Uncategorized

Top five digital video myths debunked 

With the explosive growth in digital forensics comes varying expectations and assumptions about how digital forensic analysis actually works. Magnet Verify is specifically designed to empower law enforcement and legal professionals to learn everything they need to determine the authenticity of a given digital video file. In doing this work, we need to clarify misunderstandings about how digital files work. 

Here are some common myths we encounter and how we discuss them. 

Myth #1: You can always accurately analyze the origin of video posted to social media 

The process of uploading a file to social media platforms such as YouTube, Facebook, Instagram, or Snapchat, actually involves the process of creating completely new files. Once this has been done, the ability to interact with the original pixels, file metadata, and structure is lost. At this point, we are analyzing a file created by the social media platform, not the originally submitted file. 

Myth #2: There is a metadata type called EXIF commonly found in video files 

The exchangeable image file format (officially called Exif) is a standard that specifies formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners, and other systems handling images and sound files. [1] (https://en.wikipedia.org/wiki/Exif). You’ll notice the absence of the word “video” in the above definition. The community that developed Exif did not define a schema for including such metadata within multimedia wrapper formats such as MP4, MOV, or AVI. Because of this, digital video files do not contain Exif data. They can contain many types of metadata, but they do not consistently contain metadata about source and provenance in the same way that digital image files commonly do. One caveat: if you tried really hard with an XMP embed, you could put Exif into XMP and then put XMP into a video file, but that doesn’t happen very often in the wild. 

Myth #3: Metadata always tells an accurate story 

Metadata isn’t really a singular thing. There are many ways we can extract data about a given file, e.g., filesystem information, external databases, internal embedded descriptive data, internal structural data, or calculated data about the file. Each data source has its strengths and weaknesses; but viewed as a whole, we can tell a story about the origin of a given file. Data purposely embedded within a file is extremely static and changes the least during the lifecycle of a given file. This data, because it is not usually governed by real-time code, is also susceptible to undetected modification. In Magnet Verify, embedded metadata is always cross-referenced with less flimsy data sources—such as internal binary structure—before we decide how much trust we will put in a given embedded metadata value. 

Myth #4: Social media sites “scrub” metadata 

We posted a story about this very issue recently in our blog: Getting to the source: Understanding metadata removal on social media. TL;DR: The lack of metadata in posted or transmitted media is a result of this data not being created when media files are optimized for storage, streaming, and/or transmission by a social media platform. The resultant media files are not the originally submitted files minus metadata. They have not been “scrubbed” during this process. These are completely new files, and the metadata values examiners and investigators are looking for were never created. 

Although the metadata from the originally submitted video file is no longer present in these new files, it is not accurate to say it has been “removed.” This understanding is important not only to describe why metadata is or is not present, but also to understand which files to acquire and the best way to examine them. 

Myth #5: Digital forensic tools provide black-and-white answers and results do not need to be interpreted 

At the end of the day, real people must interpret and act on results from digital forensics tools. Although Magnet Forensics works carefully to provide valuable automation assistance for our users, we know that at the end of our processes, we are delivering a set of results to a person who will need to review those results, and interpret them in the context of a specific investigation, and ultimately make a decision as to how they will leverage said results for downstream activities. 

To learn more about how Magnet Verify can help authenticate video files, contact sales@magnetforensics.com

Related Resources

Blog

Blog

AI in law enforcement and the future of digital forensics 

In modern criminal investigations, digital evidence—including emails, text messages, phone records, video footage, social media posts, and cloud-stored information—often holds more value than physical evidence. Artificial intelligence (AI) is rapidly

November 27, 2024 • About a 4 minute view
Blog

Blog

10 reasons you should be using cloud-based forensics solutions

The digital forensics and incident response (DFIR) landscape is in the middle of a revolution, thanks to the adoption of cloud-based forensic solutions. Some of the transformative benefits of cloud-based

November 5, 2024 • About a 3 minute view
Blog

Blog

That one artifact: Metadata’s role in a complex child exploitation case

In this series, Chad Gish, CID/SISU Detective, Metropolitan Nashville Police Department will delve into some noteworthy cases in his 26-year career, focusing on investigations that were either completely solved or

November 1, 2024 • About a 7 minute view
Resource Center Home

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.

Top