Forensics of IP based security surveillance cameras

Abstract

Recent years have seen tremendous increase in crime and terrorism all over the world which has necessitated continuous surveillance of public spaces, commercial entities and residential areas alike. CCTV cameras are an integral part of any surveillance system and have evolved significantly along with other technological advancements in image processing, storage as well as communication through Internet. They are a vital part of any investigation that follows a criminal or terrorism incident by providing invaluable evidence. However, preservation of the integrity of digital evidence is of paramount importance and must be guaranteed to be admissible in a court of law. Despite their ease of use and deployment, IP cameras have some vulnerabilities that can lead to compromised integrity of their videos. In this research, we show that the Advance Systems Format (ASF) file used in most IP cameras, which is also the main file containing metadata about the streaming packets, is vulnerable to forgery. This file is stored in plaintext and any technically savvy person can forge it therefore, a mechanism is needed to prevent it. To that end, we have gathered critical artifacts from an ASF file of IP cameras and carried out their forensic analysis. The analysis has shown that we have successfully detected forgery / tampering of evidence in IP cameras. To the best of our knowledge, this is the first research effort focusing on the forensic analysis and detection of forgery in an IP camera’s ASF file.