The following transcript was generated by AI and may contain inaccuracies.
Si: Hello everyone and welcome to the Forensic Focus podcast. Today, we are delighted to be joined by Brandon Epstein from Magnet. Brandon is joining us from a hotel, so if you hear some weird noises in the background that’s the exciting life that he’s leading being somewhere at the moment. Is this a carryover from the Magnet conference or is this something else?
Brandon: Actually it’s funny. I was telling people I love the User Summit so much and I love Nashville so much, I just decided to stay and move here. We’re actually in the process of moving and we’re in a hotel waiting to move into a house right outside of Nashville here. It would be easier commute for the User Summit next year. But I’m still about 25 minutes south of Nashville right now.
Si: Wow. That’s really cool. Nashville being obviously one of the places that most of us outside of America have actually heard of. I’m very excited for you. That’s brilliant. And how did the User Summit go off this year?
Brandon: Awesome. Incredibly well, like every year. I think it’s actually one of my favorite events of the year, not just because they pay me to say that and they sign my paychecks, but really because it is such a unique event where the energy you find there is hard pressed to find at any other conference.
Just that mix of those working in the industry to provide the software solutions and the people actively using those solutions get everybody together in the same room. It’s so unique and the chance to share information both ways – from the product advisory councils that show up on Monday to provide information that drives product development as well as sharing user information or sharing tool development information, software information, and also tool agnostic things with the end user. It’s a fun week and then the nightlife’s okay.
Desi: That sounds like a massive undersell, but I get you want to highlight the conference. I always find personally like conferences are always fantastic, whether they’re vendor or not. I haven’t had the chance to go to the Magnet one yet, but I’m sure that I would love to one day and it sounds really fantastic.
But it’s always the networking, it’s the people that you get to meet in person because so much like us now, like we’re talking over Zoom. But when you’re in person you just get so much more benefit. I think that we neglect that some days and that’s really something that a lot of people are missing out on.
Brandon: I think the ability to get some great information during the day, and then I’ll just leave it at the fact of live music and a mechanical bull night really tries to draw people together. I remember giving a talk recently this year at the American Academy of Forensic Sciences to new grads and people first coming into the industry.
My advice aside from the normal is really never be the first one to bed. Always make those connections over a meal or just having a cup of coffee or a drink. You meet lifelong friends that you see maybe once, twice a year at a conference like this. But you also are able to just reach out with, “Hey, have you seen this artifact before?” Building that network really is so much of the importance of having these events.
Desi: Yeah, definitely. And the advice that I give is don’t sit in the lecture theater if you are doing one after the other. Get up, stretch your legs. But go grab snacks – that’s what I love about conferences as well. There’s always a stock snack table somewhere that you can go get.
If you walk up and you just stand next to someone, you’re like, “Oh, hey what do you do?” The opportunities that I’ve gotten from just randomly talking to someone at a snack table because we both love snacks, is phenomenal.
Si: Absolutely. Common shared interest. And that common shared interest is food. I love it. The last conference I was at, I was very well equipped with bacon sandwiches, so that was a very good thing. So anyway, Brandon you work for Magnet now. What’s your background that’s gotten you to this place in your life and moving to Nashville?
Brandon: My background really starts in February 2014. I was working as a major crimes detective in a municipal police department in New Brunswick, New Jersey where we started really seeing a lot more digital evidence and video evidence becoming more prevalent in our cases.
Being the junior guy in the unit, I was tasked with doing a lot of this work of acquiring and maintaining predominantly video evidence from CCTV and then working with it. I realized that we were really ill-equipped to deal with it at the time. So I went to the bosses and I said, “Hey, there’s gotta be a better way.”
I must’ve annoyed them enough. They said, “All right, go ahead and figure out a better way.” We ended up taking some forfeiture funds, which we had in the most ironic ways. I worked a recent case back then about pirated CDs and DVDs where a contract investigator for the recording industry brought to our attention the proliferation of pirated Mexican bachata music in downtown New Brunswick.
We seized a lot of cash, and we used that money to buy our very first video forensic system and me some training. To Desi’s point, I still remember meeting a fantastic gentleman there who’s unfortunately no longer with us from Sweden who traveled for the class, and him turning me onto an organization called LEVA, the Law Enforcement and Emergency Services Video Association.
He said, “If you want to get serious about it, go find some training” and that’s what I did. I dove headfirst into the LEVA training, going to all four LEVA levels, getting involved in mobile forensics, attending some mobile training. And this kind of ties right back to it – during one of those LEVA classes, another great guy named Gene Henderson who retired from Texas DPS many years ago.
We were sitting at dinner one night and he said, “You really should get involved in SWGDE (the Scientific Working Group on Digital Evidence).” I said, “I haven’t been doing it this long.” He said, “No, you have something to say. You should show up and let your voice be heard.”
He encouraged me based upon a shared love of food. It wasn’t just snacks – it was a full meal and maybe a couple beers too. But I started to get involved in SWGDE, furthering my network and meeting many great people there, including some professors from the National Center of Media Forensics (NCMF) at the University of Colorado, Denver.
At the time I had a high school education. I remember saying to them, “I’m gonna go back, finish up college. I had a few credits left, and I’m gonna be your student.” So I ended up going back, finishing up college, working on a master’s at University of Colorado, Denver, in the NCMF program.
My master’s thesis was looking at video file structure and how it changes through iOS device transmission. A few years earlier, another great friend and colleague of mine, Bert Lyons, had shown me some research he was working on regarding file structure.
I nodded and smiled and said, “Oh, that’s really interesting,” but I didn’t quite understand it until it came time for me to look at it. I called up Bert and I said, “Hey, was this what you were talking about?” And he said, “Yeah, we built a prototype around that, a tool around it, at the time it was called MedEx and asked if I wanted to use it for my research.”
I remember talking to him literally two days later saying, “You have no idea what you have here.” Bert’s background is in library information science, very steeped in the digital archival world, but doesn’t really have any connection to digital forensics and law enforcement.
I said, “Listen, this is gonna make an immediate impact on media authentication, ICAC cases, CAM investigations, ICE investigations – there’s a lot of good that could be done with this.” So we ended up talking more and eventually launched a commercial tool called Medex.
The three of us – myself, Bert Lyons, and Dan Fisher – were the founders of Medex Forensics, which was then acquired by Magnet in August of last year. That tool has now been rebranded as Magnet Verify. And that’s my path to Magnet.
What I work on now – they’re not gonna take my hands out of the media authentication space because I have too tight of a grip on there and I like it too much to leave it alone with my crazy product ideas. But I’m doing a lot more work with our Idea Lab and the AI team, bringing the exam review point and the forensic application of what can be done within AI.
I like to stay active. Especially with my role at SWGDE, I currently chair the organization and my viewpoints and ways I think that we can deploy AI responsibly and do it in a way that is demonstrably reliable for a specific purpose. That’s where my role fits in now at Magnet, aside from media authentication, taking on more of how we could effectively, responsibly and reliably deploy AI.
Desi: Are there any kind of developments, because we talk about the deployment of AI quite a lot, both from a tools perspective and use by criminals. From your perspective, is there anything that you can share at the moment of what you’re working on or what’s already out there with Magnet and your division?
Brandon: Just to be clear, we have a team of product developers and engineers. I’m not actually the one with my fingers touching the keyboard to write any kind of code. There’s a lot of things that were set in motion and a lot of great stuff that they’re doing beforehand, before my involvement.
I’m really like the traffic cop at the intersection that gives the information back from the field to our developers and then helps relay that information to the field to explain which direction we’re going and making sure that it’s doing so in a way that actually has purpose.
Within the most familiar tools that we look at within Magnet – within Axiom is the Copilot feature where we have some advanced search, some natural language search features across outputs from cell phone exams or computer forensic exams. Really creating those efficiencies for the investigator.
We’re gonna start seeing a lot more of that in the future in Magnet Review to be able to create those efficiencies. I think it’s important to contextualize that because there is a big need. AI could be a time saver in many ways, but I think it creates some efficiencies in investigative outputs because it will provide us information that we would typically use in an investigation.
Not necessarily something where it’s gonna result in a forensic examination or opinion. The things I just talked about, in Review and Axiom are more in investigative outputs. Within Verify, we’re deploying AI in a different way – not generative AI, but machine learning in a way that is used as evidence with demonstrated reliable, probabilistic output from a classifier.
It has the signed error rates that meets the evidentiary standards to be able to introduce AI or machine learning evidence in court.
Si: Is that in an adversarial concept to verify or to at least attempt to identify the products of other AIs? Are you using it in that capacity?
Brandon: Within Verify, it’s not necessarily just identifying AI generative material, though that’s the biggest concern right now. It’s more about creating context for the creation of media files, whether video or images. How is this file created? What encoders, what software is used? Is this original to a device that it was acquired from?
If not, what touched it? What did it pass through? The probabilistic output really is taking a combination of what we know about our patented method of file structure analysis, which is really deterministic. It’s like a fingerprint for video encoders.
That gets you down to maybe 20 different encoders. If we want to look at which one is most similar, that’s where the probabilistic results come in. It differs from what we’re doing in Axiom because in Axiom it’s that investigative output.
Let’s say I ask Copilot in Axiom, “Can you tell me if there’s any evidence of drug use on this phone?” That’s really an investigative lead that somebody’s gonna look and review and use to say, “All right, I need to talk to this person, or I need to charge this person.”
The AI didn’t really give me the results. The AI told me where to go look for the actual data, and I read the data itself. I didn’t just look at the AI telling me that John Smith is dealing drugs. AI said, “Hey, there are some text messages here that are indicative of drug dealing.”
It gives me a citation to it, and I went and read those text messages. The AI isn’t telling me what it says, I’m reading it the same as I would without it. Where in Verify it’s providing that output saying that this unknown file is, out of all the 125,000 plus files in a reference library, most similar to Runway Gen 3 synthetic encoding.
That pushes past what a human is capable of, which I think is unique to that product, to that approach. And we do so in a way that we can discuss what the error rate is, how we articulate that probabilistic output and effectively use it in court.
That’s what’s missing in a lot of AI applications. I think the forensic community has done a good job of deploying probabilistic results from AI output. But I think a lot of people think AI results and they immediately think ChatGPT or other similar tools that aren’t necessarily built for that forensic approach.
It’s probably not the best idea to dump a spreadsheet or a list of cell sites into ChatGPT and have it map this out.
Desi: You mean we can’t get Midjourney to create a sketch of the suspect if we don’t know who they are?
Brandon: Yeah, that’s right!
Desi: I see you’re about to give a webinar series on “AI Unpacked” with Magnet. That looks like it starts on April 16th, and then there’s two more follow-ups on May 14th and June 18th. Maybe you could give us a rundown of what you’re going to be covering.
Brandon: I’m really excited about this webinar series because everybody’s interested in AI and how it works and how they could use it in their work, or should they use it in their work. There’s a lot of opinions out there and I think the goal is not necessarily to say should you or shouldn’t you, but to allow you to make informed decisions by providing good, responsible, reliable information.
That’s the goal of “AI Unpacked” in that webinar series. We have six planned for this season, at minimum. It really starts with that first episode that airs on April 16th. Those that were at the User Summit a couple weeks ago actually got a sneak peek of this.
I participated in Magnet’s product advisory councils Monday morning, gave this talk Monday afternoon, and I heard these really sharp, fantastic examiners talking about these concepts of AI. As a forensic examiner (and I get in trouble using the term interchangeably – “we” as forensic examiners, “we” as Magnet Forensics, so I’m trying to differentiate) – these great forensic examiners were talking about concepts which are not foreign within the AI world.
The only reason I know about them is because I’ve been working in the space for a bit and have had to learn them. Later that day I could say, “What we were talking about just then, this is the concept, this is what it’s called, and this is how it’s defined.”
Just trying to build that knowledge base of what the underlying methodologies are in AI and how it’s applied to digital forensics. So that’s really what episode one is – just that introduction. Let’s go over definitions, let’s go over basic concepts of how we evaluate.
I keep going back to probabilistic outputs. I think it’s probably the best way to describe what we talk about when we talk about AI outputs. It’s not an absolute certainty. It’s not like “I found this artifact at this specific file path location.” This is a probability of what this result is.
Even on the investigative side, did this person talk about drug use? The responses aren’t absolute certainties. With some degree of certainty this person probably talked about drug use, but it’s incumbent upon the actual examiner to go and look at that.
That’s really what we’re talking about in that first episode – to define what we have to understand about AI to then make informed decisions about it. We’re going to build on that from there.
The other two episodes that are up on the website right now are really diving into the guiding principles of AI development within Magnet. I want to put that right up front because I think it resonates with our user base that we’re not doing this just to do it. It is very transformational.
I said this at the User Summit in 2024 when AI was really becoming popular – this is a tremendously interesting time for us in digital forensics, both in terms of what we could do with software and what we have to analyze based upon this new technology. It really is transformational.
But I want to highlight the steps that we take as a software developer and really say, this is the thought process that goes into what we should develop, how it gets developed, how we do it reliably, and how we approach that. It’s a written guiding principles document that they take very seriously.
It wasn’t developed overnight. If you’ve ever looked at a document that has a lot of changes in a shared drive, it looks like a multicolor rainbow of words.
Desi: Takes five minutes to open because it’s loading all the comments.
Brandon: Yeah, exactly! Let’s start slow, let’s hide all changes and ease into this a little bit.
And then the third one that’s on there right now, which I think is probably the most interesting to people, is really the intersection of AI and the law. How do we responsibly implement this in our workflows? At the end of the day, we are all forensic examiners.
When it comes time to use this as part of an exam, what is the appropriate use for AI in our investigations and examinations to demonstrate reliability for court? And when do we say that it’s not appropriate for that? It’s not all things in all ways.
Si: Pulling you away from Magnet for a second, I’m sure SWGDE is doing something particularly interesting in that regard, being a fairly definitive source for the industry as a whole in the US and quite influential in the UK as well. We take SWGDE documents and correct the Zs to Ss and change some of the spelling around. But apart from that they’re really good. Where’s SWGDE sitting on the AI front at the moment?
Brandon: Great question. Our next meeting will be in May. In January of this past year, we stood up an ad hoc committee specifically to address AI. There was a tremendous amount of work done in the January meeting.
I couldn’t be more thrilled about where this document’s going on the initial use of AI within digital forensics. It will provide that resource not only to the digital forensics community, but for manufacturers to say this is what the community needs in order to demonstrate reliability in what you’re providing to us.
That’s very much in the works. I don’t know if it will be out for public comment at the end of May. I feel more confident that it will be out for public comment at least by the end of the September meeting. To get consensus-based documents created in six to nine months is actually a pretty quick process.
Desi: For our listeners that don’t know the acronym SWGDE, I had to look that up myself – Scientific Working Group on Digital Evidence. Maybe you could give a quick background on what that is for non-digital forensics people.
Brandon: I apologize. I should have led with that. The Scientific Working Group on Digital Evidence is a standards development organization that sets best practices and standards for how things should be done in digital forensics.
Whether it’s how to acquire media from a cell phone, or best practice for image authentication, or best practice for audio enhancement – it covers basic computer forensics, cell phone forensics, cell site analysis, forensic photography, audio forensics, video forensics, and provides solid reference material.
The importance of it is that it’s consensus-based. It’s not one person saying, “This is the way it should be done.” It’s a group of people that write the document together. That document goes out for public comment, and the result is really strong reference material that has been influenced by a wide range of practitioners.
Both public and private sector, academia, attorneys – the private sector plays an important part in providing that information for the community. That’s essentially what SWGDE does.
Desi: For our listeners as well, Brandon’s the chair of that and they have about 80 member organizations ranging from government agencies to private organizations like Magnet Forensics, Cellebrite – everyone coming together to help provide those standards.
Brandon: Exactly. It helps drive how examinations should be handled, how an investigation should be handled. It also provides great feedback to the tool developers. We can see that recently through a document that involves acquisition as preservation where you see two of the most major cell phone tool manufacturers developing methods to provide examiners ways to rapidly acquire or preserve data.
We know data can change rapidly on cell phones, and that feedback is directly related to what was published from SWGDE.
Desi: Fantastic. We’ll post the links in the show notes along with the webinar and everything else. I can already see there are some awesome resources you can go and grab straight from there.
Si: It’s fascinating actually. I came across SWGDE through LEVA the same way as you did. I did all four courses in one year because we’re insane. There’s no sane way of going about doing that! But I got hold of SWGDE through that.
It was very fascinating to see how, because I’ve been doing digital forensics and computer forensics for a very long time before I started doing video forensics. I went and got all the video forensic training because LEVA obviously teaches to it and works with SWGDE.
But then looking at the digital standards for computers, I realized what a wonderful baseline it is for best practice. What we have here are the ACPO guidelines, the Association of Chief Police Officers, for handling digital evidence. It was all very similar – it’s best practice, but it’s so well documented, so well written, and updated frequently.
As you say, there’s lots of input to it. You send these things out for comments, and it’s not closed. It’s open to anybody who wants to comment, whether you’re in the UK, whether you’re a member. If you are capable of inputting to it, you can. I think that’s a wonderful way to approach it. It gets us to the best place.
Brandon: Obviously I’m a true believer in the power of it. I started out in my digital forensics journey as a one-person lab in a municipal police department in an urban area in central New Jersey. I didn’t have a ton of resources.
I read the documents to say, “All right, how should I be doing this? Do I have to develop a policy? How do I develop that policy?” Then, starting to go to those meetings, I met lifelong friends that I still talk to on an almost daily basis.
The organization as a whole I think is one of the greatest aspects of the digital forensics community. I might be biased, but I’m proud of the work we’re doing. About the comments you mentioned – we encourage those, and they don’t just come into the committee to be adjudicated.
Everybody looks forward to them, and every single one is discussed and sometimes debated to see how we can improve those documents. Every person that comments gets a response, such as “Thank you, we’ve improved this based on your feedback” or “We understand where you’re coming from, but the document already says this.”
Every comment gets addressed and logged. The submitter is notified – it doesn’t go into a black hole. You’ll get notified about how it all pans out.
Si: How is SWGDE funded as an organization?
Brandon: Good question. SWGDE historically was funded by some US federal government agencies that no longer do that. A few years ago, SWGDE became officially a 501(c)(3) charitable organization, a nonprofit.
Right now we have a couple different grants from NIST here in the US that provide some funding to operate the website as well as…
Si: Sorry, just before you go any further, NIST is the National Institute of Standards and Technology. We deal in acronyms!
Brandon: Yes, dollar to the acronym jar! The National Institute of Standards and Technology. NIST has a couple different grants that allow us to keep the website up as well as, most importantly, help pay for travel funding for small businesses, whether private or government, that can’t afford to send guests and members to the meetings.
Our SWGDE meetings are in person. We actually found that during COVID when we went virtual, productivity decreased, which was a bit of a surprise. But I understand it after seeing it – you can’t lock 8-10 people in a room and have them focus on something virtually.
If you’re in the office or appearing virtually, somebody’s always getting pulled out and then coming back in. Inherently you work on something and then somebody that’s stepped away for half an hour comes back and says, “Wait, I have an issue with that word three paragraphs ago,” and now we’re back to that, as opposed to everybody locking in and getting it done. It’s actually a much more efficient method.
We also have support from some great people in the private sector through sponsorships. Magnet Forensics is actually our platinum sponsor, long before I went to work there. It really was a phone call that I took from a colleague at Magnet on the way to the airport after we first decided to take on corporate sponsors.
It wasn’t a decision we entered into lightly. There are very rigid rules – there’s really no influence. There’s not much you get out of the sponsorship, aside from saying, “I want to support the work that’s being done.”
I said, “You’re going to get an email from our sponsorship committee saying that we’re accepting sponsorships.” The immediate response was, “What’s the top level sponsor you have? How much is it?” I told them, and they said, “Put us down for it. We’ll square this away next week.”
They were immediately on board, no questions asked, because they really believed in the work that’s going on there. It makes me feel warm and fuzzy that the industry is being supported that way.
Si: Our industry is very interesting. On the one hand, there are people like Magnet – and I’m not picking on Magnet in any sense – that are software vendors. That’s what you do. If you look at the way the industry works for other software vendors, the soonest they can get one over on their competitors and get an advantage and market share, the sooner it happens.
In forensics and in our industry, it seems to me that everybody, because we come into this with a desire for justice, a desire for the right things to happen, actually seems to be very willing to collaborate, work with each other and get stuff to happen. It’s a great place to be, a great place to work.
Brandon: 100%. The people that you meet here, whether it’s software vendors or others – that conversation I mentioned with Magnet wasn’t just Magnet, that was just the first conversation we had. The amount of software vendors that said, “We want to support this” – you can go to the website and look at the list, it’s pretty incredible.
Going out to events and conferences, some of my closest friends work in the software community, some work in the forensic examiner community. I’ve never met an industry where – and I’m not trying to sound cool by saying this – it’s a different vibe within the digital forensics community.
I’ve never met people that are more open and willing to help and willing to help elevate and help a lesser experienced examiner or investigator step up and improve their skillset and just openly share information than in digital forensics. It’s such a unique and great place to work.
Si: So on the Magnet front, we’ve talked about Magnet Verify. What else is going on? Magnet is a large vendor with many products. What else is coming up on the Magnet radar at the moment? Axiom, Automate, GrayKey of course – everybody loves GrayKey, if you can get a license for it, because that’s quite locked down, isn’t it?
Brandon: We have GrayKey for the private sector as well. That’s getting outside my area of expertise, aside from being a GrayKey user for many years as a forensic examiner. What I’m most excited about, aside from the AI development (because I have my hands in there), is how much crime we’ll solve and the accuracy we’ll get.
We’ll achieve things that we don’t even comprehend now with AI, which I think is going to be incredible. On the acquisition side, there are some pretty exciting things coming out soon from the folks on the GrayKey side of the house, as well as vehicle forensics and acquisition.
Coming from my MedEx background, we were developed as a SaaS platform, natively cloud-based to start with. There’s a desktop app as well, but starting to see our tools like Review that are cloud native or the ability to work in more of a platform approach where I could move data around without having to get it onto a thumb drive and move from one computer to the next.
Then leveraging a whole bunch of different analytics tools in one unified platform, which we’ve called Magnet ONE. Looking to the future, I don’t want to paint this rosy picture, but the sky’s the limit. You unlock yourself to do so many more things when you start looking at this holistic cloud platform approach.
If I have this data, I could start running any kind of analysis on there. A lot more becomes available because it’s just so easy to move that data around. This isn’t going to happen next week – it takes development time and it’s ever-changing technology.
But aside from the AI stuff, the platform aspect of being able to leverage that and deliver some really interesting data about media forensics or media investigations to the end user or directly to the investigator based upon that platform approach – there’s a lot of power to that.
Si: I think it’s a very interesting area. My background before I came to forensics was information security. Cloud was kicking off just about when I was firmly in information security, and we were looking so much at how we protect large amounts of data in the cloud.
I think it’s changed a great deal. The technology has changed a great deal, but also people have taken up private cloud. Large organizations have taken up private cloud much more, which gets rid of some of those fundamental issues we were facing. You can’t put police data onto Azure because that’s just a really bad idea.
But if police forces have their own secure data centers and are running things, then we can start to do some more interesting stuff. For me, it was always the instantaneous scalability of cloud. I’ve got this thing, I need it tomorrow, let’s give it 4,000 processors and 20 gigabytes of RAM and we can have that in an hour’s time.
It’s going to cost a small fortune, but if that’s what’s necessary, you can do it. That massively distributed concept of computing I thought was fantastic.
Brandon: As you’re saying that, I’m thinking to myself and putting my government hat back on – I can only imagine how long it would take to purchase a system that I needed, where I could just spin up something in the cloud.
The story I tell people about IT infrastructure in a government agency is, there were so many times that we would have to go back and start from scratch with a quote, because by the time we got approval to purchase, the thing we wanted was actually obsolete and no longer offered.
That’s how long it takes, whereas you can say, “I have this cloud system where I could spin up as many workers as I need” or this kind of unlimited aspect without having to procure hardware and maintain hardware. And living through more than one ransomware attack in a local government agency, I feel more secure about putting my data into Azure or AWS than in the server in the basement of the PD.
Si: My favorite procurement story is actually from when I used to work at Cancer Research in the UK. One of our researchers had figured out that he had a company credit card to let him spend up to 10 grand at a time.
Brandon: I like where this is going.
Si: And he discovered that a blade chassis cost 9,000 pounds and each blade cost 9,000 pounds. So he basically bought a chassis and bought the blades without getting any authority whatsoever, just in 9,000 pound increments, for something that worked out to about 120 grand’s worth of system at the end of the day.
There were occasionally ways and means around these things.
Desi: Mine was very similar. Being in the Air Force, we were trying to do what this cloud stuff is – have a centralized server to have the horsepower on the back end to do the investigations and then have the endpoints just give the results.
I remember submitting the paperwork for the purchase order and then also the sustainment immediately. My boss was like, “Why are you submitting the sustainment?” I said, “It’s going to take us about 18 months to get the purchase order fully approved up the chain.”
“So the sustainment needs to be signed off because it’s already going to be out of date by the time we purchase the hardware.” And being in government, you have to adhere to all the patching and security requirements. I said, “We don’t want a system that’s brand new that’s already failing to meet an audit.”
He just said, “Fair enough,” and signed off on the sustainment as well. That ended up working well, though I’m pretty sure it fell out of sustainment pretty quick, like most government things.
Brandon: I think that actually even along those same lines, the three of us sitting here could absolutely immediately see the benefits. If you put 20 examiners in a room or frontline people in a room, it’s immediately yes. I think it’s going to take some education on our executives and our administration and IT people to say this is really where it’s going. I think it’s getting easier and easier to get that adoption, but it’s still a challenge.
Si: We’re filtering people through now. We’re a relatively young industry still. So people who are in a position of authority now and have worked their way up, haven’t necessarily seen all of the technologies that have come since they left operational service.
That’s gradually becoming less and less of an issue as people retire out the top and people get promoted up and explaining this. And also even if they haven’t had operational experience of what we are asking for, they at least have the language for us to be able to go and talk to them about it.
I think it’s certainly something which is becoming more common that people understand and are able to deal with, but also I think there’s a wider recognition now that it’s actually important. I think before it was easy for a senior police officer to look and go “I’d much rather spend money on putting another guy on the street because that’s gonna solve more crime.”
As opposed to now going, “Actually, you know what, if I can go through this guy’s computer and pick up another 20 drug dealers, that’s going to solve more crime.” So that realization of the way that crime works, the way that our industry works and all of that, I think is starting to be a bit more sensible now. All we’ve got to do is persuade the government that this is money that is well spent and get them to give it to us to spend it in the first place.
But next stage, hopefully we get some politicians who know what we’re talking about soon as well.
Desi: I just remember having a few conversations around cloud computing and adding that into digital forensics, probably beginning of last year. I think now, not only is the education there from vendors and also at conferences and everything else, but there’s also the use cases now, which I think weren’t around before.
So now there’s the success stories that you can point to. It becomes easier to sell because you can articulate the risk through all the education, but then you can also say, “Here’s proof that there’s benefit and here’s how you’re gonna save money and here’s how it’s used in these cases.” I think that’s getting a lot easier to sell in that aspect.
I do remember we were even on the fence – we saw the value, but then we were like, “What’s the risk?” But now I think it’s very clear in 2025 just how valuable it is.
Brandon: Yeah. I think you made a good point with conferences. I think you’re hard pressed to find a conference program nowadays in the digital forensic space where the description of the talk doesn’t involve something about AI or the cloud.
Si: Yeah, definitely. I’m thinking of the two conferences I’ve been to in the last month, and both of them had AI talks. One didn’t have a cloud talk, but the other one definitely did. That was about centralized media and CCTV media stuff, so you’re definitely right about that.
I’m going to say another interesting acquisition that Magnet has picked up relatively recently is DVR Examiner, which has been renamed to Magnet Witness. How’s that coming along?
Brandon: DVR Examiner actually is still an offering and it has evolved into Magnet Witness. I think it goes back to your background – if you ask any law enforcement executive: how often does digital evidence play a role in criminal investigation? And it’s going to be almost every case.
And of that, how much does visual media play a role in that investigation? It’s going to be almost every case. I think we’ve gone through the life cycle of originally the CSI effect, where it’s “Where’s the fingerprints?” And then we saw the OJ trial and now “I want to see the DNA.” And now we’ve migrated to “Show me what happened on video” because it’s so proliferated, it’s everywhere.
And it’s just the expectations. We live this life with so much surveillance video to actually be able to use that in our investigation. So that’s really where the DVR Examiner and Witness come in, not only for acquisition and initial analysis to be able to acquire large amounts of data and sort through large amounts of video data.
Then Witness allows you to look at that from a more individual file approach and to be able to convert and concatenate and trim files for use. A lot of the work that we do within video forensics is not really that forensic at all. It’s a lot more just processing and technician level of “Hey, I need to get this clip out for BOLO (Be On the Look Out) or to share this amongst investigators.”
Later in my career, a lot of work that I did was to prepare exhibits and demonstratives for trial. How do I take four hours worth of video and make it into a succinct five minute presentation that somebody that’s unfamiliar with an area can understand? And that’s really where Witness comes in, especially dealing with doorbell cameras with Ring, Arlo, Nest to be able to acquire those.
As we start seeing more of those, the missing piece of that – and I’ll mention this because it’s the product I’m most tied to – is Verify, which is really about proving authenticity. It goes hand in hand with that. You’re hard pressed to find a case now where we’re not seeing a concern or claim that a video file or image is a deepfake or synthetic.
How do we prove that authenticity? That’s why we need tools like Verify to be able to look at and deterministically, quantifiably say that we’re not taking a guess at it. We’re not looking at heavy signal processing to do it – we’re at scale, really rapidly using video as a data object or image as a data object, or an audio file as a data object to be able to say, “All right, this is an original recording as it’s claimed to be” and demonstrating that.
One of the things that shocked me along the way during product development is the need to demonstrate with an independent tool that video acquired by law enforcement or by the police has actually not been changed, because the officer’s word or that chain of custody is not held to the same weight that it used to.
We see agents that really need to take that step to authenticate and show that video has been unedited or unaltered, or is that camera original. That acquisition piece of DVR Examiner, the processing through Witness or the authentication from Verify is only going to be more important. I think Magnet sees a need with that and is really focusing on that media stack of products.
Si: Yeah. We are seeing a slightly different problem in the UK, or I’m sure that what you’re saying is still a problem here, but one of the issues that I’ve seen time and time again is victim self-submitting evidence.
Of course, the defendant is sitting there going, “Of course it’s a biased opinion. They’ve just accused me of something. They’ve handed this over. It’s clearly been tampered with.” And then we’ve got to unpick that, which is a thing. But the prevalence of the technology and the fact that we all carry a mobile phone camera filming everything – and then the police just go, “Oh, send it to me” – and we end up with it as evidence becomes a much harder proposition to address.
Brandon: And that’s where Verify actually really shines, especially as we start sending things through public evidence submission portals. The videos have been transcoded or images have been transcoded and metadata has changed.
Even without that, how do I know that victim-created video that’s five minutes long hasn’t been trimmed from a seven minute video? The metadata isn’t going to tell me when it comes from a submission portal because the metadata’s new. Verify, because of our unique approach, will absolutely discern and be able to say, “Is that original to that iPhone 13? Or has that been trimmed on that iPhone 13 prior to submission?”
Which is the all-important question, especially when you start talking about domestic violence issues or assault complaints where we’re relying so much on that cell phone-created evidence. Do I have the whole story? And how do I articulate that I have the whole story? That’s really where that file structure analysis in Verify really shines.
Desi: I’m not sure whether you’ve come across this at all – and this is just from my own personal interest – but any cases involving any of the new smart glasses and the video recording features on them?
From what I understand, I think the Meta ones stream from the glasses straight to your phone and then I assume straight through the app into some kind of draft format for Instagram.
Brandon: You know what, Desi, I think that you just gave me a note as the next project for our platform and engineers to look at. We have not looked at the glasses yet, but that’s a super cool research project. We typically try to identify based upon user feedback where we need to go next.
Recently we added WeChat, or stuff that might not be so prevalent here in the States, but we have partners across the globe that are able to access that. Or the newest iPhone comes out, or we need to look at drones, or whatever it may be. But glasses would be a good one.
Desi: I was watching a YouTube video with this ex-con who now cooks and travels the world and does a vlog series on YouTube and helps people try and stay out of prison through his motivational talking. One of the episodes he was using the glasses and the series was walking through the most dangerous neighborhoods in the world.
But he was using the Meta glasses to film a lot of it. I can imagine criminals just filming their cash hauls that they get. I can imagine them buying a pair of Meta glasses and then doing the same thing.
Si: You are being very civilized about this. We all know what it’s going to be used for, don’t we? Being able to have your hands free clearly leads it open to various other uses.
Strangely, I actually came across my first pair of smart glasses in the wild the other day, literally a couple of weeks ago. Somebody had a pair of the RayBan ones, and they loved them. They thought they were brilliant and really useful.
So they were getting a lot of time out of them. It was really interesting to hear. And also they weren’t as obvious as I thought they would be. It was only when I was standing talking to him face to face for some time and I went, “Hang on, are those smart glasses?” And he said, “Yeah, they are.” Otherwise, I’d been around him all day and I hadn’t noticed. It wasn’t something obvious.
Brandon: I’ve seen a couple in the wild. I’ve never had anybody that has had to acquire data directly from the glasses. Probably you get it off the phone, but I was also reminded of when the Z Flip phone first came out.
I remember saying, “I’ll never see one of those in real life. Nobody’s ever gonna buy it.” And I swear a week after that came out, one came into the lab for an exam. I was like, “Wow, it took somebody really long to have some criminality with this new Z Flip.” And naturally everybody wants to come over and look and fold the thing.
Si: I was similar to you. I thought these folding phones would never take off. My PT has one and it’s fine if he’s got it. And then they became commonplace. It’s just a thing that is out there now. Technology moves on and it never ceases to amaze me the things that get uptake. I never thought Alexa was gonna take off particularly, but there you go. What do I know?
This is a fantastic opportunity to sit here and go something like “Alexa play the Forensic Focus podcast” and then watch a bunch of people scramble for their phones at the moment.
Desi: Siri’s gonna be so mad at you, Si though. Because she’ll be like, “Who?”
Si: I have all of this stuff turned off because I’m a Luddite. I’d be the one throwing the spanners into the looms in the spinning machines. That’s me. I just grasp the technology enough to use it and then somebody brings something new out. I just want them to stay still for five minutes so I can have a bit of a break.
Desi: So we’re at the top of the hour now and we really appreciate you coming on and having a chat with us. We generally like to just check in with people to see what they do outside of their job at the end of the episode. So what do you do to unwind and enjoy your time?
Brandon: Right now it’s full-on moving mode. We’re all in boxes, but outside of that I do like to get outdoors as much as possible. A lot of the time right now is spent with my 10-year-old daughter who’s playing a lot of softball.
So it’s nice to get out and be able to watch her play and watch a whole bunch of kids really try hard. Youth sports is always a nice afternoon. So between boxes and softball, that occupies a lot of the time right now. I think there’s gonna be a lot of Home Depot trips in the future, but I’ll relax one of these days.
Si: Moving is always an experience from my previous times of having done it. I wish you the very best of luck and I hope it goes smoothly. Enjoy your new home in Nashville. Wow. That’s pretty cool. It’s on my list of places to go. I’ll be giving you a ring at some point when I drop by.
Brandon: No time like a Magnet User Summit to get back to Nashville. I’ll grab the grill, pull the grill out, and have everybody over at the house. It’s hard to pull you away from downtown when you’re right downtown for the User Summit. You’re not gonna wanna travel a lot, 25 minutes out into the country, but…
Si: 20-25 minutes, that’s nothing there. There seems to be a strange disconnect because my understanding of the US is it’s huge and people are like, “Oh yeah, I’m jumping in the car to go to the shop. It’s four hours away.”
And Desi is much the same actually being in Australia, which is vast. It’s “I’m popping to see my mate. It’s a six hour round trip.” For me, I live in reasonably rural Oxford here in England, and it’s still only half an hour for me to get to Oxford from where I live. I don’t consider that a long way, particularly especially if the traffic’s bad, then it can be considerably longer. But 25 minutes for a barbecue? No, I’m down. That’s not an issue for me. That’s a short trip.
Desi: Especially considering how far we’d both be flying to get there.
Si: Oh yeah, that additional 20 miles? Minor detail, that’s a deal breaker. Thanks Brandon. It has been an absolute blast. I’ve really enjoyed this and it’s been fantastic to hear about the new things that Magnet is doing and talk to you about it all. It’s really exciting. And I’m so happy for you to be moving to somewhere new and exciting. That’s brilliant. I’ll let Desi wrap up because I screw it up every time.
Desi: For all our listeners, anything that we’ve talked about, we’ll put in the show notes and there’s some links down there. We’ll grab anything else from Brandon and his team if they want to add anything else. There’s a transcript available from our website. And from the website you can grab the video, the audio, or see all of the platforms that we host our podcast on – Apple Music, Google Podcasts, any way that you can find us.
We also post it on YouTube as well. So there’s plenty of places that you can listen and watch from. But as always, thanks everyone for joining us this week and thanks so much Brandon, for coming and talking to us.
Brandon: Thank you so much for doing this. It’s awesome. Had a blast.
Desi: Cool. Cheers. Catch ya.
Si: Cheers.
