Madison’s MedEx Forensics debunks deepfakes for police, New York Times
They say seeing is believing, but in an era of deepfakes and easy editing, there are plenty of reasons to question what you see in a video or photo. Police, attorneys, journalists and social media companies use an ever-evolving set of tools to fact-check videos, inspecting everything from the scene to the people to determine whether they are what they seem.
Write your awesome label here.
But what if you could figure out how trustworthy a video might be without even watching it? That’s the idea behind MedEx Forensics, a three-year-old Madison software company that helps its clients determine what kind of device or program created a video file and whether it has been modified since.
Short for Media Examiner, the company evaluates videos by analyzing the context, rather than the content. “We really are providing what we call provenance, or context, about a video file that can then prove or disprove claims made about that video,” said Bert Lyons, Medex CEO and co-founder. While many people know how to check a file’s metadata to see when or where it was made, the company’s software doesn’t use any of that, since metadata can be edited and it can get lost when a video is transferred.
Instead, the company’s software uses a patented process to compare the binary code of a video file to sample files from more than 1,200 devices and more than 180 software programs. In a small lab in its downtown office, the company has built a reference library that includes files recorded with cell phones, drones, doorbell cameras, surveillance cameras and more, as well as videos created with phone apps and deepfake platforms. “It’s kind of like a fingerprint library for devices,” Lyons said, comparing the process to the way forensic analysts compare DNA samples. Depending on the client, the video could be potential evidence in a criminal case (such as a video providing an alibi for a suspect, or documenting child sexual abuse) or citizen footage of a news event.
Police, journalists seek verification
Twelve million U.S. court cases each year involve video evidence, Lyons said. That includes videos submitted to the police by the public, such as those recorded with Ring doorbell cameras.“They need to prove that, yes, this was taken on a Ring doorbell and it hasn't been touched in any way,” said MedEx digital forensic consultant and research analyst Nicole Odom, who also works as a digital forensic investigator for the University of Wisconsin-Madison Police Department. “Proving everything that happened to a file from point A to point B is really important in forensics.”
That alone may not tell the client everything they need to know, but it can help narrow down a search or help clients prioritize when they’re sorting through with massive collections of video evidence, Lyons said. In one case in Kentucky, state police were investigating a trove of videos of child sexual abuse. They wanted to determine whether the person whose computer the videos came from had made the videos, which is a far more serious crime than possession. Knowing that could also help investigators identify and help any child victims. In one video, which didn’t contain illegal content, the detective spotted an instruction manual for a keychain camera. She gave a possible brand name and model to MedEx, where staff got one of those cameras, recorded sample videos and compared the files to the videos in question.
If the client’s video matches something in the library, the software tells them. If it doesn’t, that suggests that either it was made with a device not in the library, or that it was modified afterward. Sometimes, the results confirm the client’s theory about a video, such as when they’ve already been told it was recorded with a certain phone or downloaded from a certain social media site. Other times, the results disprove the theory, prompting further investigation or alerting them that the video could be suspect.
Short for Media Examiner, the company evaluates videos by analyzing the context, rather than the content. “We really are providing what we call provenance, or context, about a video file that can then prove or disprove claims made about that video,” said Bert Lyons, Medex CEO and co-founder. While many people know how to check a file’s metadata to see when or where it was made, the company’s software doesn’t use any of that, since metadata can be edited and it can get lost when a video is transferred.
Instead, the company’s software uses a patented process to compare the binary code of a video file to sample files from more than 1,200 devices and more than 180 software programs. In a small lab in its downtown office, the company has built a reference library that includes files recorded with cell phones, drones, doorbell cameras, surveillance cameras and more, as well as videos created with phone apps and deepfake platforms. “It’s kind of like a fingerprint library for devices,” Lyons said, comparing the process to the way forensic analysts compare DNA samples. Depending on the client, the video could be potential evidence in a criminal case (such as a video providing an alibi for a suspect, or documenting child sexual abuse) or citizen footage of a news event.
Police, journalists seek verification
Twelve million U.S. court cases each year involve video evidence, Lyons said. That includes videos submitted to the police by the public, such as those recorded with Ring doorbell cameras.“They need to prove that, yes, this was taken on a Ring doorbell and it hasn't been touched in any way,” said MedEx digital forensic consultant and research analyst Nicole Odom, who also works as a digital forensic investigator for the University of Wisconsin-Madison Police Department. “Proving everything that happened to a file from point A to point B is really important in forensics.”
That alone may not tell the client everything they need to know, but it can help narrow down a search or help clients prioritize when they’re sorting through with massive collections of video evidence, Lyons said. In one case in Kentucky, state police were investigating a trove of videos of child sexual abuse. They wanted to determine whether the person whose computer the videos came from had made the videos, which is a far more serious crime than possession. Knowing that could also help investigators identify and help any child victims. In one video, which didn’t contain illegal content, the detective spotted an instruction manual for a keychain camera. She gave a possible brand name and model to MedEx, where staff got one of those cameras, recorded sample videos and compared the files to the videos in question.
If the client’s video matches something in the library, the software tells them. If it doesn’t, that suggests that either it was made with a device not in the library, or that it was modified afterward. Sometimes, the results confirm the client’s theory about a video, such as when they’ve already been told it was recorded with a certain phone or downloaded from a certain social media site. Other times, the results disprove the theory, prompting further investigation or alerting them that the video could be suspect.