by James Zjalic
The subject of authentication is important across the entire digital forensic field and we as examiners have various weapons at our disposal in which to defend against the onslaught of manipulators, liars and charlatans. Authentication is frequently amongst the first steps in creating a robust chain of custody for evidence received and can also be an investigation in and of itself. In no field is this more evident than that of audio forensics, where the ubiquitous rise in consumer audio software has caused the proliferation of attempts at the removal or editing of digital evidence.
There are various techniques within audio forensics to authenticate a recording and many are borrowed from areas such as computer and image forensics. One method that is individual to audio forensics is that of ENF or Electric Network Frequency, or as sound engineers like to refer to it: ‘hum’ . Discovered in in Europe by Romanian Dr Catalin Grigoras –, it is based on fundamentals of the National Power Grid system. The grid operates through AC (Alternating Current) around 50Hz in Europe and 60Hz in the US, and these alternations occur on miniscule timescales and frequencies with a maximum standard deviation of around 0.5%. When a recording is made using AC current, or within the vicinity of AC current, there is the potential that the ENF component will be captured by the recording device .
The fluctuations in current are completely random as they are based on the difference in power consumed vs power available on a grid. Imagine at 5pm everybody leaves work and jumps on the train, draining power from the national grid and causing the frequency to drop slightly in the process. The power company then puts more power into the grid to make up for this offset, causing the frequency to rise slightly. This constant battle leaves a signature on a recording that if compared against a database that is recording the component 24/7 365 days a year, can show the date and time the recording was made and if there are any areas of the ENF component that have been doubled or removed (showing a manipulation). It can also show the general area in which a recording was made as the changes in ENF have been shown to be specific to a power grid. For example, the US has 3 grids [Fig. 1]: the east coast, west coast and strangely, Texas. Japan also has 3. Australia has 2. The UK has 1. It has been shown that a recording made in Denver has the exact same signature as a recording made in Las Vegas .
This all sounds relatively simple, until you consider that to record an ENF database you need to be running a large-scale computer, dedicated to the task of recording ENF 24 hours a day, 365 days a year. No other processes can be run on the ENF computer as this may cause latency or data write issues with the recordings. As this requires space, power, money and dedication, the labs that collect ENF are often unwilling to share data from their databases. Wouldn’t it be simpler if we could just plug a small device in the wall that could capture the database autonomously, saving on the space, power and dedication it takes to maintain a database?
Recent research into this area has produced a device that does just that.
Creating a device like this begins with a method to capture the ENF coming from the plug sockets. To do this a small probe is used, composed of transformers, resisters and diodes, thus bringing the output of the plug socket down to a level that won’t clip or distort the audio or blow the soundcard to bits. Next comes the system to actually record and process all of this data. This utilises the power of the Raspberry Pi microcomputer. For those that are unfamiliar, they were originally developed in 2012 to educate children on computer programming, but have since been taken on by researchers and hobbyists due to their low cost and high specifications. This computer can operate wirelessly, record up to 24 bit, 96kHz PCM with the help on a soundcard addon and can process all of this data at a cost of just $3 per year in power consumed. A power supply enclosure is then used to house all of these components, including a plug output that powers both the Raspberry Pi and the ENF probe. This is then plugged into a plug socket and the installed software then begins the process of recording the ENF component, organising files and storing the data (Fig. 2).
Now that recording can take place, where does all of this data get stored considering if we are to record at 8kHZ, 16bit PCM this will yield around 500GB per year? This is where the cloud comes in. Sending the previous day’s recording each day at 03:00 to a secure, encrypted cloud allows the device to operate remotely without the need for hard-wired storage devices. This not only saves space but also means they can be installed in remote locations, steadily compiling databases from across the world. A user requiring a piece of their database to run authentication analysis can then simply login to the ENF cloud and download the data. An administrator oversees the database and performs such tasks as backing up the data and general maintenance of the database [Fig. 3].
Tests in the UK have shown the device to have low SNR and extremely strong correlations (CC = 0.98989, MQD = 0.0052794) with a database also recording the data on a large scale computer over 100 miles away [Fig. 4].
Now imagine the release of an extremist hostage video filmed in what appears to be the desert but with no indication as to where it was recorded and when. As databases have been collected from around the world and uploaded to a single destination, analysis can now be run against all ENF databases from around the world in one go. A match is found detailing the video as being recorded 2 days ago on the Texas grid, changing the focus of the investigation entirely.
The vision in having a device that allows the construction of an ENF database of databases is an increase in research opportunities, more collaboration between laboratories, and hopefully catching some bad guys in the process. If you are interested in getting involved and installing a device to start building your own ENF database, feel free to contact the author.
About The Author
James Zjalic is a Media Forensics Analyst and partner at Verden Forensics in the UK. Education includes a 1st Class Bachelors Degree in Audio Engineering and an expected Masters Degree in Media Forensics from the National Centre for Media Forensics in Denver, Colorado. Research includes work on image authentication for The Pentagon’s Defense & Advanced Research Project Agency (DARPA) and peer-reviewed publications on subjects including forensic acoustics and audio authentication.
References Rebecca Morelle, “The hum that helps to fight crime,” BBC News, 12-Dec-2012. Rebecca Morelle, “The hum that helps to fight crime,” BBC News, 12-Dec-2012.
 Catalin Grigoras, “Digital Audio Recording Analysis: The Electric Network Criterion,” Diam. Cut Prod., 2002.
 C. Grigoras, “Applications of ENF analysis method in forensic authentication of digital audio and video recordings,” in Audio Engineering Society Convention 123, 2007.
 C. Grigoras, J. Smith, and C. Jenkins, “Advances in ENF database configuration for forensic authentication of digital media,” in Audio Engineering Society Convention 131, 2011.
 R. Sanders and P. S. Popolo, “Extraction of electric network frequency signals from recordings made in a controlled magnetic field,” in Audio Engineering Society Convention 125, 2008.
 J. Zjalic, C. Grigoras, and J. Smith, “A Low Cost, Cloud Based, Portable, Remote ENF System,” in Audio Engineering Society Conference: 2017 AES International Conference on Audio Forensics, 2017.
5 thoughts on “The Future Of ENF Systems”
Its pretty much simple process!
Thank you Mr. Zjaliz for this article. Do you already have participants for the SwissGrid, Switzerland? May a stupid question but based on the Swiss very heterogenous power generation landscape (evolving from private users feeding in their own e.g. Solar power): Is it possible with the ENF device to analyse which home user’s power system the source was? In addition, is it possible to decept the collection of hum in general (organized crime)?
To get a device for testing would be great but first we should know about the secure cloud (e.g. AWS) data feed up.
For your cross-channel information: RIPE the internet authority provides tiny endpoints to measure the BGP routing toward the endpoints for measuring the internet core speed and routing of ASNs.
You can PM me on FF my user name is RolfGutmann
Hello. Your idea of using a raspberry pi to collect ENF is very clever, however one of the problems with digital forensics seems to be finding data years ago when using ENF for digital forensics was not well known.
Where is the best source to find “legacy” ENF data collected years ago? For instance, where would I look to get a sample of ENF data from the Eastern Interconnection part of the US dated November 2014, or even 2012?
There are several private labs within the US that have been recording the data since at least those dates, but unless the ENF is recorded specifically there is no way that I know of to go back and collect the data. But in 20 years time, I expect somebody will ask the same question but of November 2034 or even 2032 and it won’t be a problem because we started recording now.
Hello Mr. James Zjalic.Thank you for your great article. There is a lack of such datasets in academia and I am interested in installing my own ENF device to create a database. Could you give me some instructions on how to begin with? Or maybe if you have created some kind of handbook?
Thank you very much!