Back to Basics: As Deepfake Technology Proliferates, a Commitment to Traditional Forensic Authentication Techniques Emerges

Of late, Nardello & Co.'s Digital Investigation & Cyber Defense team has fielded several requests to analyze suspected deepfake or synthetic media. i.e., AI-generated audio, images, and video, frequently used for deceptive means. While we have seen examples of its use in financial fraud schemes, the legal community has seen an uptick in either its use, or allegations of its use.  Either way, digital forensic experts have been busy validating or invalidating such claims.  Press coverage of the topic has been keenly focused on its potential use to sway voters or disrupt elections as the two-thirds of the world prepares to vote in various political contests in 2024. 

Thus, it is no surprise that online deepfake validation tools have emerged which suggest that a user can upload a suspect image and, in short order, learn if the media is, in fact, a deepfake.  However, such analyses are not replicable and cannot be independently authenticated, meaning the results from such tools would not pass muster to be introduced in a legal proceeding .  

The forensic community is grappling with defining the practices that can be used to reliably conduct this type of analysis and provide results to a reasonable degree of scientific certainty.  There is no silver bullet:  as the technology used to identify this media evolves, so does the technology used to generate such media.  

One interesting trend has been a renewed commitment to tried-and-true digital forensic practices, including:

1. File Signature Analysis- an examination of the header and footer, or the beginning and end of a file, to validate the file identity.  In synthetic media analysis, validation can be completed by comparing the hexadecimal structure of the file to known signatures of the file structure of synthetic media generated by popular large language models, or LLMs.
2. Metadata Analysis- an analysis of the metadata, or information about creation and modification, of a file.  As highlighted, OpenAI is planning to release tamper-resistant metadata for media generated from their DALLE-3 tool.  Other LLM providers are looking to do the same. As more adopt a universal standard for synthetic media metadata, digital forensic analysis will greatly improve.
3. Chain-of-Custody- the documentation of the transfer of property. Some have suggested blockchain technology can document the entire chain of being for a piece of synthetic media, from the point of generation to its distribution in the world. 

It is important to remember that reliable analytic tools and authentication procedures can be applied even to the most cutting-edge, emerging technology.