Overcoming challenges in video authentication for law enforcement

Public evidence submission portals are a game changer for frontline police officers and investigators. Officers and detectives no longer need to deal with the challenge of obtaining individual video files from cellphones or other digital devices, only to face the additional challenges of storing and sharing video evidence. Citizens can now receive a link from an officer to send video files to online platforms where they can be easily stored and shared to further investigations and prosecute offenders.

Imagine you are a patrol officer responding to a reported restraining order violation. The victim shows you a 45-second, iPhone-recorded video of their ex-girlfriend in a local parking lot engaging in conversation with the victim—an obvious violation of the order. You then obtain the victim’s cellphone number and transmit a public evidence submission portal link to their iPhone. Once at police headquarters, you review the video again and charge the ex-girlfriend with violating the restraining order. A situation which once created inconvenience and inefficiency in obtaining critical video evidence is now completed in a matter of seconds.

Fast forward 18 months when you receive a subpoena for the trial in this case. You don’t think much of it since the video evidence makes it an open and shut case. That is, until you are on the witness stand and are asked by the defense, “Where is the rest of the video footage of the incident?” It is then alleged that the victim in the case approached the defendant in the parking lot and there is an extended recording of the defendant trying to get away from her ex.

How do we effectively authenticate the video evidence that was sent to you? What can we rely on to ensure that the video is an accurate representation of what was originally recorded? How do we answer these questions when the “original” video recorded on the iPhone may have been deleted more than a year ago?

The problem

Current approaches to video authentication rely primarily on content analysis (does the video look real?) and metadata analysis (does the metadata show signs of editing or manipulation?). Since the content that appears in this video does not give any indication of editing, we must rely on the file’s metadata to gain additional insight as to its authenticity. The problem in this scenario is that the public evidence submission portal that makes it easy and efficient for law enforcement to obtain video evidence also creates unique challenges to authenticating the video. Recent research¹ has found that video files recorded on iOS devices and transmitted through a public evidence portal are not consistent bit-for-bit with the original video file found on the device. These changes to the file and its metadata may make it impossible to identify editing, trimming, or other manipulation of a video that has been collected through a public evidence submission portal using current approaches.

It should be noted that the video submitted to public evidence portals will not be bit-for-bit identical but will be visually identical to the one finally transmitted from a citizen’s device. This is good for maintaining the quality of the displayed imagery for review of the submitted video file. However, the metadata and structural changes that happen to the file during the acquisition process hamper the ability to tell if a file has been altered or edited prior to submission. These challenges do not exist today when law enforcement has direct access to a citizen’s cellphone and can capture device filesystem metadata with video files. For example, a video file that has been trimmed or edited on a cellphone prior to upload would look visually identical to a true camera original video file when it is viewed in a public evidence submission portal. The receiving officer would not know if the file has been altered prior to submission.

Our solution

At Magnet Forensics, we have investigated the structural and metadata changes that occur when video files have been transmitted to public evidence portals. We have found that the changes are not actually attributable to the public evidence portal itself, but to the interaction between the operating system on a cellphone that is storing video and the mobile browser application used to transmit the file to the portal from the phone’s Photo Library². The good news is that Magnet Verify’s approach to video analysis does not have the same reliance on metadata values as current approaches. Verify’s approach to video authentication will quantitatively identify prior editing, trimming, or other manipulation of video files transmitted through these portals. This allows an officer or detective to definitively authenticate video evidence for use in investigations and in prosecutions.

As more agencies rely on public evidence portals, authentication of video evidence will become increasingly important.

More information

Magnet Verify provides examiners with the newest automated tools for digital media authentication, source detection, and provenance analysis. Its patented approach to examining media provides investigators and prosecutors with reliable insight into digital evidence.

To learn more about how Magnet Verify can enhance your daily workflows, contact our sales team at sales@magnetforensics.com.

¹J. Valenzuela, “Validation Testing of the Multimedia Created and Transmitted by the Axon Capture Mobile Application for Apple iOS.” ProQuest Dissertations Publishing, 2022.

²Our research shows that these metadata and structural changes only occur when a user selects files from their “Photo Library” to upload; the issues do not exist when a user selects the “Choose Files” option.  It should be noted that to select a file using the “Choose Files” option the user must first locate and select the video in the Photo Library, select the “share” button for that video, and select “Save to Files.”Once saved as a file the user can select the file in the “Choose Files” option and the mobile browser upload process can begin. However, whether the “Photo Library” or “Choose Files” option is selected, the same authentication issues introduced in this blog post are present.