Needle in a haystack
GCN Lab Test: Image-Seeker helps you find what you want in huge sets of image files
- By Earl Greer
- Nov 02, 2007
The entertainment industry keeps driving the development of hardware and software to handle visual files, so it's no surprise that our hard drives are bulging with pictures and movies. Most of these files are legitimate items, such as pictures of products for sale and training films. But suppose one of the files flowing in or out of your network is a pornographic photo or, perhaps, a confidential patent drawing.
Image-Seeker is a software product for searching and retrieving visual assets when the volume of files is simply too large for an unaided human to handle. We tested the basic Image-Seeker to see what it was capable of. LTU Technologies also offers two related products: Image-Seeker for EnCase and Image-Filter.
The first step in installing Image-Seeker was to set up a Linux server on our network. Fortunately, we had a Red Hat 9 server available. The LTU Technologies Web site said this was sufficient, but the vendor representative said we had to upgrade to Fedora Core 4. This turned out to be easy. These versions are available free online, so we simply downloaded the new operating system and burned it onto CDs. In half an hour, we were upgrading the Red Hat server.
For our database, we installed the free PostGreSql. Oracle and Microsoft SQL Server 2005 are also supported. The Quick Start manual guided us in installing the Image-Seeker software. This should have taken only minutes, but we hit a snag and had to call LTU for help. The tech rep fixed our problem in less than a minute ' we had made an error while installing the database ' and we were rolling again.
Now we were ready to put Image-Seeker to the test at a Windows workstation. We pointed a browser to the Linux server, logged in to Image-Seeker and almost immediately got lost in the user interface. Some of the screens were easy to use, such as those for setting up users and administrators and configuring their rights, but the screens that dealt with the primary functions were not at all intuitive.
Unfortunately for us, even though the Quick Start manual had proved useful, the User Guide appeared to have been transliterated into English from a foreign language. We had to read each sentence three times to get the meaning. On the user interface, we could hover the cursor over each icon to get a brief label showing its use. But the online help merely brought up the manuals.
After stumbling around in the interface for some time, we finally called the helpful tech rep again and learned that customers normally receive about two days of training. After an hour of his competent tutelage, we felt ready to begin using Image-Seeker.Sorting the evidence
To start with, we wanted to simulate how a forensics investigator would use this tool to search through a large number of digital photographs. We had real evidence from pornography investigations, but only those who have had to do it know how tedious and depressing it is to plod through such evidence. We decided instead to use a pleasant set of 500 photos taken during a vacation to Hawaii, though the pornographic photos would be part of our test later on.
Our first step was to enroll the set of photos, which meant creating thumbnails and analytic data about the pictures and transferring the data to the server. At the workstation with the photos, we pointed a browser to the server and downloaded a utility program to handle enrollment. This program executed on the workstation and handily processed the dataset.
Now we were ready to work with the data on the server. The magic of Image-Seeker
is that it uses a formula ' secret, of course ' to summarize the characteristics of each photograph. The vendor calls this summary data the picture's DNA. Some customers share their DNA files with remote colleagues rather than sending them the visual files. These DNA files enable the colleagues to scan photos for pictures of interest without having to receive and store sensitive photographs.
Viewing a subset of the Hawaii photo thumbnails, we selected a picture taken in a hotel room and then we pressed a button to sort all 500 photos by color and content based on the selected picture. Instantly, the program presented us with the thumbnails neatly sorted by their relation to the first photo. Artificial intelligence is never perfect ' and neither is natural intelligence, for that matter. So we were not surprised to see a picture of central Honolulu at night included in the pictures of hotel rooms. We surmised that the box-like images of the skyscrapers coincided with the shape of a bed in the hotel room.
Next, we tried to fool the program. We made many copies of one photograph and then mangled the copies using, alternately, Nero PhotoSnap and Microsoft Paint. No matter what we did to the photos ' including resizing, flipping, rotating, changing colors, putting black boxes over the eyes and even scribbling mustaches on the faces ' Image-Seeker correctly sorted the copies. The interface displays a number over each thumbnail estimating how closely the picture resembles the selected one. As these values made clear, Image-Seeker was not impressed by our efforts to deceive.
But we wanted to see if the product could separate real-life evidence from innocent pictures, which would make it a fantastic tool for forensics investigators looking into computer crimes. We selected six pornographic pictures from an actual investigation and mixed them into the database with all those innocent vacation photos. We selected one of the porn images, and Image-Seeker correctly sorted the five other ones we had slipped into our pool, giving credence to the ability of the product to save time in sifting through mountains of visual data.
Image-Seeker sorted the vacation pictures behind the evidence photos, doing its best to match the porn picture. For reasons we could not fathom, one of the pictures was of the author eating a taco on Waikiki beach, hardly pornographic. But at least it had grabbed all the images it was supposed to. Having a false positive is a lot better than missing a vital piece of evidence.
Typically, LTU Technologies customizes its products for customers, frequently allowing them to use the program's application programming interfaces. Our basic Image-Seeker was not good at finding people in the pictures. At our request, the vendor arranged a demonstration in which we watched an Image-Filter user correctly find children's pictures in a set of photos.Versatile program
The flexibility of this product is surprising. When integrated with a Web crawler, it can detect illegal copyrighted materials on Internet sites. When integrated with enterprise content filtering and e-mail attachment monitoring software, it can block sensitive material from entering or leaving your networks.
Given the features and sophistication of Image-Seeker, we were surprised at the deficiencies in the User Guide and online help. We would like to see several of the interface pages made more user-friendly. Nonetheless, our overall impression was favorable. And LTU Technologies has informed us that the documentation will be revised in the coming months.
From experience, we can see how this product would save important time during forensic investigations. We are also impressed at how Image-Seeker is being used in Europe to find Nazi-era loot and detect falsely branded products being processed through customs.
Image-Seeker is pricy for what it does. But when customized to your specific needs, it could be priceless.LTU Technologies
, (202) 558-4955, www.ltutech.comGreer is a network security consultant who has conducted computer forensics investigations for a federal agency. He can be reached at [email protected]