file000089

Computer Hacking Forensic Investigator Exam 312-49 Audio File Forensics

Module XXII Page | 2226 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Computer Hacking Forensic Investigator (CHFI)

Module XXII: Audio File Forensics

Exam 312-49



News: UCD to Lead Way in Audio, Video Forensics

Source: http://www.rockymountainnews.com/

Denver may become a Mecca for police nationwide and solve crimes by carefully analyzing audio and video evidence.

A professor at the University of Colorado at Denver has won $710,000 in Federal Earmark Grants to establish a new National Center for Audio/Video Forensics.

“Housed in UCD's Department of Music and Entertainment Industry Studies, the center would establish a ‘cutting-edge forensics center’ to spur new knowledge and methods in the field of audio and video forensics”, Professor Richard Sanders said.

Undergraduates, graduates, and professionals could learn the latest techniques in tracking phones used by prisoners, or discovering when someone is impersonating another's voice to move cash out of a bank account.

Voice biometrics would work in combination with fingerprints, DNA, and facial recognition to identify suspects.

The grant will give real-world research opportunities to students in recording arts, statistics, computer science, and the health sciences programs, Sanders said.

“It also will give local police, attorneys, investigators and homeland security officers access to state-of-the-art forensics technology,” he said.

Sanders' work in audio forensics was tapped by investigators working on JonBenet Ramsey’s case, the Kobe Bryant case, the Columbine High School shootings, and the Oklahoma City bombing trial.

The grants were awarded by the U.S. Department of Justice. Additional support came from the university, the international Audio Engineering Society, the American College of Forensic Examiners, the American Board of Recorded Evidence, and the National Law Enforcement Technology Center.



News: Audio Forensics Experts Reveal (Some) Secrets

Source: http://www.wired.com/

The conversation in traffic surrounding an urban parking lot was captured by a hidden surveillance microphone where the following were heard:

Slamming of the car door

Someone sneezing

Two voices, one male and a female voice

Allen, an audio forensic investigator, suddenly said, “Can anybody catch the sound that pops like a needle?” He enhanced the tape by editing this pop and no audio forensic expert at Javits Convention Center could find the other edit he made, as it was hidden behind a speaker’s cough and recognized using sophisticated software only. Allen says that this sneaky edit proves that audio evidence is sometimes difficult to find, and what forensic experts are paid for.

Sometimes, audio forensic examiners are asked to authenticate tape or audio in court that is used as evidence, such as undercover surveillance tapes made by the police, recordings presented by feuding parties in a divorce, or tapes from corporations seeking to prove employee wrongdoing or industrial espionage.

According to Catalin Grigoras, a forensic examiner from Bucharest, digital recorders that are plugged into electrical sockets capture the frequency signature of the local power supply, a signature that varies over time. He told the workshop how he uses the frequency signatures of the local electrical power sources to pinpoint when and where recordings were made using the software DCLive Forensics (by comparing power signatures captured on suspect recordings with the signatures stored in his database).

The technique can even be applied to recordings made with battery-powered recorders, as long as they use electret microphones: Because they act like capacitors, electret mics will register the electrical signatures of nearby devices.

In one case, Grigoras claims to have identified the date of a recording broadcast in Europe, but made in the Middle East, "probably in the mountains, or in a cave," he says. He did not mention any names, but it was hard not to think of Al Qaeda. Grigoras holds a Ph.D. in electrical engineering and performs forensic work for the Romanian ministries of justice and the interior.

Garrett Husveth, a court-approved forensic examiner, argued that audio forensics experts may soon find themselves on the front lines in fighting terrorism.



According to Husveth, child pornographers, drug dealers, and terrorist groups are starting to use aural steganography—a technique of hiding data in seemingly innocuous carrier files—to share information surreptitiously.

Husveth hid a Bruce Springsteen tune after the end-of-file marker on an MP3 containing James Brown's "I Feel Good." He pointed out that terrorists could use similar techniques to distribute secret files through file-sharing networks or email.

Audio forensics was born during WWII, when acoustic scientists investigated the possibility of identifying enemy voices on radio broadcasts. Their efforts were made possible by the newly invented sound spectrograph, a tool for graphing the frequency and amplitude of voice patterns over time.

The police soon began using sound spectrograms to identify voices for investigative purposes, and spectrographic evidence became widely admissible in courts of law.

The advent of digital audio made it far easier to tamper with recorded evidence, but it also gave investigators a host of new and powerful tools.

Improvements in forensic-audio software have given the field a big boost. Allen, for example, used a software package called EditTracker 2.0 to dissect his doctored recording. First he played the audio file for the audience and displayed its spectrogram on a projection screen. Then he punched a key on his laptop.

Within seconds, EditTracker had scanned the file and flagged a bunch of "feature discontinuities"—unexpected bumps in frequency and amplitude, miniscule gaps, and other unusual events. They are undetectable to the naked ear, but can indicate tampering.

The field has benefited from the popular glamorization of high-tech forensics work in general. Industry insiders call it "the CSI effect."

"It's changed demand and changed expectations," said Richard Sanders, a University of Colorado audio forensics expert who has consulted in cases ranging from the Oklahoma City bombing to the Columbine shooting.

Still, Allen stressed that the work of the audio forensics examiner is often slow and painstaking. An examiner may have to analyze a recording hundreds of times in order to determine whether it was fudged— and, if so, how.

Nonetheless, it pays well. According to his website, panel moderator Tom Owen charges a minimum of $4,500 to authenticate an hour's worth of digital or analog recording, and $2,500 to testify in court.

Then again, it's not the kind of thing anyone could do at home with a copy of GarageBand or Audacity.

"This is very complex work," said Allen. "It doesn't happen with the push of a button, like I saw on television the other night."



Module Objective

Audio forensics refers to the investigation of audio files that could be considered evidence. It not only involves the collection of audio evidence, but also provides various methodologies in order to preserve, analyze, and enhance the original samples. This module will familiarize you with the following:

Audio Forensics

Why Audio Forensics?

Fast Fourier Transform (FFT)

Methodologies

Audio Forensic Process

Sound Recordings as Evidence in Court Proceedings

Tools



Module Flow



Audio Forensics

Audio is an audible acoustic frequency that ranges from 20 Hz to 20,000Hz. It is considered evidence and is subjected to court proceedings if it is recorded at the event where a crime occurs. It is considered a useful tool for investigating cases. Audio recording is the process of recording acoustic signals with the help of any recording device. Often, recordings may be unclear due to background voices and low pitch of the speaker; they require analysis, evaluation, and presentation of the tape for gaining audibility and intelligibility of the recorded audio. This is called audio forensics, and it is performed by audio investigators.

“Audio forensics is the appellation for the engineering discipline involving the analysis, evaluation and presentation of acoustic evidence in a judicial inquiry normally leading towards a presentation in court.” It is also called an application of audio science and technology that helps to investigate and establish facts in criminal or civil courts of law.



Why Audio Forensics?

Audio forensics is necessary to solve cases where audio tape or recordings play a major role as evidence. Various reasons for performing audio forensics are as follows:

Audio tape verification and authentication: Tape verification and authentication is verifying and checking the authenticity of the audio, if it is being tampered with or not. It determines whether the tape is edited to change the meaning of the conversation or if the intelligibility of the audio present on the original tape has been tampered with.

Monitoring suspicious criminal targets: This involves placement of audio recorders to spy on people or suspects who can provide information that may be important to building the case.

Audio tape enhancement: Most recorded audio does not offer clarity in terms of what is spoken and who is speaking. Audio enhancement makes the audio audible and intelligible. This enables the court or the person listening to understand the conversation better.

Voiceprint analysis: This is analysis for voice identification. It involves comparison of one or more known voices to the unknown voice in the recording.

Tracking missed information: This involves tracking information on the tape that may have been missed.

Spying on employees: Employing audio recorders in the workplace can allow an organization to spy on its employees.

Audibility analysis: Audibility analysis is the analysis of the audio for better audibility of the voice in tape.

Detecting attackers: This involves strategically placing recorders in various places to try to detect attackers and attacks.



Use of Voice as a Tool

Recorded voice is considered a tool of evidence as no two voices share the same phonetics; in other words, no two people sound exactly the same. Investigators use this as an advantage and can solve cases by editing the original tape to increase listenability and intelligibility of the audio.

Scenario: Person X calls the police to report a murder. The cops rush to the place where the incident was reported, and does not find much physical evidence at the scene. The only thing they have is the anonymous call recorded. With this call, an investigator has something to proceed with. He/she can try to compare the recorded speech with a suspect’s phonetic components. If the court orders the suspect to provide a voice sample, the investigator can possibly be able to tell if the caller was also the murderer.



Fast Fourier Transform (FFT)

Fast Fourier Transform (FFT) is an algorithm used to analyze the authenticity of audio. It uses a “divide and conquer” approach where it breaks the audio signal into a time-frequency spectrum. It also checks for discontinuities in the audio spectrum.

For analyzing the authenticity of the audio, it generates two graphs:

Audio signal: The normal spectrum in a time-frequency form

FFT analysis graph: The graph that shows details of discontinuities in the audio signal spectrum

Figure 22-1: FFT Frequency Spectrum (Source: www.pcij.org)



Methodologies of Audio Forensics

Audio forensics involves various methodologies for making audio audible and intelligible; therefore, it is helpful as evidence in solving a case. Following are the methodologies of audio forensics:

Voice identification

Audibility analysis

Audio enhancement

Authenticity analysis

Sound identification

Event sequence analysis

Dialogue decoding

Remnant signal analysis



Voice Identification

Voice identification is the aural and spectrographic comparison of a known suspicious voice to the recorded voice. This helps in identifying the recorded voice. It involves voice print analysis using the T-F-A (time-frequency-amplitude) spectrogram of the audio signal through a spectrograph. It is easy to analyze and identify the speaker through the voice identification process as phonetic characteristics vary from person to person. It compares elements of voice such as bandwidth, fundamental frequency, prosody, vowel formant trajectory, occlusives, plosives, fricatives, pitch striations, formant energy, breath patterns, nasal resonance, coupling, and special speech pathology of the speaker.

It is used as evidence in a variety of cases such as murders, bomb threats, terrorist activities, political corruption, and so on. Following are the two factors that are involved in the analysis of speech through voice print analysis:

1. Determining the uniqueness of the voice depending upon the size of vocal cavities such as throat, nasal, and oral activities.

2. Determining the uniqueness of the manner in which the articulators or muscles of speech are manipulated during speech.



Pre-identification considerations for voice identification methodology are as follows:

Check whether the recording consists of a sufficient amount of voice for analyzing

Look at the quality of the voice

Check if the conversation volume is high when compared to the background noise



Audibility Analysis

Audibility analysis is analyzing the audio or recording to try to gaining better audibility. It is the reconstruction of an acoustic event to determine whether the event is audible for a person of average hearing ability. It checks whether the audio signal is audible or obscured by the noise or masking signals. It involves a signal-to-noise ratio evaluation, as it is necessary to check whether the event can be heard or obscured by the dominant acoustic (masking) signal.



Audio Enhancement

Audio enhancement is the technique of improving the quality of the audio in terms of listenability and intelligibility.

Listenability enhancement: Listenability enhancement is applying equalization, compression, amplitude increase, and limiting to make an intelligible audio signal more listenable.

Intelligence enhancement is breaking the audio into small portions/sections, processing them independently, and then assembling them. It is a complex process because initially the audio sample is de-assembled and after processing each section with different techniques it is re-assembled sequentially. Sometimes it reveals unknown audio events that might be important for solving the case. This procedure involves:

Spectrographic analysis

Complex de-convolution filtering

Wideband and multiband compression

Amplitude increase and limiting



Figure 22-4: Audio Enhancement (Source: http://www.mycert.org.my/)

The sound that makes the audio signal unintelligible is called noise and the main concentration of audio enhancement remains the removal of this noise. The types of noises that are removed or minimized through the enhancement technique are as follows:

Clicks caused due to the discontinuity while recording

Hisses caused due to the cassette tape

Engine noise caused by car cameras

Background noise recorded while recording a call

Hums, buzzes, and pop noises caused due to power sources

Ruffling sounds caused by recording the audio with hidden recorders



Authenticity Analysis

Authenticity analysis is determining whether the audio origin is the same as the acoustic event represents. It involves authentication verification of the recording by means of:

Aural analysis: Aural analysis is critical listening of the audio tape. It provides direction to the attorney/examiner by locating the sections of the audio to be physically inspected.

Magnetic tape development: Signatures such as start, stop, and pause that are like fingerprints can be detected when the tape recorder touches or leaves the magnetic recording tape. This magnetic tape development allows these signatures to be examined under microscopic magnification.

Physical inspection: Determines the condition of the tape and therefore inspects for any damage that would affect its functions.

Manufacturing date: Investigators also check the manufacturing date of the audio or recording to analyze its authenticity.

Spectrographic analysis: Displays recording in a frequency, time, and amplitude form of the spectrum. It clearly shows the gaps or alterations in the audio.

Waveform analysis: A waveform display is obtained when the audio recording is fed to the computer using any audio forensic software. It shows the time vs. amplitude form of a wave, which allows identification and comparison of audio recordings considering signatures.



Sound Identification

Sound identification is the comparison of unknown sound to known sound to identify it. It often requires original recording devices for comparison as the original recording characteristics can be observed in the exemplar recording. Sound identification techniques can be critical, for example, in determining whether a barely audible sound is a voice or an acoustic illusion caused by the recording device or an extraneous sound source.

Sound identification can be achieved by a device such as a spectrograph, which helps the investigator in comparing the unknown sound with the known one.



Event Sequence Analysis

Event sequence analysis is the analysis of the sequence of acoustic events in the recording that determines components such as time, frequency, and amplitude. This analysis can either verify or negate the authenticity of the recording. It also reveals absolute duplication of events.



Dialogue Decoding

Dialogue decoding is an extraction of the message or speech from the recording. It is based on voice patterns in a spectrograph. For example, if the spectrogram displays a broadband burst that has a frequency range of approximately 4500 Hz to 8000 Hz, one may reasonably assume this component to be some sort of sibilant sound such as an /s/ rather than a lower frequency vowel such as an /a/. Voiced (vocal chord movement) and unvoiced (no vocal chord movement) areas are graphically displayed, as well as are plosives, fricatives, occlusives, and formant patterns specific to certain vowels, consonants, diphthongs, and so on. All of these components help in the process of decoding.

Figure 22-5: Dialogue Decoding (Source: http://www.mycert.org.my/)



Remnant Signal Analysis

Other signal analysis involves analyzing the segment of audio that seems to be irrelevant to the investigation. It involves sonic events evaluation. The segment of audio/recording can be a disturbance caused due to the surroundings, background conversations, machine rhythms, reverberation, gunshot discharge signatures, and so on.



Integrity Verification of the Audio

Relying on audio (as evidence) requires investigators to verify the integrity of the audio/recording. Integrity verification of the audio can qualify or disqualify the tape for further proceedings depending upon its originality, that is, whether it was edited to change the meaning of the conversation or just edited for enhancement to gain audibility.

There are various tape editing technologies that allow editing of the audio recording to gain audibility. Electronic tape editing can detect acoustic irregularities in the audio through devices that can detect additions. Some alterations to digitized recordings are difficult to be traced, if they are copied on another tape. Suspicious acoustic events include the following:

Total loss of the audio signal

Change in the speaker’s frequency response during different telephone conversations

Spikes that provide audible sounds of short duration (attributable to normal stop, start, and pause functions of the recorder)

Editing options provide the ability to alter the recording into word processor mode. The traditional tape technique involves looking for alterations by checking and noting:



Unexplained transients

Equipment sounds

Extraneous voices

Inconsistencies with provided written information



Audio Forensics Process

Audio is considered evidence if:

The conversation is recorded during the occurrence of crime;

Or the conversation on the tape is providing information to solve the case

To examine and analyze the audio, it is necessary for an investigator to follow the audio forensic process, which is as follows:

1. Evidence handling

2. Preparation of exemplars

3. Preparation of copies

4. Preliminary examination

5. Conversion of analog to digital audio

6. Preparation of spectrograms

7. Spectrographic analysis



Audio Forensics Process: Evidence Handling

Evidence handling is one of the major steps involved in any forensic process. It helps investigators keep the evidence safe. Steps for evidence handling in the audio forensics process are as follows:

Gather all the tapes that are recorded and considered evidence

It is essential to identify, to maintain physical integrity, and to ensure the audio as evidence for forensic purposes

Critically listen to the original tape

Do physical inspection of the tape

Check to see if the tape has been tampered with

Document all the actions that are taken to protect the evidence



Audio Forensics Process: Preparation of Exemplars

Preparation of exemplars involves comparison of the original spectrum to unknown voice samples. Here, a suspect’s voice is recorded, where dialogue in the original recording is repeated and these exemplars are prepared by investigators.

Investigators even need to check the performance of the recorder used for the original recording. Conditions of recording and speech delivery must be duplicated for easy analysis. Therefore, analyze the exemplar to compare voice in the audio file with the voice of the suspicious person, which can provide voice identification.



Audio Forensics Process: Preparation of Copies

The steps to be followed in preparation of copies of the audio file are as follows:

Preserve the original recording for court proceedings

Create copies of recording so that the original tape is not corrupted

For voice identification, look for direct copies of the recording

It enhances the original recording, removing noise for better audibility

Playback of evidential audio depends upon track determination, azimuth alignment, speed accuracy, and the reproducer of the recording



Audio Forensics Process: Preliminary Examination

The steps for preliminary examination of the audio files are as follows:

Check the audio files that are to be examined

Determine the integrity and authenticity of the audio

Check whether the recording is original or modified

Determine if the known and unknown voice samples meet guidelines to allow further examination

Analyze the quality of voice samples by suppressing the noise or distortion



Audio Forensics Process: Analog to Digital Conversion

The audio forensic process involves analog to digital conversion or vice versa, depending upon the requirements. The steps to be followed by an investigator are as follows:

1. Convert analog audio to digital audio: In most cases, the audio that is submitted for court proceedings is analog audio, so use A-to-D converters such as successive approximation ADC, Flash ADC, Dual slope ADC, and so on to maintain its integrity.

2. Extract the audio, if it is digital and corrupted: The audio that is used as evidence may not be easily reachable or can be damaged or corrupted. Use tools such as Zune music recovery software for recovering or extracting the corrupted audio.

3. Check for compatibility of the audio file: Digital audio has many formats and if the format is not compatible, it is not possible to play the audio.



Audio File Formats

Source: http://www.fileinfo.net/

File extensions or the file formats used for audio files are as follows:



Figure 22-6: Audio File Formats



Audio Forensics Process: Preparation of Spectrograms

Preparation of spectrograms is necessary for the analysis of the audio. These spectrograms can be prepared using tools such as a sound spectrograph. It helps:

1. To identify the speech by formatting and marking the spectrogram.

2. In retention of the spectrogram, which is necessary until the completion of the investigation.

Figure 22-7: Preparation of Spectrograms (Source: http://www.pcij.org/)



Audio Forensics Process: Spectrographic Analysis

Spectrographic analysis is analysis of the audio signals with the help of a spectrograph. It involves pattern and aural comparison of the voice sample. Pattern comparison is the comparison of the original and enhanced samples for similar speech sound and the number of comparable words depending upon pitch and energy distribution. The steps to perform spectrographic analysis are as follows:

Perform pattern and aural comparison of the voice sample

Perform spectrum and waveform analysis of the audio signals

Check if any clues can be obtained from the comparison

Document all the actions and their results



Sound Spectrograph

A spectrograph is an automatic analyzer of audio signals. It is a basic instrument used for research studies on audio recordings. It displays these audio signals of the recordings in the form of a graph or spectrum. This spectrum lets the investigators know of any additions or enhancements made to the audio. The spectrum of the audio signal is displayed in the frequency and amplitude form where time is on the x-axis, frequency is on y-axis, and voice energy is in the form of a gray scale.

It is composed of four components, which are as follows:

1. A magnetic tape recorder/playback unit

2. A tape scanning device with a drum that carries the paper to be marked

3. An electronic variable filter

4. An electronic stylus that transfers the analyzed information to the paper

Figure 22-8: Audio Signal Spectrum (Source: http://www.mycert.org.my/)



Sound Recordings As Evidence In Court Proceedings

Sound recordings are considered evidence and can be helpful in solving cases. This evidence in courts should be accompanied by:

Testimony by the defense, plaintiff, or government witnesses of tampering or other illegal acts

A problem description should be complete, which includes the exact location of the recording, type of alteration, scientific test performed, etc.

The original tape must be provided as duplicate tapes cannot be authenticated and are not accepted for examination

Tape recorders and related components to produce the recordings must be provided

Written records of any damage or maintenance done to the recorders, accessories, and other submitted equipment must be provided



Audio File Manipulation

Evidence has the ability to change a judgment, and the manipulation of evidence can cause a criminal to go free. Factors that can cause alterations, tampering, or manipulation in a recording are as follows:

Deletion: Deleting unwanted portions of the audio by splicing or using a recorder

Obscuration: Involves distorting the recording, leaving the audio unintelligible is obscuration; it is used for masking audio

Transformation: Transformation is altering the portions of audio to change the meaning of the conversation

Synthesis: Generation of additional text such as background sound or conversation to original recording is called synthesis

These can be suspected with gaps, fades, transients, and equipment sounds that are audible in the altered recording.



Tools



DCLive Forensics

Source: http://www.enhancedaudio.com/

The DCLive Forensics tool analyzes, enhances, and improves difficult recordings using a system with a sound card. It is installed on the system with either the Windows XP or Vista operating system. Other operating system users need to use DC LIVE/Forensics SIX software. It consists of the following:

DSS filter: The DSS feature in the DC Live/Forensics software is a unique and powerful tool capable of recovering speech from recordings containing loud music or other coherent noise. Until now, a recording that was covered or masked by loud music was basically a lost cause. DSS decoding is designed to make it possible to attenuate this music and uncover the speech.

Adaptive filter: This filter is used largely in audio applications where the ambient noise environment is constantly changing and the filter coefficients must automatically change to maintain good intelligibility of an audio signal. The Adaptive filter adjusts itself to remove a modeled signal representing the unwanted time domain waveform while preserving the target signal.

AFDF forensics filter: The Forensics Adaptive Frequency Domain Filter (AFDF) is a variation on the basic theme of the Auto Spectrum CNF filter mode. The primary difference is that the



Forensics AFDF is optimized for forensics-oriented files and not “High Fidelity” files. It has a faster response time and a narrower effective bandwidth while producing higher levels of noise reduction at the expense of potentially producing higher levels of digital artifacts. The AFDF Filter is “Adaptive,” which means that it will automatically adjust itself to varying noise environments and no noise sample must be taken. It is fast and easy to use with little or no training, but can garner incredible results.

Polynomial filter: This allows mathematicians, scientists, and engineers to create their own transfer function using a polynomial expression. For those not so inclined, there is a plentiful assortment of presets to choose from.

Spectral filter: This filter allows you to create a very high-resolution frequency response contour using up to 32,000 bands of equalization by using FFT techniques. The user interface system is intuitive and allows you to zoom-in on a particular portion of the spectrum that needs accurate and specific frequency response contouring. By using the right mouse button, you can add bands, or delete them simply by pointing and clicking on the graph. This is very useful in forensic audio applications for removing in-band and out-of-band extraneous noises because of its high degree of frequency selectivity and its very steep slope characteristic.

Spectrogram: A spectrogram provides a method for displaying waveform data including Time, Frequency, and Intensity, all on the same graph. Time is represented on the horizontal (X) axis, frequency is represented on the vertical (Y) axis, while intensity (loudness) is represented by color or gray scale. The spectrograph displays itself in the destination window when this is checked. The spectrogram is calculated for whatever waveform is displayed, highlighted and zoomed in on in the source window, and is time aligned with the same.

De-Clipper: The De-Clipper can be used to repair signals, which were either clipped by digital or analog mechanisms. It performs its magic by detecting signals with very low or zero values of slope (user adjustable from 0–0.5) above a settable threshold amplitude value. When this condition is detected, the routine mathematically interpolates a new signal and replaces the zero slope portion of the bad waveform with one containing curvature.

Flashback recording: Flashback is primarily designed to be used in real-time intelligence gathering and forensics surveillance situations. It is a feature that allows you to go back and listen to something that you may have heard during real-time operation of the software that may be of immediate interest and needs rapid clarification.

Dual stream recording: It automatically logs an unedited raw version of the recording along with the enhanced version with a backup.

VOX Record activation: This feature allows the recorder to start and stop itself based on the presence or lack of presence on an audio input signal. The recording activation process is triggered by signal level sensing as determined by your setting of the Trip Level control. The record de-activation process is triggered by a combination of the signal level sensing system in conjunction with the Minimum Duration control setting.

Auto Date and Time Stamp: By checking the box labeled Automatic VOX Time/date stamp, Live will add a marker each time recording starts in VOX mode. This is useful in remote locations or for surveillance recording. By enabling this function, Live will record only when audio is actually present to be recorded, and each recording event will be marked with the exact time and date of the individual recording.

Unlimited Recording Time: Windows has an inherent 2 Gig limit for wave files. This can be a problem for very long recordings. With our products, the system automatically starts a new file every time the 2 gig limit is reached and never misses a beat.

Brick Wall Filter: Very steep digital filters used to attenuate signals that are interfering with a poor quality audio signal. These are FIR (Finite Impulse Response) filters that exhibit a very high degree of out-of-band attenuation.



Until DCLive Forensics was in existence, it was very difficult to analyze voice samples, but Live has made the work of investigation easy with its exemplary features.

The features of DCLive Forensics are as follows:

Higher resolution spectral filter offering a 32,000 band EQ: Filter sizes up to 65526 bands are now properly supported

Improved time domain adaptive filter: The stability has been greatly improved and the Normalized version of this filter is dramatically faster, especially at very large filter sizes

Popular formats of audio are supported: After the removal of noise and enhancement of recordings, the audio can be saved in any audio format, such as MP3, WMA, and even directly to CD

Tune library organizes investigator’s collection: One can organize files by case, by investigator, or even by the time depending upon the requirement. All files are presented in one easy to use display and one can play, edit, or burn them at any time

Impulse filter enhancements: Enhancements are done just to improve the facet of the impulse filters. One can notice enhancements down the line when each slider is moved. This involves the addition of a new check box that takes special consideration of brass and strong vocal passages that are used to confuse the filters and remove good audio. With this enhancement, impulse filters can be pushed to new heights for achieving better results over competing products

CD making is included so CDs are easy to make with a drag-and-drop system

Improved frequency ranges make waves, adding ultrasonic range (100 kHz)

Figure 22-9: DCLive Forensics



Zoom H2 Portable Digital Recorder

Source: http://www.zoom.co.jp/

The Zoom H2 Portable Digital Recorder provides brilliant stereo recording in an easy-to-use, ultra-portable device. It makes it easy for the user to record pristine audio in an infinite variety of applications. From seminars and conferences, to electronic news gathering (ENG) and podcasting, to musical performances, songwriting sessions, and rehearsals, the H2 provides amazing recording quality. No matter what kind of music the user performs or instrument the user plays, the H2 can effortlessly record it in high-quality stereo.

The features of the Zoom H2 Portable Digital Recorder are as follows:

Records in WAV 96kHz/48kHz/44.1kHz at 16-bit or 24-bit, MP3 to 320 kbps, and Variable Bit Rate (VBR) data formats

Built-in USB 2.0 interface

Time Stamp and Track Marker functions in Broadcast WAV Format (BWF)

Accommodates up to 4-GB SD memory cards

Auto Gain Control (AGC) for pristine recordings

Auto Start function means you're always ready to record

Low-cut filter eliminates wind noise

Figure 22-10: Zoom H2 Portable Digital Recorder



CEDAR for Windows

Source: http://www.cedar-audio.com/

CEDAR for Windows is a radical departure from audio restoration systems. It offers both multi-channel and simultaneous multiple-process restoration capabilities. It can be used in Windows applications such as audio preparation for DVD and surround formats, as well as for stereo mastering. CEDAR for Windows has been used and trusted for many years by national police forces and air accident investigation bureaus. It includes few modules, as follows:

Console

Declick

Decrackle

Dehiss2

NR-3 broadband noise reduction

Phase corrector

EQ and dynamics



Spectral analyzer

CEDAR for Windows: Console


The Console is a tool for the audio restoration process that controls up to 16 channels. It is the core of CEDAR for Windows, which manages each of the ProDSP boards in the system, allowing any ProDSP board to run any of the CEDAR for Windows audio modules.

Tthe features of the Console are as follows:

It permits series processing of a stereo signal using up to eight processes

Complex audio restoration

It allows the user to configure the system for parallel processing of up to 16 audio channels

It performs real-time restorations on 8-track and 16-track masters

It permits real-time processing for DVD-Audio and other “surround” formats

Figure 22-11: Console

CEDAR for Windows: Declick


Declick is an invaluable process that removes scratches and clicks that are encountered on audio files such as film, tape, or disk, whether analog or digital. It is an invaluable process when dealing with master tapes, film sound tracks, and videos. It eliminates up to 2500 scratches and clicks per channel per second.

It acts only on damaged signals, forwarding undamaged signals without any changes.



Figure 22-12: Declick

CEDAR for Windows: Decrackle


Decrackle is the effective process of removing crackles and buzzes caused by faulty wiring and electrical interference and surface noise, and reducing the unpleasant effects of distortion in the audio. Undamaged signals pass without any changes, leaving the audio with no distortion, no loss of transients, and no loss of ambience.

Figure 22-13: Decrackle

CEDAR for Windows: Dehiss2


Dehiss2 includes an algorithm that offers broadband noise reduction with neither spectral analysis nor offline processing. Though the algorithm is complicated, it is easy to use. Because it dispenses with complicated audio engineering procedures, its simplified user interface allows experts and non-expert users to obtain excellent results with the minimum time and effort spent.

With just three Dehiss controls and a learning curve of minutes, it is not only one of the most effective, but also the simplest, quality noise reduction packages.

Figure 22-14: Dehiss2



CEDAR for Windows: NR-3 v2


NR-3 v2 is powerful and flexible noise reduction system for speech and music developed for the audio and video industries. It incorporates CEDAR's unique perceptual models and noise profiling, which help the user to detect and eliminate more of the unwanted noise than can be removed using other methods, but with little or no effect on the genuine signal.

The process also allows the user to define multiple noise reduction setups and select between them in real time (for processing scene changes), or progressively move between them to cope with changes in the noise content of the recording. With its 512-band Spectral Analyzer, 512-node FIR Equalizer, and unique "Noise Free Equalization," NR-3 will rescue recordings that just a few years ago would have been considered unusable. Noise Free Equalization also ensures that dehissed material can retain all the brightness and ambience perceived in the originals.

Figure 22-15: NR-3 v2

CEDAR for Windows: Phase Corrector


Phase Corrector improves mono compatibility and stereo imaging, extends high frequencies, and tightens bass response of the audio signal. It will automatically identify and correct errors—without any user intervention—to an accuracy of 0.2 samples. It will then track any changes in the error, dynamically updating the amount of correction it applies at any given moment. In addition, a manual mode allows users to shift a signal by as little as 0.01 samples—a tiny offset of just 0.2 microseconds. This makes it possible to improve the frequency response and imaging of audio that cannot be restored using EQs, dynamics processors, or any other audio processes.

The latest version of the Phase/Time Corrector incorporates a faster, more accurate Lissajous display, and an improved tracking algorithm that locks on to phase errors more quickly than ever before.



Figure 22-16: Phase Corrector

CEDAR for Windows: EQ and Dynamics


EQ and Dynamics provides up to 16 channels of dynamic processing and equalization with multiple processes per channel. D/EQ allows the user to select the number of nodes in your curve—it does not limit you to a high-pass, a low-pass, and a handful of parametric EQs. Furthermore, D/EQ offers a remarkable frequency accuracy of 0.1Hz, and the parametric nodes offer a superb Q of 100 at 50 Hz. The shelving filters are maximally flat in the pass-band and the stop-band, and offer roll-offs of up to 100 dB/octave.

It allows creating custom dynamics processors using any combination of the following processor types:

Compressor

Limiter

Downward expander

Upward expander

This allows crafting almost any dynamics response individually for each audio channel. Every processor has an independent threshold, ratio (where appropriate), and envelope, and an “advance/delay” feature makes D/EQ more transparent than conventional devices or software. Its accuracy and flexibility make it particularly well suited to mastering and forensic applications.



Figure 22-17: EQ and Dynamics

CEDAR for Windows: Spectral Analyzer Source: http://www.cedar-audio.com/

Spectral Analyzer analyzes the spectrum of the audio signal. It consists of 1023 parametric equalizers that can have their spacing and bandwidths tailored by the user.

Figure 22-18: Spectral Analyzer



Audio File Forensic Tools: DCVST

Source: http://www.tracertek.com/

DCVST is a plug-in based on the Automatic Forensic Adaptive Filter (AFDF) that is found in the Continuous Noise Filter DC LIVE/Forensics. It is designed to help you quickly and easily dig deeply into an audio file filled with noise and pull out a single voice or conversation. It constantly changes during operation and can adjust on the fly to noisy environments. Since this filter is almost completely automatic, little or no training is required to begin getting excellent results, the moment it is installed.

The Forensics Adaptive Frequency Domain Filter (AFDF) is a variation on a standard Adaptive filter. The primary difference is that the Forensics AFDF is optimized for forensics-oriented files and not “High Fidelity” files. It has a faster response time and a narrower effective bandwidth while producing higher levels of noise reduction at the expense of potentially producing higher levels of digital artifacts.

Figure 22-19: DCAfdf

Audio File Forensic Tools: Advanced Audio Corrector

Source: http://www.avlandesign.f2s.com/

Advanced Audio Corrector removes phase distortions in high-quality audio files before coding them to MP3 format. It works in a batch mode.



Description: If during manufacturing of an audio soundtrack there is an analog stage (recording to a tape or to a gramophone disk in an analog mode), an inevitable consequence will be the appearance of a phase shift between stereo channels. In an uncompressed soundtrack, these distortions are inaudible but only become apparent when stored in a compressed format (for example in MP3 Joint Stereo). These distortions are heard as unpleasant high-frequency sounds.

Advanced Audio Corrector allows removing phase distortions in high-quality audio files (WAV, 16-bit Stereo) before coding to a format MP3.

System Requirements: Pentium-100, 16 MB RAM

Figure 22-20: Advanced Audio Corrector



Audio File Forensic Tools: Acoustica

Source: http://www.acondigital.com/

Acoustica records, edits, and processes audio on a system. It removes noise, add effects, and burns CDs or DVDs. It is an ideal solution for audio editing and mastering where users can open or save files in different formats including wav, wma, ogg, mp3, and so on.

Figure 22-21: Acoustica

Audio File Forensic Tools: Smaart

Source: http://www.eaw.com/

Smaart is software designed for real-time sound system measurement, optimization, and control software for both Microsoft Windows and Mac operating systems. It performs dual channel FFT-based audio measurement in an intuitive, accessible interface that seamlessly integrates measurement, analysis, and data logging. It can also remotely control an extensive, constantly expanding list of professional equalizers and DSP processors.



Features:

Runs native under both Mac and Windows

Powerful new architecture and streamlined interface

Now operates with ASIO multi-channel input devices

New real-time measurement mode and enhanced Impulse Response mode

Increased data storage and display capability

Expanded Signal Generator functionality

Figure 22-22: Smaart



Audio File Forensic Tools: DNS1500


The DNS1500 Dialogue Noise Suppressor suppresses noise content from recordings or live surveillance and curbs excessive reverberation. It is capable of reducing or even eliminating the noises from sources such as air conditioning, aircrafts, traffic, and other extraneous environmental noise. It enhances the audio in terms of both listenability and intelligibility, thus helping forensic investigators.

Other “dynamics” processes generate pumping, distortion, and other unnatural effects, and encode/decode processes, when used in this way, simply act as dynamic processors.

The features of DNS1500 Dialogue Noise Suppressor are as follows:

It cleans up speech recorded in noisy environments

It is quick and simple to use

It is suited to situations where computer-based restoration and enhancement is found inappropriate

Figure 22-23: DNS1500 Dialogue Noise Suppressor



Audio File Forensic Tools: DNS2000


DNS2000 is an implementation of DNS1000 technology designed specifically for use in forensic laboratories equipped with Pro Tool Systems.

The features of the DNS 2000 Dialogue Noise Suppressor are as follows:

It removes background noise from recordings and live transmissions

It removes motor noise from small covert recorders and eliminates electrical interference

It compensates for unfavorable acoustic conditions and poor microphone placement

It suppresses excessive reverberation

DNS2000 Remote Control Software runs on most Mac-based Pro Tools Systems, providing a fast and intuitive user interface based on CEDAR's award-winning DNS1000 Dynamic Noise Suppressor, itself a standard for audio forensic applications. The software controls all aspects of the DNS2000, and automates its operating parameters.

Connected to its Mac-based Pro Tools host using a USB cable, the DNS2000 processor provides the DSP and the 24-bit I/O for the system. Housed in a 1U rack, it offers a remarkable 198 MFLOPS of floating-point power, and will process two independent channels simultaneously.




Audio File Forensic Tools: DNS 3000


DNS3000 is automated dialogue noise suppression system with scenes, memories, moving faders, and pro-tools integration.

The features of the DNS 3000 Dialogue Noise Suppressor are as follows:

On-board scenes with a simple and intuitive recall system

Automation to LTC time code

Moving faders and sample rates up to 96 kHz

Ensures that there is no loss of lip-sync

Eliminates all manner of noises from recordings and live transmissions




Audio File Forensic Tools: M-Audio MicroTrack 2496

Source: http://www.m-audio.com/

The M-Audio MicroTrack 2496 is a rugged high-fidelity mobile two-channel digital recorder that records WAV and MP3 files to CompactFlash or microdrives that is perfect for everything from professional field recording to corporate meetings, training, education, and worship. Record via balanced line inputs or built-in high-fidelity microphone pre-amps complete with phantom power for studio-quality microphones. Connect MicroTrack to a PC via USB and simply drag and drop recordings to your computer for immediate editing or web posting. Power derives from a lithium-ion battery, and the unit can recharge via the computer’s USB connection or USB power adapter. The MicroTrack combines quality beyond that of DAT recording with the convenience and cost-effectiveness of personal digital recorders for the ultimate solution in mobile recording.

Tthe features of the M-Audio MicroTrack 2496 portable digital recorder are as follows:

Twol-channel WAV and MP3 recording and playback for pro recording, meetings, training, education, and worship

Storage via convenient CompactFlash or microdrives

Immediate drag-and-drop file transfer to PC and Mac via USB 2.0 mini- connector

Powered via USB, rechargeable lithium-ion battery or power supply (both included)

Separate left and right input level controls with signal and peak indicators

Professional balanced 1/4" TRS inputs with mic/line switch

Digital I/O supports surround-encoded AC-3 and DTS passthrough

Dual microphone preamps with phantom power for studio microphones

1/8" TRS input with 5V power for use with stereo electret microphone (microphone included)

S/PDIF coaxial input for digital transfers

Monitoring via RCA line outputs or 1/8" stereo headphone output

Stereo output level control

Large LCD for navigation and statistics

Dedicated buttons for navigation, record, hold, pause, delete, menu, and power

Includes CompactFlash card



Figure 22-26: M-Audio MicroTrack 2496 Portable Digital Recorder Audio File Forensic Tools: Cardinal

Source: http://www.digrec.com/

Cardinal takes forensic audio processing and analysis to the next level. Fully integrating the capabilities of both hardware and software, Cardinal seamlessly handles forensic analysis and processing of all analog and digital media. Cardinal represents productivity enhancements through a seamlessly integrated audio workstation environment capable of blending the merits of superb audio filtering with comprehensive speech and signal processing

Features of Cardinal are as follows:

Multi-tasking: Productivity-enhancing features such as asynchronous “batch-mode” processing will allow multiple jobs to be handled simultaneously

Power: The powerful AccelCore external processor hardware, based on the Analog Devices TigerSHARC floating-point DSP, provides all audio I/O and performs lightning fast regardless of workload

Handles All Media: Common analog and digital media formats, including file-based media, can be handled directly

Seamless Integration: Both Direct-X and VST plug-ins are supported within the Audio Lab environment. Audio Lab replaces the Master Control Panel found on previous products and allows software-based tools to be mixed and matched with others that are AccelCore-based. Further, the entire setup can be preserved in a single file for easy recall and repeatability at a later date

Flexible and Intuitive Interface: The redesigned graphical user interface is easy to navigate, allowing for quick filter setup, recall, and adjustment

Better Results: DAC’s proven methodology and built-in scientific approach help produce results that win cases and survive legal challenges. It offers advanced filtering precision and ASCLD reporting

Figure 22-27: Cardinal



Audio File Forensic Tools: JBR 4 Channel Microcassette Playback/Transcriber Unit


The JBR 4 Microcassette Playback/Transcriber Unit was specifically designed to "safely" and "accurately" play all known ¼-track stereo and ½-track monaural micro-cassette recordings.

Transcription:

In addition, the unit has a foot pedal to control the Play, Stop, and Backspace, and a variable speed control and multiple headphone outputs to aid in efficiently and accurately transcribing hard-to-understand covert recordings.

Copying/Duplication:

Adding a standard cassette dual-deck recorder and the optional duplication control unit creates a professional quality micro-cassette-to-standard cassette duplicator. Adding a CD-Recorder in addition to or in place of the cassette recorder creates a micro-cassette-to-CD-R duplicator.

Special Features:

The JBR Micro-cassette playback unit has two playback heads. The right head is located in the standard position. The left head is located 3/4 of an inch before the standard head location. Therefore, this head plays approximately 3/4 inch of virgin tape, then the original record head start transient, followed by the original erase head start transient and the exact point where the audio starts being recorded on the tape. This set of data is crucial in determining if a tape recording is authentic or has been changed or altered. No other known micro-cassette playback unit can recover this set of data.

Audio File Forensic Tools: JBR Universal DVD/CD Player/Transcriber Unit


JBR's Universal DVD & CD Player/Transcriber is specifically designed and optimized for playing and transcribing all CDs (MP3 and WMA encoded) and most DVDs. This unit has features that will enhance the efficiency and accuracy of the transcriber. If the track and time information is entered in the transcript, a cross-reference is generated that enables the reviewer to check the accuracy of any transcribed statement or conversely determine if any statement heard is accurately transcribed.

Following are the features of JBR DVD/CD Player/Transcriber Unit:

Dual headphone outputs with limiter

Foot pedal control of Play and Skip-back



Near perfect performance

Plays both 3" and 5" diameter CDs.

Plays CD-Rs, CD-R/Ws and CD-Audio and MP-3s encoded at 32 kilobits-per-second (kbps) to 320 kbps

WMA (Windows Multi-media Audio) encoded at 48 kbps to 192 kbps

Plays DVD-RAM and DVD-Audio

Limiter to protect listener's hearing



Summary

Audio forensics is the name of the engineering discipline involving the analysis, evaluation, and presentation of acoustic evidence in a judicial inquiry normally leading towards a presentation in the court

Voice comparison standards involve evidence handling; preparation of exemplars, copies, and spectrograms; preliminary examination; and spectrographic analysis

Integrity verification of audio is necessary to qualify or disqualify a tape for further proceedings

Sound recordings are presented as evidence in court proceedings

Audio forensics involves various methodologies that enhance audio to gain audibility and intelligibility

DCLive Forensics is the audio forensics tool that analyzes, enhances, and improves difficult recordings using a system with a sound card



Exercise:

1. What is meant by the term “audio forensics”?

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

2. Why is audio forensics necessary in solving computer crime cases?

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

3. Briefly describe the Fast Fourier Transform (FFT) algorithm.

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

4. Discuss various methodologies of audio forensics.

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

5. Explain how integrity verification of audio helps the investigator to verify the integrity of the

audio/recording.

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

6. Discuss the audio forensic process.

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________



___________________________________________________________________

___________________________________________________________________

7. Describe the spectrograph and its advantages.

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

8. Explain how sound recordings are helpful in solving computer crime cases.

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

9. What are some of the factors that can cause alterations, tampering, or manipulation in a

recording?

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

10. Discuss various tools associated with audio forensics.

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________

___________________________________________________________________



Hands On

1. Visit http://www.law.cornell.edu/ and read about federal rules of evidence.

2. Visit http://expertpages.com/ and read how to use voice as a forensic tool.

3. Visit http://www.enhancedaudio.com/ and read about audio forensic techniques.

4. Download audio forensics tools from http://www.tracertek.com/, and run and check your

results.

file000089

Technology

audio forensic investigator

audio forensics experts

audio forensic expert

audio file forensics

audio file forensics

audio evidence

forensic investigator

field of audio