Slide 1

“The Geek and the Gumshoe”

or

“Can Mathematics and

Computers Really Solve
Crimes?”

Michael “theprez98” Schearer

Frank “Thorn” Thornton

1
Slide 2

Introduction

2
Slide 3

Who are we, and why are we

here?

3
Slide 4

The Geek: Michael Schearer

 Fascinated by the application of
mathematics to real-world situations
 Recently separated from nearly 9 years in
the U.S. Navy (flying aircraft)
 Currently working for a U.S. government
contractor in Maryland (flying a desk)
 Contributing author to Penetration
Tester's Open Source Toolkit (Volume 2)
Netcat Power Tools (April 2008), and
maybe more!
 Football coach and proud father of three
4
Slide 5

When did Frank start as a cop?

5
Slide 6

Looking forward…

6
Slide 7

The Gumshoe: Frank Thornton

 Law Enforcement Officer, 1980 – 2002. Served
in a variety of ranks and positions from Patrol
Officer to Chief of Police. Also worked in VT
Forensic Lab on Latent Fingerprints and crime
scene investigations. Rated as a Class I
(Homicide) Death Investigator by Vermont’s
Office of the Chief Medical Examiner
 Hacking computers since ~1973
 Helped create ANSI Standard “ANSI/NIST-CSL
1-1993 Data Format for the Interchange of
Fingerprint Information”
 Author and co-author of a half-dozen books on
computer security. (Cheerfully blatant plug!)
7
Slide 8

Agenda
 Introduction
– Explanation
– Videos
– Perceptions
 Math, Computers & Crime
– Math in everyday life
– Math and crime-fighting
 Conclusions
 Questions & Answers

8
Slide 9

Police Investigations Are ALL

About Collecting Data

 Who
 What
 When
 Where
 How

9
Slide 10

Investigations differ from other

data collection in several areas
 Everyone lies to the police.
 Fact has to be separated from:
-Lies.
-Fiction.
-Opinion.
-Other false positives. (May be thousands)
 Eye witnesses have a high credibility with
prosecutors and juries, less so with cops.
 Everyone lies to the police.
 Failure can be dangerous to the public.
 Did we mention that everyone lies to the police?

10
Slide 11

Information = Data
This is sometimes recognized at some level.
Joseph Wambaugh, ex-LAPD Detective,
award winning mystery novelist and
screenwriter wrote this in The Black Marble:

“Clarence looked around at the roar of

activity, at the grinding paper mill. Paper
everywhere. Take away my gun and car,
but please don't take my pencils.”

11
Slide 12

Information = Data
“You walked in with
information and a
pretty face.

You can’t leave

with both.”

12
Slide 13

Doesn’t it really work like on CSI?

 The CSI Effect
 Perception and Reality
– DNA Testing
– AFIS Searches
– School-Associated Violence
– Cops are always doing exciting things like
getting in fights or shooting bad guys

13
Slide 14

So, knowing all that, what other

tools are available to help
investigations?

14
Slide 15

So let’s explore how math and

computer technology can help
with investigations…

“Time for science!”

15
Slide 16

Math is everywhere.
 Elections
– Voting, exit polls, voter identification/analysis
 Sports
– Statistics, sabermetrics, betting/sports book
 Lottery
– Probability (or perhaps improbability!)
 Math in advertising
– frequency atlas, Google advertisements, British
two pound coin

16
Slide 17

Billboard say what?

17
Slide 18

What is wrong with this picture?

18
Slide 19

Can Mathematics and

Computers Really Solve
Crimes?

19
Slide 20

Crash Reconstruction
 Collision evidence
– positions of rest, skid marks, roadway markings,
damage to vehicles, damage to property
 Other evidence
– Witness recollections, traffic control devices,
weather conditions, lighting issues
 Available specifications
– Newton’s laws of motion
 Collision reconstruction techniques
– Damaged-based
– trajectory-based

20
Slide 21

Image Deblurring
 “Enhance…enhance…enhance…”
 Blurring is typically caused by movement
during the capture process by the camera or
by the subject, or an out of focus lens
 Deblurring involves finding a mathematical
description of how the image was blurred

21
Slide 22

Image Deblurring

Before… After

22
Slide 23

Image Deblurring
A camera captured this image

Image deblurring produced this image

23
Slide 24

Deblurring Fingerprints
 A very touchy subject! By deblurring a
fingerprint, are non-existent details being
added to a latent print?
 Typically, any enhancement (fingerprint or
otherwise) must be verifiable and able to be
duplicated by another expert
 The risk in “crossing the line” is highly
dependent upon use of tools

24
Slide 25

Fingerprint Matching
 Different vendors use different algorithms
 10 different Fingerprint Individuality models
 Minutiae matching vs. Pattern matching
 Speed and throughput vs. accuracy
 Error rates
– Type I (FP, FRR) vs. Type II (FN, FAR)
– Crossover or Equal Error Rate
– Security vs. Forensic Science

25
Slide 26

Receiver Operating Characteristics

26
Slide 27

Fingerprint Classification

27
Slide 28

28
Slide 29

Escape Math
 Variables
– Time, Method of travel, Achievable speeds,
Traffic density, Traffic choke points
 Dijkstra’s algorithm
– Link-state routing protocols (OSPF), MapQuest,
Google Maps
 Random walks
– Calculate distance escaped POWs could travel
in WW2
 Trawler problem
 Drive-time calculations (MapPoint)
 Social network analysis (to be discussed
later)
29
Slide 30

Dijkstra’s
Algorithm

30
Slide 31

Random walks

31
Slide 32

Trawler problem

32
Slide 33

Narrowing the Suspect Pool

 Profiling
– Psychological/criminal
– Geographic (to be discussed later)
 Venn diagrams

33
Slide 34

Social Networks
 Social network analysis
– Google’s PageRank algorithm is an example of
network analysis
– Organized crime, gangs, terrorist cells,
individuals, other organizations
– Social relationships in terms of nodes and ties
– Determine the social capital of individual actors
 Things to consider
– Who are someone’s closest friends/associates?
– Where might that person flee to?
– Structural cohesion: could you eliminate a
specific individual from a group which could
cause that group to collapse?
34
Slide 35

Social
network of a
project team

35
Slide 36

Social network of 9/11 terrorists

36
Slide 37

Crime Mapping
 Choropleths
 Pin Mapping
 Hot Spot Analysis
 Geographic Profiling

37
Slide 38

France,
1829

38
Slide 39

London,
September
1854

39
Slide 41

Choropleths and Pin Mapping

 NYPD has used traditional pin mapping since
at least 1900
 University of Chicago researchers mapped
crime in Chicago neighborhoods (1920-30s)
 These methods of mapping helped to identify
relationships between crime and
neighborhoods, social disorganization,
poverty, and physical deterioration

41
Slide 42

Automated Crime Mapping

 Automated mapping began in the late 1960s
– Did not really “take off” until the 1990s
 Hot Spot Analysis
– Finding geographic concentrations of types of
crimes; finding causes for those hot spots;
aggressive policing in those areas
 Geographic profiling
– If psychological profiling tells you “who”,
geographic profiling tells you “where”

42
Slide 43

43
Slide 44

Hot Spot Analysis

44
Slide 45

Hot Spot Analysis

45
Slide 46

Geographic Profiling
 If Psychological/criminal profiling tells you
“who”, geographic profiling tell you “where”
 Suitable for serial crimes: murder, rape,
robbery, arson, predatory crimes
 Gives police a starting point from which to
narrow down lists of suspects
 Does not replace traditional investigative
techniques, but supplements them to help
manage the large volume of information
46
Slide 47

Geographic Profiling
 CrimeStat, Dragnet, Predator, Rigel
 Theory is based upon “journey to crime” and
“principle of least effort”
 “Journey to crime” varies among type of
crime, age, race, etc.
 Includes a buffer zone around the offender’s
home or base of operations

47
Slide 48

Saanich Serial Arsonist

48
Slide 49

Jeopardy Surface

49
Slide 50

Probability of Offender
Residence

50
Slide 51

GeoProfile

51
Slide 52

52
Slide 53

53
Slide 54

Some Other Examples

 Spherical Trigonometry: Determining
position on Earth based on two like
photographs (with a few caveats…)
 Prisoner’s dilemma: Is it better to cooperate
or defect?
 Steganography and covert channels:
Finding hidden information
 Predictive Analysis: Predicting the location
of a serial event
54
Slide 55

The Future is Now: RTTC

 26-member staff, on 24/7/365
 15 workstations, divided among teams of
officers
 Each team has a particular assignment, such
as homicides or shootings
 Satellite imaging
 Precinct-by-precinct maps
 Ties together information to solve crimes
 2-story tall projection screens

55
Slide 56

NYPD Real Time Crime Center

56
Slide 57

The Future is Now: RTTC

 Cognos data warehouse, using IBM OmniFind 8.2
on SUSE Linux blade servers
 Link Analysis Capacity can call up all known
addresses for a suspect and known associates
 When a crime occurs, any number of searches of
public records are then run:
– Over 5 million NYS criminal records, parole and probation
files
– Over 20 million New York City criminal complaints,
911/311 calls and summonses spanning five years
– Over 31 million national crime records
– Over 33 billion public records.
57
Slide 58

Conclusions

58
Slide 59

References
 Mark Bridger, Northeastern University
 Valdis Krebs @ orgnet.com
 David Weisburd and Tom McEwen, “Crime
Mapping and Crime Prevention”
 Dr. Kim Rossmo, Texas State University
 Rob Gebeloff, NJ Star-Ledger
 Dr. Raymond Chan, CUHK
 Mitsubishi Electronic Research Laboratories
 Zeno Geradts, Netherlands Forensic Institute
 Henry C. Lee and R.E. Gaensslen, Advances in
Fingerprint Technology, 2nd Ed.
59
Slide 60

Questions & Answers

60