-only and read-write. The read-write tags are used with an encrypted identification number, where authorized users can change the information.

The retailers are requiring their suppliers, to use the Electronic Product Code (EPC). This standard has been developed by MIT’s Auto-ID center, and is managed by EPCglobal, which is a non-profit joint venture between two organizations : EAN (European Article Numbering) International and the Uniform Code Council. The second generation of UHF EPC-standard has been ratified in December 2004. In January 2005 this standard is submitted to ISO.

For RFID, the ISO standards concern :
Technology ISO 18000
Data content (ISO 15418, 15434, 15459, 24721, 15961 and 15962)
Device conformance test and performance (ISO 18046 and 18047)
Application Standards (ISO 10374, 18185, 11785)

Security of RFID

In July an article in Forbes [ii] presented a hackers guide to RFID. It would be easy to hack a tag, and change price information on a tag. After this there were also privacy concerns for the consumers. The cheap tags are just readable tags, and they can not be altered easily. Also when using a write-once tag, most often the price is not included in the product, since they will use a serial number for the product. It is however an aspect that has to be taken care of.

Example of RFID-labels from http://www.bluhmsysteme.com/rfid-etiketten.htm

Forensic aspects of RFID and profiling

RFID tags can be used also in forensic science, to follow a person based on the RFID-tags one carries in products. Example : there is a unique RFID-tagnumber on a package of cigarettes. A person steals this package in Amsterdam from a store. Theoretically it is possible that within European databases of stolen goods, the person can be arrested in Brussels when they scan the RFID-tags of this person. The same applies of course to the earlier mentioned passport with a chip. The key elements are RFIDs, in combination with databases and if stored properly, it can be used as evidence.

The use of standards makes it also easier for forensic science to develop tools to read out the information in a forensic proper way.


Privacy

Also EPC is worried about privacy aspects. For this reason they have implemented certain privacy guidelines[iii] :
Guidelines
1. Consumer Notice
Consumers will be given clear notice of the presence of EPC on products or their packaging. This notice will be given through the use of an EPC logo or identifier on the products or packaging.
2. Consumer Choice
Consumers will be informed of the choices that are available to discard or remove or in the future disable EPC tags from the products they acquire. It is anticipated that for most products, the EPC tags would be part of disposable packaging or would be otherwise discardable. EPCglobal, among other supporters of the technology, is committed to finding additional efficient , cost effective and reliable alternatives to further enable customer choice.
3. Consumer Education
Consumers will have the opportunity easily to obtain accurate information about EPC and its applications, as well as information about advances in the technology. Companies using EPC tags at the consumer level will cooperate in appropriate ways to familiarise consumers with the EPC logo and to help consumers understand the technology and its benefits. EPCglobal would also act as a forum for both companies and consumers to learn of and address any uses of EPC technology in a manner inconsistent with these Guidelines.
4. Record Use, Retention and Security
The Electronic Product Code does not contain, collect or store any personally identifiable information. As with conventional barcode technology, data which is associated with EPC will be collected, used, maintained, stored and protected by the EPCglobal member companies in compliance with applicable laws . Companies will publish, in compliance with all applicable laws, information on their policies regarding the retention, use and protection of any personally identifiable information associated with EPC use.
If they are properly used, and if the consumer can discard the EPC-tag easily from a product, this means that the example above with the package of cigarettes is not feasible, if the thief discards the RFID-tag.
Appendix Biometric Devices

The market of biometric devices is expanding rapidly, since it is convenient to use, and users can not forget their biometric properties. Some examples of biometric properties which are used in commercial systems:
Face
Fingerprint
Handscanner
Iris
Voice
Handwriting
In forensic laboratories also other means of biometric measurement are used for comparison:
DNA
Ear prints
Lip prints

In many countries DNA databases of persons who committed a severe crime and DNA found at the scene of crime are build, as well as a database of employees of the forensic science laboratories, to determine possible contamination. The laws forbid in many countries to use these data other then they are meant for (so for severe crimes, by court order and if applicable to the law).

In a world where no privacy laws exist, theoretically it would be possible to collect databases of fingerprints, iris scans, voice, hand writing and faces. These databases can be combined with another. If the databases are structured correctly, and not errors in names or links are made, these databases can be used to search for a person or a group of person by profiling. In such a way more crimes could be solved, and perhaps a stronger evidence is possible.

A problem is however that the 1:N comparison for example with faces, gives a high error rate. A good example is given at http://www.frvt.org/FERET/default.htm where a methodology has been used to examine different commercial packages and compare them with a standard database. If we look to the results of FRVT 2002, it can be concluded that on a database of 37,437 individuals which are read in a standardized form, first the 80 percent of the persons is identified (this means that 20 percent is identified incorrectly). After one year the identification rate drops with five percent. If we would have databases of millions of persons, there would be many false hits as is shown in the results :
71.5 % true accept rate @ 0.01 % false accept rate
90.3 % true accept rate @ 1.0 % false accept rate

Another test by NIST on fingerprints, gives a better results http://fpvte.nist.gov/ . We can see here by using single good quality fingerprints
99.4 true accept rate @ 0.01 % false accept rate
99.9 true accept rate @ 1.0 % false accept rate

When multiple fingerprints and face images (or even 3D-images) become available, the situation improves. In these systems bad quality images are not used. In practice when filling databases with real images, these will also be included, and results will drop down.





[i] TWA Nieuws, 43-2 www.twanetwerk.nl
[ii] http://www.forbes.com/home/commerce/2004/07/29/cx_ah_0729rfid.html
[iii] http://www.epcglobalinc.org/public_policy/public_policy_guidelines.html

Friday, May 06, 2005

May 2005

If I look back to april, it was a busy month, however there were also some moment of reflection. I had several meetings in our laboratory, and of course some casework. Leo de Waal, our director, changed position to http://www.martiniziekenhuis.nl the Martini Hospital in Groningen. Furthermore, I had also a flue this month, so my schedule was somewhat disturbed.

I had several meetings outside the laboratory. One meeting was for FIDIS www.fidis.net in Berlin. We discussed on the progress and the further planning. Of course, Berlin is a real nice city to be, and the last time I visited Berlin was more than 6 years ago. Many things change in Berlin, however the good atmosphere remains.

The other meeting was of ENFSI Forensic IT with the Joint Research Center in Ispra. We discussed on our meeting in Amsterdam of ENFSI and validation of software tools. The meeting with FIDIS, IOCE and ENFSI-FIT will be scheduled from 14-16 September 2005. http://www.enfsi.org/ewg/fitwg/agenda/10 is the agenda of this meeting.

For FIDIS I also had to finish some papers, however I appear to be late on the schedules. One paper was on identity theft of biometric properties. Of course spoofing biometric systems is included in this one, as well as other methods which might influence their actual work in practice. The other text I am currently writing is on profiling.

Of course I also had to spend some time as a chairman of the Engineering Sciences group of the American Academy of Forensic Sciences. I am also considering to organize a workshop on digital video and imaging with a revised program.

I also had a week vacation in Hurghada, Egypt. We went with Memphis Air, an Egyptian charter company, however had a delay of 10 hours on Amsterdam Airport (that are those delays where each several hours they will tell you the flight is further delayed, so you have to remain at the airport). Of course many persons complained and are trying the new EU-regulations on delays, however with a non-EU or non-US carrier this might be more difficult. The planes that they chartered were good, and on the return flight even excellent (a new airbus A320). Of course Hurghada was also nice, with possibilities to swim and dive, and to visit Luxor. I also had time to read the books I had no time for before. Some forensic books (I also like to read on different topics of forensic science, so this time I read the book Forensic Facial Reconstruction of Caroline Wilkinson).

May will be a month with many holidays. We will organize several meetings and workshops for the police, and the Queen of the Netherlands, Queen Beatrix, will open our new facility of the Netherlands Forensic Institute in the Hague, www.nieuwbouwnfi.nl on May 25th http://www.koninklijkhuis.nl/NL/nieuws/Persberichten/2281.html .

Thursday, March 31, 2005

April

Last month some thoughts on combining an IOCE www.ioce.org and ENFSI-Forensic IT www.enfsi.org meeting together with www.fidis.net FIDIS (1 day) in September in Amsterdam. I think this might work out, since we might share experience with personal certification and accreditation in the field of digital evidence, and of course look into the future of identification systems (like biometric devices, but also digital right management systems and future tracking in mobiles etc) together with the EU network of excellence.

In March I had to work on several cases (which I can not go in detail here). Furthermore many colleagues (including myself) had some symptoms that seemed like flue. There were also several official visits to our new building, and since I am involved in a project on biometrics, it appears that there are many questions from those visitors and much interest in this topic, since the new passport will have a biometric chip in it.

The FIDIS network of excellence www.fidis.net had a meeting in Berlin, which is a city that I like very much. We had to discuss the deliverables, and I think it was a good meeting, since we have our plans ready now. One of the other topics is also identity theft or fraud with the identity systems.

It appeared that our Prince-2 www.prince2.org project management system also had some good points : the end users will become more involved in the projects. The negative point I see at the moment is that the project plans are not easy to read and of course, more bureauracry.

Thursday, March 03, 2005

March

It was a busy but inspiring month. At the beginning of the month we had an open day for our relations for the new facility of the NFI. You can view this facility at www.nieuwbouwnfi.nl which is especially made for our Institute. It is a very transparant building, with labs on the outside and offices in the inner part.

Of course some casework, and deadlines of reports that have to be met. Projectplans that should be revised and other kind of administration tasks. Last week it ended with the American Academy of Forensic Science meeting in New Orleans. It was a huge conference with 3500 participants.

We organized a workshop on digital imaging with more than fourty participants. Furthermore I was secretary of the Engineering Sciences section, and now am Chairman of this section for one year. There were developments concerning establishing a digital evidence section, which is seen more and more in forensic science laboratories. In our lab we have 40 employees in this field, which is over 10 percent of the total population of the laboratory.

The week ended with the scientific session, and together with the general session it was on digital evidence. My colleagues of the NFI presented several papers from ear comparison, to three dimensional visualisation. I presented a paper on investigation of integrity of images and a paper on biometric devices.

Friday, February 04, 2005

January

It was a busy month, as usual. Too many things to do, and I have to rearrange my planning this month. The first thing I canceled was writing a chapter for a book, and I really did not like it, however I just had the problem that I did not have enough time for this. Too much fragmentation of time, and that does not work out well.

This month we had the SPIE meeting, and several other meetings to prepare. Some casework, and then I experienced again that small errors can be made in reports if you take not enough time for them. If fast reports are requested the chances are higher for errors. It is difficult for management, since the main topic is delivery time of reports (and on average it can take 60 days or so) and quality. Several trajects have been started to speed up the results for projects and reports. At final a human being has to write the reports and to do the investigation. Of course we are always double checking reports and other expertises with at least one other colleague, however still errors are possible.

Next month the AAFS meeting, so also some work for the AAFS in preparing handouts and the presentations. I am really looking forward to this meeting in New Orleans.

My email server had a problem last week due to high traffic. With my ISP I discussed, and finally we solved the problem with a new Dual Xeon server which could filter more of the emails, and even now I have new options for the hosting of Zeno' Forensic Site, so I am thinking on adding some of these features soon.