Enterprise Turns To AI For Speed And Accuracy In DFIR

In just one year, enterprise DFIR teams—as well as third-party service providers—have undergone a radical change due to the nearly universal integration of artificial intelligence.

As businesses face constant pressure to detect and respond to incidents with greater speed and precision, companies are increasingly taking advantage of the benefits of AI-powered digital forensics.

In this blog from Magnet Forensics, learn more about how enterprises are leaning on AI for speed and accuracy in their digital investigations, including:

  • Why AI adoption is accelerating
  • How AI is being increasingly using in DFIR workflows
  • How enterprises are prioritizing usability and seamless integration in AI tools
  • Why AI is a double-edged sword
  • What the future of AI looks like in enterprise DFIR
  • How to make AI work for you

Read the blog here.

Hexordia’s Jessica Hyde: Navigating The Future Of Digital Forensics

The following transcript was generated by AI and may contain inaccuracies.

Si: Welcome, everyone, to the Forensic Focus podcast. We are delighted to have with us today, Jessica Hyde. Jessica has been on before. Although I was going back through the archives and I was wondering when this happened. You talked to Christa, and brought Desi and I on several years ago now and we started working with her, and then she went on to other things. You spoke to her alone back before we even joined, but you did recently interview with Forensic Focus. You’ve got an article and an interview up.

Si: To refresh the listeners’ minds and to bring everyone back, could you give us a little bit about your background now? I’m going to prompt this because I did my research for a change a little bit before we started this. You started off as an avionics technician in the US Marine Corps. This is not a typical start in life for anybody, let alone a start in life to then end up teaching at universities for digital forensics. So how exactly did this transpire?

Jessica: Sure. So I joined the Marine Corps, not typically where you find people who wind up in this field, but right after September 11th. I was a direct ship in October 2001. Kind of giving away my age here.

Si: Younger than me, so that’s fine. Let’s carry on. That’s not a problem.

Jessica: I will preface this by saying there are some other folks who came specifically out of avionics and some other Marines into digital forensics. So you just mentioned Brett Shavers. Brett Shavers and I are both Marine veterans, as is Harlan Carvey and Alyssa Torres. So there’s quite a few Marines who have become forensic experts, and then there are some avionics personnel, albeit more from the Air Force side, namely a SANS instructor as well as Leslie Carhartt. They also were in aviation, but I might be wrong about Leslie. I know Leslie was Air Force.

Jessica: So nonetheless, it’s common but uncommon, whichever way. But I would say that maybe those of us who were in the Marine Corps, we are the kind of people who make our footsteps known. We’ll leave it at that. We might be a little less afraid of being loud.

Si: Yeah, that’s fair enough.

Jessica: So when I got out of the Marine Corps, I took a job in a lab doing reverse engineering of improvised explosive devices. This was still very much in the timeframe in which the US was heavily involved in the wars in Afghanistan and Iraq in the mid-2000s. I took a job doing that and reverse engineering IEDs and ones that were blown up. What are they connected to in terms of trigger and receiver mobile phones?

Jessica: So yes, this is pre-smartphone, but definitely phones that were post-blast. So I like to say that I got my start in forensics analyzing circuit boards of unknown origin and phones that were blown to pieces. It’s a little bit of a different start. I recognized I was really niche, went on and got a master’s in computer forensics to help myself get more well-rounded. Did my stint in the private sector, went and worked for one of the big four firms, EY. And then went back into doing forensics as a government contractor again and so forth and so on. And here we are.

Si: You say you went back to do a master’s in forensics, but that would mean fundamentally that you had an undergraduate degree. Was that in avionics? Was that in…?

Jessica: No, electronics engineering. Electronics engineering, which I did because I was in avionics. It made sense. The government said, what do you know how to do and what can you do? Apparently it is dealing with electronics. And I did that weird thing where I was working on my degree while on active duty. So I went to lots of different institutions and pieced together an undergraduate degree slowly but surely. And here we are now.

Si: I’m going to just ask, because my education background is varied as well. Do you actually think that has been an advantage to you, or do you think that it was just the same or do you think it was a disadvantage to have that?

Jessica: Oh, I think it’s an absolute advantage. I’ll start with the fact that I think our job in the digital forensics field is to solve changing problems that exist with new technology and how to find data. So we do a lot of troubleshooting. As an avionics specialist working on the Harrier, my job was to be able to troubleshoot technical issues, communicate with people who weren’t as knowledgeable about the technology.

Jessica: They were very knowledgeable about their area – pilots, right? They’re very knowledgeable about how to fly a plane. This is much akin to dealing with lawyers. They’re very knowledgeable about law, but not necessarily about the underpinnings of the technology. I was an expert on the technology that was helping them fly versus a technology that is providing digital evidence.

Jessica: So our job is to be able to troubleshoot under austere circumstances and figure out how to solve problems that haven’t been solved before, where the manuals don’t tell you how to do it. From that perspective, it’s the same mental skillset. From a technical perspective, I soldered, I worked with wires, I worked with multimeters. As someone who does a fair bit of hardware analysis in my forensics career, those skills were directly transferable.

Jessica: So the fact that I soldered wires and dealt with electricity and signals and computers and swapping discs – those things literally happen on jets, much the same that they happen in our forensics labs. So yes, I think that there are directly transferable skills, but I will also advocate for the fact that I think the best teams in digital forensics and the best ways for solving problems is by having people who have diverse backgrounds.

Jessica: I love having lateral movers out of different fields on the team because they bring different approaches to problems and oftentimes have soft skills, which are very necessary for talking with our stakeholders, be them generals, lawyers, etc. But also, I worked a fair bit in the beginning of my digital forensics career with the Department of Defense and I still do.

So my time in the Marine Corps has literally allowed me to articulate things well in that manner too, having some understanding about military organizations. So yes, I think it has directly helped, and it’s a lot of the same mental process when you think of it from an abstracted layer.

Si: Yeah, I get that abstracted layer. What we try and say, I think, is that we follow a scientific methodology, but that scientific methodology of test, verify, and loop around when you get it wrong and understand is exactly the same.

Jessica: So I’ll tell you the process on debriefing a pilot, right? They come to you with a gripe and so you’re going to ask them questions about the problem that they have. That’s exactly the same as when we’re brought a question from an investigator or an attorney. Then the next thing you’re going to do is look at, acquire whatever data you can, and then create a testing scenario, create a hypothesis, conduct your testing, and then based on your testing, apply it back to the original problem.

Jessica: Swap it apart. Replace something. Understand how something works. Write a script as we may do in digital forensics. And then you’re going to verify your results. And then you’re going to write a report or write up your documentation. In all of these things, we have to do documentation as we go. Trust me, when you’re working on a jet, you’re filling out your logbook as you go. Just like we document as we go through our process.

Jessica: Put up a report at the end, be able to brief people high up, be able to give status updates to people high up on mission critical things, be able to work in time-sensitive environments, and then the result goes and flies, or the result goes to court. The biggest difference is, presuming everything is going right and your jet has no major mishaps, you shouldn’t have to testify as a digital forensics examiner. If you’re somebody who is working on aircraft, hopefully never.

Si: Never. Yeah. It’s interesting actually, because I think one of the skills that is most valuable is that note-taking, those contemporaneous notes. And actually it’s very hard to teach, or at least I found it very hard to teach. I found it very hard to learn, to be honest. I came from a systems administration background and I did a lot of things, and then I wrote documentation. I didn’t write documentation while I was doing things, and it has taken me a while to get around to being a little more efficient in the note-keeping department.

Jessica: Yeah, I’ve got to say, keeping logbooks in the military that are timestamped with who it is, what happened, being able to give a bottom line up front – that’s the big wording in the military, the BLUF. And then be able to substantiate every step you took, and it can be read by other people who have to pick up your problem. Yeah, that’s definitely a skill that I had acquired there. I think you’re right, it is. I think the best way for people to learn how to do that is to see samples though.

Jessica: I think showing them how you take notes and showing the quality of notes and actually, peer review is another big thing. Having people peer review notes of people who are learning how to take notes is really important so that they understand the most important thing. I like to tell folks, when I’m teaching my students at the university or students in a Horia class and we always talk about note-taking on the first day, because if you don’t know how to take notes, how can you do all of the other things you’re supposed to be doing?

Jessica: I always like to say the most important reason to take notes is in case you’re hit by the lotto, because I want to put a positive spin on it, but somebody else has to recreate your work. And how many of us have worked something that comes back years and years later? I want to make my own life easier. I like it when past Jessica does current day Jessica a big favor or future Jessica a big favor.

Si: Yes. I was going to say, I don’t get too many cases that loop back around a couple of years later, but I had one a little while ago that came up and it was like, “You reset the password on this,” and I was like, “What did you set it to?” And I was like, “Oh my God, that was four years ago.” That is not in my mind anymore. And you’re flicking back through your notes. It’s like, “Oh good, I did write it down.”

Si: That sort of mad panic as you realize that you’ve reset an account in order to get access to it, and then you can’t necessarily recall four years later when you need to get back into it again. So yeah, I wholeheartedly appreciate that. You looped in an excellent segue for me to go to your students. So I’ve seen you are, obviously Horia is your company in your organization and you’re a university lecturer. You have been at Champlain…

Jessica: I only taught at Champlain for a year. I’ve been teaching at George Mason since 2016.

Si: And George Mason as I worked my way up to this. It’s alright, don’t worry. How did you fall into that?

Jessica: I’m very lucky. I did my master’s at George Mason and so when Bob Osgood knew that I worked specifically in a mobile forensics lab and that I had spent my time focused on problems pertaining to mobile forensics, and he needed an instructor, he reached out to me and asked me if I was interested. And I was like, absolutely, this was a no-brainer for me.

Jessica: I had the luxury of doing some teaching in my roles in labs of first responders and creating content to help our practitioners within our lab skill up. So writing a class to teach mobile forensics was a no-brainer, and I love it. Do you know why I love it? Because I learn more from teaching because of the questions that get asked by folks who this is new to. They look at it differently, and as each new group of students who have had a different set of circumstances that have brought them to where they are, come to take this course, the situation is different.

Jessica: The technology they grew up on is different. The way in which they’ve been exposed to the environment is different. So their questions change and it helps me gain perspective and it also challenges me always to be aware of the newest operating system and the newest issues. Not only does my casework inform that, but having to be prepared for each lecture in the fall, it’s the most fun because the new operating system versions for Android and iOS typically hit in September or October. Usually about one to two weeks before I’m teaching.

Jessica: And of course, I want to know what’s happening and what’s changed on that newest operating system. So it gives me an extra little push even before my casework has hit it. But also, the questions that are asked and the “let’s figure it out, let’s find out” – I learn more from the questions people ask than I could probably even come up with on my own or from my independent coursework or from my colleagues.

Si: Yeah, I love my opportunities to teach and I’m going to say I’ve been very fortunate in having my own children educate me frequently on the way that phones actually work, as opposed to the way that I think they work.

Jessica: My children – I have two teenagers, or I guess one young adult and one teenager. I guess they’re technically both teens, but neither here nor there. They definitely are the people who I go to with slang terms that I don’t understand that are in data. “Hey, completely no context. Do you know what this means?” They school me.

Si: Yeah. I had an absolutely wonderful opportunity. During lockdown and COVID, we were giving evidence remotely to court. So I was sitting actually in this chair here giving evidence in a case. And a question came up and the judge was like, “Do you know what would happen under these circumstances?” And I was like, “I don’t, but actually, if you give me two seconds, I can test that because I’m here.”

Si: And it was me madly texting my daughter upstairs going, “What happens if this happens?” And she’s responding, “What I saw was this,” and I’m like, “Your Honor, what we saw was…” She’s gone on to a career in law, so I cannot…

Jessica: Oh, how appropriate!

Si: Yes. My influence has rubbed off in that regard. But yeah, it’s the way that people use technology that varies upon the way that they… The app does the same thing, whether I pick it up or you pick it up, or they pick it up, but the way they use it is so fundamentally different. And that’s fascinating to me, that sort of approach that they can bring.

Si: And I was also very fortunate in the degree that I was teaching previously. It was very keen to bring on all sorts of backgrounds of student. It wasn’t just maths, computer science, physics people. We had English, we had foreign languages, we had psychologists. We had all sorts of…

Jessica: Different perspectives. That goes back to what we were saying earlier about different perspectives in the lab makes for different solutions. I have folks who have transitioned from healthcare, from education, from so many different fields that you get to collaborate with. And when you have people who do that lateral movement, they definitely approach problems in different ways.

Jessica: The best teams are going to have somebody who comes from a law enforcement background, somebody who comes from an academic background, somebody who comes from a computer science background, somebody who comes from an electrical engineering or hardware background. And when you take those different backgrounds, they’re all going to have a different approach as to how to solve that same problem.

Jessica: Many times the problem would never get solved with just one of those people working in a silo. It’s when they all start communicating and then they’re able to feed off of each other to come to a new resolution that no one’s brain would’ve come to on its own. And that’s awesome. That’s how we solve technical problems.

Si: Yeah, the fantastic concept of interdisciplinary sharing is amazing. And we start to hear about it in all the really sexy things like biomimicry, where they make robots crawl up walls, pretending to be geckos and stuff. But it applies all round and that’s absolutely amazing.

Jessica: I’m going to have nightmares about your biomimicry example now. Thank you.

Si: I’m sorry. I’m sorry. We won’t get into the glow-in-the-dark jellyfish and all sorts of things like that as well.

Jessica: I’ve been to Australia. No, I’m joking. I have, the jellyfish are the scary thing.

Si: I was about to say, Desi would be able to answer this more accurately, but I’m pretty sure everything in Australia is trying to kill you. I have yet to experience it myself, but it seems that way from any guidebook I read: “And this is poisonous and this is the most poisonous.” And “Yeah, don’t touch these. And the spiders are this large.” Yeah. No. Thank you. I’ll stay here.

Si: Obviously you come from the electronics background. Are you still hands-on with chip-off forensics? I’m not going to say necessarily exploded phones, but you may still be getting exploded phones.

Jessica: I don’t usually get post-blast phones. But yes, and I would say because we’ve been doing a fair bit of IoT forensics, a fair bit of IoT research, and at the end of the day, those are the chips that are unencrypted still, or a lot of them are. So those are where a lot of those techniques are more relevant – ISP, JTAG, UART. They’re very relevant still on getting data off of physical hardware.

Jessica: You can still do a lot of chip transfer in the repair world. So for damaged devices, yes. And there are a couple of folks on my team as well who are strong in that area. So the answer is yes, but not as much as I used to when I was dealing with post-blast devices every day or even when I worked with a team where we had our own hardware exploitation lab.

Jessica: It still does happen, and we do quite a bit with IoT devices in both research as well as casework and instruction. So yes. But definitely seeing more digging into databases these days than into other data structures. Trying to understand Android binary XML, SQLite, LevelDB and dealing with those kinds of data constructs, I’d say, are more common in my daily world at this time.

Jessica: But we have an IoT class that we teach and we get very hands-on in there. Not so much where we’re teaching students chip-off and JTAG – there are fantastic courses out there that do that – but we’re teaching them how to deal with that data, and that’s still how we’re getting that data.

Si: Are you finding that there’s a particular sort of class of IoT device that you are seeing more frequently? Is it like the Nest home things or is it security cameras or…?

Jessica: I’ll give Google some credit that the Google devices are the ones that are encrypted. So the Nest and the Google Home, those are encrypted. It’s a mix. There’s a lot of smart watches that we see, a lot of health data devices that people are giving up a lot of their health data for, for their own personal information. But it’s coming up a lot in casework.

Jessica: Also smart speakers, just because they’re almost ubiquitous in people’s homes, but there are sensors everywhere. I think that there are a lot of door cameras or doorbell cameras, but a lot of that’s just being gotten from warrant returns more than taking the data off. We actually have a cool project for the DOJ where we were analyzing, does it make sense to seize the hardware or is most of it in the app or is most of it in the cloud?

Jessica: And trying to determine what devices it makes sense to get the hardware for. I’m not getting cases where the refrigerator is what we care about the data on, but refrigerators could have data. And if your refrigerator is synced to tracking geolocation of your kids and to calendars, that may be valuable. But I think part of the IoT landscape has to do with awareness and what is the best source of data.

Jessica: So if we can get the data from the mobile phone, and that is where the data is resident, why wouldn’t we stick with that? Because it’s in the sync app, but sometimes you may not have access. So I think that it ebbs and flows based on what is in people’s environments. Not a particular area of my expertise, or there are other people who spend way more time in this, but the most IoT thing that’s giving people lots of data on lots of cases is vehicles.

Jessica: Vehicles are a giant moving IoT device. I know this because I particularly drive a low-tech vehicle and I am not looking forward to having to replace it because I like that I don’t have a heads-up display and that my car does not have CarPlay or Android Auto or any of those features. And it will be harder and harder to find vehicles that have that.

Si: My car is decidedly archaic – doesn’t even have Bluetooth, so it’s a long way down the scale. But the thing that fundamentally scares me is, and Tesla is the prime example of this, and I know they’re having a really bad time at the moment for various sorted reasons, mostly to do with their own fault or at least their CEO’s own fault. But it’s the idea that you can push updates over the air.

Jessica: I’ll stay away from discussing vehicle forensics at this juncture in time. I’ll give the clear disclosure that my husband works in the red team side of the house for a major motor vehicle manufacturer. So that’s probably the one area, and that’s the reason I say I try to stay out of that area just because I don’t ever want there to be any question about my knowledge or my information or where things come from.

Si: That’s more than reasonable. And we can have this struck from the record, if you’d like.

Jessica: No, it’s actually fine either way, but there is definitely something funny about having a red team, blue team marriage there.

Si: I was going to say, we spoke to Heather and Jared a little while ago from Cellebrite. And yes, the dynamic of two people in the same industry is quite fascinating when you come down to it. My wife’s a project manager, so I’m not sure how it would go if it wasn’t that way. Certainly if we were on opposing sides technically, I think it might be a little more interesting.

Jessica: We did meet fixing jets. My husband and I both fixed jets and that’s how we met. So the fact that he is a red teamer and that I do defense security is ironic. But yeah, I steer away from the vehicle stuff.

Si: That’s very fair. “Steer” is a funny pun though. “Steer” vehicle. I do love puns as evidenced by anyone who’s ever seen a CTF I’ve worked on. I think that a slightly irreverent sense of humor is an absolute must in this industry. I come across some people who are way, way too serious for their own good, and I’m not sure it’s good for their mental health, if I’m honest.

Jessica: I think it’s important to have a sense of humor because at the end of the day we deal with the darkest of humanity. So if we can’t have levity, if we can’t find places to have joy in the mundane, how are we going to be able to deal with the fact that we are dealing with, and I don’t care, even if you’re on the incident response side, you’re dealing with companies on their worst day.

Jessica: No matter where you are in this field, you’re dealing with people on the hardest day they’ve ever imagined. And our work affects people’s lives, and that’s heavy. That’s a heavy weight to bear. So if we’re going to bear that much weight – how cool are our jobs? We get to use our technical knowledge and our brains to figure out problems, to be able to find truth and help with justice, and help people resolve issues and conflicts and sometimes save lives or protect lives.

Si: Absolutely.

Jessica: We have the best jobs in the world, but the weight of it is important. The weight of it is important for us to be aware of and feel because it should drive us to do the absolute best we can, regardless of what side you’re on, what environment you work in. Our work has victims. Not a case exists without a victim. Be it a company, be it wrongly accused, be it a victim of a crime.

Si: Yeah. I think it’s a very important thing that seems to get lost a little bit actually is that we talk about the sides that we’re on. We talk about prosecution or defense. But actually at the end of the day, we’re all here to achieve justice. That is what our role is, and we are a burden to the court. We’re not burdened to anyone else.

Jessica: Our job is to find the truth in the data. That is our role. Our role, regardless of whom is hiring you – our responsibility, and I think that this is really keen, is that I’m very involved with HTCIA, the first VP at the international executive level at this time. And one of the things I was really happy about is that the organization two years ago got rid of its rule that required it to limit membership to people who limit anybody who does defense-for-hire work.

Jessica: And I am so glad that there was a unanimous vote by the organization to say no. The High Tech Cyber Investigation Association represents the work we do. It doesn’t matter who you work for, because the results should be the same. Our goal is the truth in that data. What attorneys do with our work is beyond our control, but it is our job to do our due diligence and to represent the facts as they are displayed in the data, which again, takes that testing and that need for understanding and validating, etc.

Si: I think it introduces the interesting problem of bias. I was talking to a colleague about this not terribly long ago, like yesterday. And we were saying everybody has bias.

Jessica: 100%.

Si: It’s not whether you are biased or not because you are. It is a very biased opinion to think you’re not biased.

Jessica: Yeah, exactly. You’ve got to allow for that fact and to handle it and manage it and to say, to think that you are not is a mistake. But if you only do defense work, if you only do prosecution work, your biases are almost increased. It’s inherently an echo chamber.

Jessica: We started with a bias. We talked about generational bias, right? That the approach that people take. So both of us who are parents of young people now in this world, the way that they approach or see technology is different, which means if you or I are testing, “How did this artifact get here?” If we don’t think to involve, and again, this is one of the great things about having multi-generational teams.

Jessica: I have people who are much more senior to me in age and much more junior to me in age as part of my teams. And if we don’t get that perspective, I might not be thinking of some of the ways in which data could wind up on a system. Sometimes my young folks, they do things with their fingers on the screen and I never thought of interacting with said app in that way. And it makes magic happen.

Jessica: So we don’t necessarily even understand all the ways. In order to test a feature, to say, “How else can that data get here?” And that is the truth in the bias. So anytime that we see that we have something that is demonstrative of this is how something got there and that we can test and prove that in the affirmative, we need to be able to ask what else could have caused that data to get there.

Jessica: What would it look like? What other actions could cause that to not be there, right? So we need to look at the complete opposite of the things that we’re proving to make the best attempt to neutralize the bias that is going to be implicit. When your scope in itself in an investigation introduces bias. However, it is an intentional bias that prevents us from actually having privacy issues in a lot of instances. Someone’s phone is the most…

Si: This is an interesting distinction actually, between US and UK law. Because you are restricted by your warrant. We aren’t, but what we’ve seen as the counter to that is that quite often we are seeing victims almost self-submitting evidence. And selective. And it’s not because they’re not victims. I’m sure they are. But they are making a selection of the things that they think are important and sharing them with the police.

Si: There is a limited capture done on the basis of what the complainant says, and it’s not the full picture. And you end up with some very interesting questions.

Jessica: This is fascinating to me. There is an interesting paper from the Scientific Working Group on Digital Evidence that I’m a member of (SWGDE). I love it. Lots of great papers coming out on minimization of data, what is the right way to minimize data for privacy concerns. And this is really critical. My personal opinion is that if possible, minimization should be done in the analysis or via a human firewall and not on collection because of exactly what you said there.

Jessica: If we are only given a subset of collection of the evidence, then we risk not having access to exculpatory data, to being able to put together the full picture. When a database only has part of the data, but it actually correlates to some other database that maybe isn’t within a time restraint. So I really believe that we need as complete a collection as appropriate, and then to minimize on analysis.

Jessica: And I am very heavily speaking towards mobile and digital forensics here, as opposed to incident response where you would not collect a full endpoint of every single device, because that would diminish the capability to do incident response. Or even in a large enterprise environment, it might not make sense from a source and amount of data.

Jessica: But if we’re talking about somebody’s mobile device, having a human firewall, or I hate this expression, a “taint team,” those things may be more appropriate to protect someone’s privacy concerns. And again, I’m trying, because you just mentioned the fact that the laws are different, I’m sticking straight to privacy and to have the most respect for people, the people whose devices we’re looking at.

Jessica: And I think that’s really important because we want to be able to still have access to the exculpatory data. And for another reason, and this is something I’ve been hammering a lot recently, I just had an article in Forensics Magazine about this – acquisition should be seen as preservation because of how the availability of data degrades rapidly.

Jessica: Particularly in the world of mobile, and I’m not just talking about access, phones rebooting from a FU to BFU or USB restricted mode. Let’s say we’re in a completely consent-based environment. Consent-based, not consent-based environment where the person is giving us a password and the device and they’re giving consent for their device to be looked at. Maybe they’re a victim even in a consent-based environment.

Jessica: Data degrades because they’re and becomes nonrecoverable when you introduce the element of time. So I’m not talking about things like the WhatsApp wiping somebody’s phone, I’m not talking about… I am talking about literally that every day that goes by, knowledge loses data or cache locations loses what’s seven days old on that date. Literally data we will never be able to recover and it could be exculpatory or inculpatory.

Jessica: So while prosecution may want in a criminal case, access to that data so they can demonstrate where someone was, validate an alibi, etc., defense may likewise be saying this: “How can you even proceed? You miss the evidence that could have shown that my client wasn’t there because you didn’t get those cache locations images that degrade after 30 days post deletion.” And this is data that is no longer recoverable forensically.

Jessica: This wouldn’t be a question if we were talking about other wet science data. And there’s actually a good paper. One of my colleagues at Horia, as well as a co-forensics examiner Holmes from a university in Europe. Frank Adelstein and… I’m going to butcher his last name. Not in the UK, in Europe. I am sorry, Holmes. I know I just butchered your last name.

Jessica: They had a paper that just came out yesterday as part of DFWRS-EU. And they basically were saying timely preservation is critical because if you were to try to get the cast of footprints a week later, they’d be gone. The same thing happens in digital evidence and that we also, they brought up an interesting point, need to be preserving our test data at that time.

Jessica: Because the way in which the phone, not just what app version it’s on and what database it’s on, what’s stored on the backend of the server, it’s communicating with changes the capability of the server on the other end changes. And so I’m really just keen on this topic of acquisition as soon as possible. That timely acquisition is just absolutely critical particularly in mobile, but in digital forensics as a whole and that we need to pay more attention to it.

Si: I think it’s fascinating because, I’m going to say my age is greater than yours and therefore my starting point in this is a bit different, but we started off with “You get a computer, pull the plug straight away. That’s it. Done.” That was the way I was taught. That was the original start to this.

Si: And then it was like, “Oh no, there’s a whole bunch of ephemeral data that you’re going to lose if you do that,” which is completely true. You lose potentially encryption keys, network connections, all sorts of stuff. So we started thinking about doing that.

Jessica: And no one’s going to question you if you pull RAM on scene.

Si: No.

Jessica: But if you image a mobile phone on scene instead of just seizing it and putting it in a Faraday bag, that is questioned depending on your jurisdiction, where you’re in the world. Now it’s a search, or are we just… because the US has this really big ruling, very famous called Riley, and it’s the reason you can’t image a phone upon arrest.

Jessica: And at the end of the day, the ruling in Riley said, “Hey, the reason you can’t do it is because you can use these cool little nifty things called Faraday bags.” Guess what? Putting a phone in a Faraday pouch doesn’t stop a dead man switch. Putting a phone in a Faraday bag doesn’t stop these timers, doesn’t stop the reboots, doesn’t stop the non-recoverable data due to time degradation.

Jessica: So it’s just, what do you know? Technology changes and we have to continually adapt our methodologies. Speaking of SWGDE, they put out a great position paper on this, and SWGDE does not put out position papers all that often. So when they do, it’s important. I believe it’s called something like “Timely Acquisition” or “Timely Preservation Through Acquisition.” Don’t quote me on it, something to that effect. It’s definitely absolutely worth a read and definitely a conversation I hope people are bringing back to their labs, but more importantly to the attorneys who are telling them what rules they have to live under.

Si: Yeah. In the world of CCTV and surveillance forensics, what’s going on is that everybody and their dog now has a Ring doorbell or something like that. But unless that is seized or the data is acquired in a forensically sound way, within 24 hours, 48 hours of an incident having happened, it’s just going to vanish.

Jessica: Here’s the thing, then it becomes who is paying for what version of service, right? Because I have a doorbell camera on my residence. I’m a very big proponent about cameras outside of the house. And I’m a personal proponent of no cameras inside the house except for obviously the one I’m using for this communication. Webcams are a bit different and I can turn them off.

Jessica: However, I’m a very big proponent of cameras on the outside, but I also pay the added service fee to have my data maintained for 30 days, because I know that 24 hours… I travel a lot. I might not even know something occurred within a 24-hour period. So I want to have that 30 days worth of data so that if something happens… but again, I come at this as somebody with a specific heart for digital evidence.

Si: This is the world we collect in. And if you look at it – I’m not going to quote any numbers – but if you look at the amount of data that’s created now daily on the IoT devices, the things that we have, it’s astronomical. We could probably solve every murder in the world that ever happens if we actually collected it all in one place and managed to filter it in any sensible way.

Jessica: There’s no human way of doing it. It’s impossible. It’s just way too much. And different formats and all of this.

Si: And what does it mean is different than what is there, right?

Jessica: Exactly. Yeah. I get nervous when we start talking about large autonomous systems that could deal with all of this data.

Si: No, so I’m going to say we could segue into AI and its use in here. I am a terrible Luddite in this regard. I’m the one who’s going to be throwing a spanner into the AI works. I actually studied artificial intelligence at university once upon a time. And I wish people would stop calling it artificial intelligence for a start. “Applied statistics” is my personal choice of phrase.

Jessica: There are many different applications that fall under AI and machine learning. Everybody is all on the new hotness because of their personal user-end experiences with generative AI. AI has been in digital forensics, different levels of it since 2007. Anybody who’s done an e-discovery case with targeted assisted review or TAR has used AI. Anyone who’s used most forensics tools have… it depends what kind of algorithm it is.

Jessica: We use algorithms, we use computers. They are important. The criticality is that machines don’t understand what they don’t know. And a large part of our problem is dealing with the unknowns. I like to cite the fact that there’s over 6 million apps just between Google Play and the Apple App Store. I could generously say a thousand are supported by commercial tools and I’m probably being generous.

Jessica: So that leaves a wide, vast world of unknowns, proprietary data structures, things we don’t know how they’re stored. But even more importantly, even if the AI can figure out what all the data translates to, what causes the timestamp to occur, what does it mean? What causes that URL, what is that IP address of? What other things could cause it? The meaning takes a human and testing and understanding.

Jessica: And my big concern is the legal system erroneously thinking that our jobs could be done better by computers than humans. Now there are some humans whose roles in this field are not doing deep technical work, but with the rate of change of technology, I would say those people who do go beyond the “find evidence” button, beyond just clicking, are going to be needed in order for justice and truth.

Jessica: And if not, we’re going to have a large issue with misinterpretation of data because if we can have multiple experts on the stand in the same case, interpreting the same thing differently, not because they’re saying that the ones and zeros are different, they’re saying that the meaning is different. And that is what we provide and that’s the reason digital forensics experts should be here to stay.

Jessica: And because somebody’s got to test and validate and think of those new apps. And yes, testing could be potentially automated in the future. And a lot of things should – we should automate as much as we can to allow humans to solve the problems humans need to do. And besides that, it keeps our work more interesting. So there’s my ten seconds on it.

Si: I couldn’t agree more. I think the important thing is that we back away from calling it artificial intelligence because it has no intelligence whatsoever. And it’s a very misleading thing to say at any point. The idea of automation, the idea of even things like fuzzy pattern matching is technically sitting in the right area. But it’s enhancing our skills, enhancing our tool set a little bit.

Jessica: I’m not going to use a slide ruler and an abacus to do math problems. I’m going to use a calculator. I’m going to use my phone. I might even call out to a smart assistant as I’m cooking and say, “Hey, smart assistant, how many cups in a quart?” Because I do have to deal with cups and quarts instead of liters. You’re lucky.

Si: I’ve given a couple of talks on AI in my time. And many years ago, criticized it very badly, but I heard a talk and I’m just going to look up his name because I don’t want to miss… He’s an American… not Brandon Epstein.

Jessica: Okay.

Si: A guy called Jared Carter. He’s… hang on, let me scroll through and I can give you a little more information.

Jessica: The truth of it is there’s good, there’s bad and there’s ugly, and we should let computers do what computers know how to do well, but we shouldn’t be thinking that computers are replacing humans in this digital evidence element. They’ve always been a tool. We love our tools, right?

Si: Yeah. Jared actually specializes in accident investigation.

Jessica: Ah, okay.

Si: He’s a forensic analyst in collisions. Lovely. But he was playing with ChatGPT and a couple of the other ones to see whether they could solve collision problems, mathematical collision problems. And what he very interestingly discovered was that they were getting it completely wrong.

Jessica: Because generative AI isn’t the right type of computer for math. Generative AI isn’t good at math. It’s a large language model.

Si: So it was returning a probabilistic statistical…

Jessica: …based on what should be, yeah.

Si: Yeah. So if you want to talk about bias – when you feed something the entire world of the internet, and as experts as we are in knowing what grossness and evil exists on the internet, the last thing we’d want is that. I’ll tell you a fun quip. I obviously work for Horia. I do not, nor have I worked for SANS, but I was trying to find a picture of myself and look at a GitHub profile for myself, and I said, “Jessica Hyde and forensics.”

Jessica: Google Gemini brought up an automated, created bio it made for me and it said “founder at SANS.” Now my bank account would love it if I was the founder at SANS. I also was 12 years old when SANS was founded. So this is not a true statement. I was around 12. My point being that AI will get things wrong because it will call different things from the internet and try to make an assertion about them that is not quite right.

Jessica: So yeah, it’s bad at doing logic problems – that is not the goal of a generative AI. However, there is lots of great computation that can be done of math, otherwise we wouldn’t be able to use hash values.

Si: Exactly. And this is using tools appropriately for what they’re designed for and looking at your areas, understanding the limitations of what they are. And also not trying to, like you say, not trying to push stuff further than it should be going because just because it’s a new hot and sexy thing over here that everybody’s talking about doesn’t mean you should be shoehorning it into your forensic tool today to do stuff.

Si: I’m going to perhaps speak slightly out of term because I know there’s a possibility we may be getting them on to talk about their products, but I’m aware of a company that has a feature in their forensic video software that re-colors infrared footage.

Jessica: Oh!

Si: Now infrared footage is recorded in monochrome, what they’re effectively doing is making up colors and sticking it on top of it. And I’m a little unsure how one could possibly do this in any forensically sound way.

Jessica: I am not educated to speak to that, but fascinating.

Si: It’s interesting and I think something that somebody said was that you can’t stick your head in the sand about it. We have to be aware. We have to be able to refute it. We have to be able to understand it. But it’s not…

Jessica: And again, it’s been in our world. It’s been in our world.

Si: It’s been in our world. Like I said, I read it at university, and I was, like I said, SANS was founded probably after I was 12. You’ve made me feel so young. I’ve enjoyed this. Thank you.

Si: Oh, trust me. You’re, don’t worry about that. Like I say, I went and read it in university before the turn of the century, which sounds so bad. But yeah, so it’s been around 25 years minimum now. Absolutely more than that. So we really do need to get a grip on it, I think is probably the way to phrase it, rather than anything else.

Si: It’s there. We just need to learn how we’re going to live with it. And also dial back the rhetoric a little bit about how, first of all, how it’s going to destroy us all. Because it isn’t, something can barely tie its own shoelaces, let alone come out and…

Jessica: …introduce a Terminator. It’s the chicken little thing, right? Do you remember when they told us that big data was going to destroy us and then encryption was going to destroy us? We weren’t going to be able to get data because of encryption, and then locked phones were going to get us, and then the cloud was going to get us.

Jessica: And there was going to be no data on devices. It’s just the newest in what’s going to get us. And you know what? We’re still going to be able to do our jobs for a long time. It’s a game of cat and mouse and we’ll continue to do what we need to do as professionals who adapt to technology to be able to uncover the truth in digital evidence.

Si: Absolutely. Now, I think as we’re coming towards the top of the hour, that’s actually quite a good point to draw perhaps a final question for you, which is: with everything that you’ve had an opportunity to see, and with your successful business there at Horia, and with your role at the university, what do you see as our next biggest challenge?

Jessica: Our next biggest challenges are going to be in policy. Policy and law are the biggest challenges. Morrison and technical will continue to evolve to meet the technical needs, use technology to deal with technology, but it’s educating the legal professionals so that they understand our world.

Jessica: I meet with many an attorney who still pulls out a cart full of paper and documents every time you go to court. And it is educating the legal system and those who make policy on how to deal with the newest technical issues at hand.

Si: Yes. I think you’re absolutely right. I think that we are in a position whereby we are evolving faster than the law. We’ve always been evolving faster than the law.

Si: One of the joys – I’m a big fan of history – but one of the joys is that the first computer crime case in the UK was actually prosecuted under Fraud Law. And it was prosecuted on something called “making a False Instrument,” which is technically used for creating a fake document to prove who you are.

Si: Something like a fake passport or a fake driver’s license. And they translated this to making a fake password because the password was what proved who you were. And therefore by using a password that wasn’t really yours, you were technically creating a false instrument, that password that allowed you to enter…

Jessica: …who you are. Oh, my.

Si: And very shortly after this, the Computer Misuse Act was created in the UK because they found that this wasn’t really fit for purpose. But it’s just a demonstration of how the law is several steps behind.

Jessica: I’m not an expert in the law. I am so glad that there are so many good legal professionals who understand digital evidence, but there’s a lot who need education in digital evidence.

Si: I have to say it’s been an absolute pleasure talking to you.

Jessica: Likewise.

Si: And thank you very much for coming on. And please don’t leave it three years before you come back again. It would be great to have you back on to chat again in the near-ish future. When something else happens that we can have an opportunity to talk about, which would be wonderful.

Si: For listeners out there, you’ve obviously already listened to this, but I’m still obliged to say that you can find this podcast on various mediums like Spotify, iTunes, all of the good stuff, YouTube, but of course, most importantly on forensicfocus.com – our own website, which will have this and the interview with Jessica written up.

Si: And various other wonderful things and you can come and participate in the Discord channel. You can drop in and come chat with us on the forums. And basically we are a huge community of people who like to talk about forensics like this because it’s fun and it is, as Jessica said, the best job in the world.

Si: And there’s nothing that beats it because we get to make a difference. So again, thank you so much for joining us. I really appreciate it and I look forward to having an opportunity to talk to you again.

Jessica: Thank you. This was such a pleasure.

Accelerating Investigations With AI-Powered Media Classification

In the ever-evolving landscape of digital forensics, internal investigators and eDiscovery professionals are constantly seeking innovative tools to quickly and efficiently uncover evidence. One way to help accelerate investigations is to lean into the use of AI-powered capabilities around media classification. This technology is revolutionizing the way investigators handle vast amounts of data, enabling them to uncover critical data faster than ever before.

The Power of AI in Media Classification

AI-powered media classification leverages advanced algorithms to analyze and categorize media files, such as images and videos, based on their content. This technology can automatically identify and classify various types of media, making it easier for investigators to sift through large datasets and pinpoint relevant evidence.

During a recent webinar, experts from the Cellebrite team highlighted the significant impact of AI on digital forensics. Andy Jacobs, solutions engineer at Cellebrite and a seasoned expert in digital forensics and eDiscovery, emphasized the importance of AI in managing and preserving data. He noted that AI can help legal teams by providing critical feedback and positioning them for success.

Real-World Applications

One of the key benefits of AI-powered media classification is its ability to handle complex and large-scale investigations. For instance, in cases of intellectual property theft, AI can quickly identify and categorize media files that may contain sensitive information or trade secrets. This capability is particularly valuable when dealing with massive datasets, where manual analysis would be time-consuming and prone to errors.

Jared Barnhart, head of customer experience strategy and customer advocacy at Cellebrite, shared insights from his extensive experience in mobile and digital forensics. He highlighted how AI can assist investigators in identifying patterns and anomalies within media files, ultimately leading to faster and more accurate conclusions.

Enhancing Efficiency and Accuracy

AI-powered media classification accelerates the investigative process while  also enhancing accuracy. By automating the classification of media files, internal investigators and legal teams can reduce the risk of human error and ensure that no critical evidence is overlooked. This technology can also help prioritize the most relevant files, allowing investigators to focus their efforts on the most promising leads and getting the best outcome for their case.

AI can also help uncover hidden connections and relationships within the data. For example, it can identify recurring patterns or similarities between different media files, providing valuable insights that may not be immediately apparent through manual analysis.

Conclusion

The integration of AI-powered media classification into digital forensics is changing the way investigators approach complex cases. By leveraging advanced algorithms to analyze and categorize media files, AI enables investigators to uncover evidence faster and more accurately than ever before. As this technology evolves, it will continue to play a vital role in ensuring legal teams and internal investigators are empowered with the latest tools to help them drive efficient cases.

Check Cellebrite Enterprise Solutions’ latest webinar to hear more from Andy and Jared on this topic. Explore Cellebrite’s AI-powered capabilities in Inseyets for Enterprise here.

Cellebrite Unveils Spring 2025 Release To Accelerate Global Investigations

AI and Cloud as Strategic Foundations for the Next Era of its Digital Investigation Platform

Cellebrite today announced its Spring 2025 Release, featuring a new cloud foundation and AI-powered innovations across its portfolio. These enhancements are already playing an important role in helping customers modernize their digital workflows, speed up their investigations and elevate operational productivity and efficiency.

The Spring 2025 Release introduces the Cellebrite Cloud, which delivers a purpose-built user experience that scales investigative capabilities and accelerates decision-making across public safety, intelligence and enterprise sectors. As digital evidence continues to grow in volume and complexity, investigators now spend an average of 69 hours per case reviewing data. Cellebrite’s technology reduces that burden by delivering AI-powered productivity and efficiency across a secure, unified cloud infrastructure powered by AWS—while always keeping human expertise and engagement at the center. With more customers adopting a broader range of the Company’s integrated portfolio, Cellebrite is evolving its Case-to-Closure (C2C) Platform into the next-generation Digital Investigation Platform.

“Helping our customers navigate the growing complexity of digital evidence is at the core of what we do,” said Ronnen Armon, Cellebrite’s chief product and technologies officer. “More teams are rethinking how they approach digital evidence, and we’re introducing innovations to support that shift. Cellebrite Cloud enables a more efficient and secure approach to digital investigations, meeting teams where they are today and partnering for the future – whether it’s on premises, the cloud or a hybrid workflow.”

The Spring 2025 Release includes the following innovations, all of which are supported by expert consultative services to enable faster time to value:

  • Cellebrite Cloud, a new foundational layer across Cellebrite’s SaaS portfolio, brings consistent and purpose-built experiences, AI-powered productivity, advanced security and compliance and a framework for integrations.
  • Inseyets, Cellebrite’s flagship digital forensics software, introduces advanced media analysis capabilities—leveraging AI-powered forensic insights and pattern recognition to accelerate evidence review and understanding.
  • Guardian, Cellebrite’s evidence management solution, now includes timeline review and AI-powered search built on Cellebrite Cloud to surface hidden connections, streamline case organization and accelerate investigative workflows. Guardian continues to gain strong traction across agencies.
  • Smart Search, the Company’s single-click, SaaS-based intelligence offering for investigators, built on the Cellebrite Cloud, adds a new dashboard that highlights data connections and notable insights from publicly available sources, helping investigators gather online intelligence on people and organizations of interest more efficiently at the early stages of a case.
  • Pathfinder, the AI-driven investigative analytics solution trusted by leading law enforcement agencies, introduces automated transcription and translation workflows, simplifying the review of audio and video artifacts.
  • Endpoint Inspector, Cellebrite’s remote collection solution for enterprises, now offers Cellebrite Cloud-based mobile decoding that transforms mobile data into a review-ready format—eliminating the need for additional processing and integrating seamlessly with review platforms.

Cellebrite’s technology is used in more than 1.5M investigations globally each year, equipping more than 7,000 customers worldwide to resolve legally sanctioned investigations of child exploitation, homicide, anti-terror, border control, sex crimes, drugs and other organized crime, human trafficking, fraud, intellectual property theft, financial crimes, internal investigations, eDiscovery cases and more, while ensuring compliance with agency protocols and various regulatory requirements.

About Cellebrite

Cellebrite’s mission is to enable its global customers to protect and save lives by enhancing digital investigations and intelligence gathering to accelerate justice in communities around the world. Cellebrite’s AI-powered Digital Investigation Platform enables customers to lawfully access, collect, analyze and share digital evidence in legally sanctioned investigations while preserving data privacy. Thousands of public safety organizations, intelligence agencies, and businesses rely on Cellebrite’s digital forensic and investigative solutions—available via cloud, on-premises, and hybrid deployments—to close cases faster and safeguard communities.  To learn more, visit us at www.cellebrite.comhttps://investors.cellebrite.com and find us on social media @Cellebrite.

Media

Jackie Labrecque

Sr. Director of Corporate Communications + Content Operations

jackie.labrecque@cellebrite.com

+1 771.241.7010

Investor Relations

Andrew Kramer

Vice President, Investor Relations

investors@cellebrite.com

+1 973.206.7760

AI And eDiscovery: A New Era In Legal Technology

Artificial Intelligence (AI) is no longer a distant future technology but an integral force driving change across multiple industries, including the legal sector. Specifically, AI is revolutionizing the practice of eDiscovery, where legal professionals face the daunting task of managing vast quantities of electronically stored information (ESI). As data continues to grow at an exponential rate, AI has emerged as an essential tool in making eDiscovery more efficient, cost-effective and accurate.

This article delves deeper into the significant ways AI is reshaping eDiscovery processes, with a focus on recent developments, key technologies like machine learning, natural language processing (NLP), predictive coding and ethical considerations in AI’s legal applications. We will also explore the practical implementation of these technologies and discuss the evolving future of AI in legal discovery.

1. The Shift Toward Automation in Document Review

Document review has historically been one of the most labor-intensive and expensive phases of eDiscovery, often requiring large teams of legal professionals to sift through millions of documents in search of relevant information. With such a high volume of data, the risk of human error and oversight can be significant. AI is reshaping this aspect of eDiscovery by automating large portions of the review process and increasing both speed and accuracy.

Machine Learning and Predictive Coding: Predictive coding, a subset of machine learning, has become one of the most transformative AI technologies in eDiscovery. It allows legal teams to train a machine learning model to recognize patterns in data—specifically, to categorize documents based on relevance. Legal professionals mark a sample set of documents (typically a small portion of the dataset) as relevant or irrelevant, and the AI system uses this data to “learn” and categorize new documents.

Predictive coding is highly effective in reducing the volume of documents that require manual review. It allows legal teams to prioritize the most relevant documents, significantly shortening the time required for document review and reducing associated costs. The AI model continually refines itself as more documents are reviewed, a process known as continuous active learning (CAL), ensuring increasing accuracy throughout the review process.

Case Example: Da Silva Moore v. Publicis Groupe

The adoption of predictive coding gained momentum following the Da Silva Moore v. Publicis Groupe case, which marked a pivotal moment by being the first federal case to formally approve the use of this technology for discovery.

In this case, predictive coding was employed to sift through over three million emails, achieving an impressive 86% accuracy rate in identifying relevant documents. This drastically reduced the time and expenses typically involved in manual document review, showcasing the technology’s effectiveness in streamlining eDiscovery processes.

Recent Development: Companies like Relativity have integrated predictive coding into their platforms, providing legal teams with powerful tools to scale up eDiscovery reviews. These platforms offer features like CAL, enabling the system to update categorization models based on ongoing review, improving efficiency and accuracy in real time.

2. The Role of Natural Language Processing (NLP) in eDiscovery

Natural Language Processing (NLP) is an AI technology that enables machines to understand and process human language. NLP is having a profound impact on eDiscovery by enabling legal teams to extract meaningful insights from vast amounts of unstructured data, such as emails, contracts or social media communications.

Entity Recognition and Sentiment Analysis: NLP tools can identify key entities—people, organizations, dates and locations—in large document sets. This capability is invaluable in helping legal teams focus their efforts on critical documents and ensure they do not miss key information. Additionally, sentiment analysis powered by NLP helps legal professionals understand the tone of communication, which can be crucial in cases involving defamation, fraud or other emotionally charged disputes.

Document Summarization: NLP is also being used to generate concise summaries of lengthy documents, reducing the need for manual reading and allowing legal teams to focus on key points. By scanning through large datasets, AI models can identify relevant clauses, terms or references in contracts, speeding up review cycles significantly.

Example: Dentons has developed an AI platform for contract automation that incorporates NLP to interpret and automate contracts within the Contract Express system. This technology enables the AI to understand and process contract language, reducing the time needed for automation. The platform is designed to be user-friendly, allowing lawyers with minimal technical expertise to automate contracts efficiently. The use of NLP is central to the platform’s ability to work with various languages and streamline the contract drafting process.

3. Scalability and Efficiency: Reducing Costs and Increasing Productivity

As the volume of data continues to expand, traditional methods of handling eDiscovery become increasingly unsustainable. AI’s ability to scale up processing capacity without increasing the need for human resources makes it an indispensable tool for law firms and in-house legal departments dealing with high volumes of data.

Automating Routine Tasks: Legal teams can automate tasks that would traditionally take hundreds of hours of human labor, such as document classification, keyword searches, and data extraction. By automating these processes, AI allows legal teams to allocate their time and resources toward higher-value tasks, such as formulating legal strategy, client engagement and expert consultation.

Cost Efficiency: In terms of cost savings, AI-powered solutions have proven to be highly effective. By reducing the amount of time required for manual document review, AI can reduce costs associated with hourly billing, freeing up resources for more strategic legal work. For example, using AI to handle the initial review phase allows firms to pass on the cost savings to clients, making their services more competitive.

Example from the Field: JP Morgan Chase has transformed its contract analysis process with the introduction of its AI-powered system, COIN (Contract Intelligence). This technology uses natural language processing (NLP) and machine learning to swiftly analyze complex financial documents, drastically reducing the time and costs associated with manual reviews. COIN enhances accuracy, consistency and scalability, while helping the bank ensure compliance, manage risks and improve customer service. By automating the analysis of contracts, JP Morgan Chase has set new industry standards for efficiency and precision, underscoring the pivotal role of AI in reshaping financial services.

4. Ethical Considerations: Bias, Accountability and Compliance

As AI continues to reshape the legal landscape, it brings with it a host of ethical and regulatory challenges. The deployment of AI in eDiscovery raises critical questions about transparency, bias and compliance.

Mitigating Bias: One of the key ethical issues with AI tools in eDiscovery is the potential for algorithmic bias. AI models are only as unbiased as the data they are trained on, and if historical datasets contain biases, AI can unintentionally perpetuate them. In legal contexts, this can result in unjust outcomes, such as biased document classification or the exclusion of relevant information.

Regulatory Compliance: As AI tools handle increasingly sensitive data, compliance with legal standards—such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the U.S.—becomes a significant concern. Legal teams must ensure that AI tools respect privacy laws and adequately protect sensitive information during eDiscovery.

Transparency and Accountability: Ensuring transparency in AI-driven decision-making is vital, especially when AI tools are involved in legal proceedings. Legal professionals must understand how AI systems make their decisions to provide accountability and ensure the accuracy of the results.

5. The Future of AI in eDiscovery: What’s Next?

As AI technology continues to evolve, its potential applications in eDiscovery are only expanding. We are seeing the development of more advanced AI tools that not only support predictive coding and document review but also provide deeper insights into case strategy, legal research and even predictive analytics for trial outcomes.

Generative AI and eDiscovery: The rise of generative AI technologies, such as GPT-based models, is opening new frontiers in legal discovery. These systems are capable of generating human-like summaries of documents, suggesting case strategies and even providing automated legal research. As these tools become more refined, they will further revolutionize the way legal teams approach eDiscovery.

Integration with Legal Analytics: AI is also increasingly integrated with legal analytics tools, enabling legal professionals to predict case outcomes based on historical data. This integration will empower legal teams to make more informed decisions, predict the trajectory of litigation and optimize case strategies based on data-driven insights.

Conclusion: Embracing the Future with AI in eDiscovery

AI is undeniably transforming the eDiscovery process, offering significant improvements in efficiency, accuracy and cost-effectiveness. With its ability to automate document review, process vast datasets and extract actionable insights from unstructured information, AI is helping legal professionals tackle the growing complexities of modern litigation.

As AI tools continue to advance, the legal industry must address important ethical, compliance and transparency issues to ensure that AI is used responsibly and effectively. By embracing these technologies, law firms and legal departments can not only streamline their eDiscovery processes but also gain a competitive edge in an increasingly data-driven legal landscape.

The future of AI in eDiscovery promises even greater innovation and efficiency, from predictive analytics to advanced legal research. For legal professionals looking to stay ahead of the curve, understanding and adopting AI-powered solutions will be essential for navigating the challenges and opportunities of tomorrow’s legal world.

About Cellebrite Enterprise Solutions

In a world that’s evolving rapidly, Cellebrite Enterprise Solutions looks beyond the horizon to design solutions to keep data within reach, transform it, and reveal important insights to protect your business and employees. From headquarters to home office, eDiscovery professionals and corporate investigators can access endpoints anywhere with Cellebrite’s enterprise solution offerings.

AI Unpacked: Magnet Forensics’ New Series On AI In DFIR

Register for AI Unpacked

The following transcript was generated by AI and may contain inaccuracies.

Si: Hello everyone and welcome to the Forensic Focus podcast. Today, we are delighted to be joined by Brandon Epstein from Magnet. Brandon is joining us from a hotel, so if you hear some weird noises in the background that’s the exciting life that he’s leading being somewhere at the moment. Is this a carryover from the Magnet conference or is this something else?

Brandon: Actually it’s funny. I was telling people I love the User Summit so much and I love Nashville so much, I just decided to stay and move here. We’re actually in the process of moving and we’re in a hotel waiting to move into a house right outside of Nashville here. It would be easier commute for the User Summit next year. But I’m still about 25 minutes south of Nashville right now.

Si: Wow. That’s really cool. Nashville being obviously one of the places that most of us outside of America have actually heard of. I’m very excited for you. That’s brilliant. And how did the User Summit go off this year?

Brandon: Awesome. Incredibly well, like every year. I think it’s actually one of my favorite events of the year, not just because they pay me to say that and they sign my paychecks, but really because it is such a unique event where the energy you find there is hard pressed to find at any other conference.

Just that mix of those working in the industry to provide the software solutions and the people actively using those solutions get everybody together in the same room. It’s so unique and the chance to share information both ways – from the product advisory councils that show up on Monday to provide information that drives product development as well as sharing user information or sharing tool development information, software information, and also tool agnostic things with the end user. It’s a fun week and then the nightlife’s okay.

Desi: That sounds like a massive undersell, but I get you want to highlight the conference. I always find personally like conferences are always fantastic, whether they’re vendor or not. I haven’t had the chance to go to the Magnet one yet, but I’m sure that I would love to one day and it sounds really fantastic.

But it’s always the networking, it’s the people that you get to meet in person because so much like us now, like we’re talking over Zoom. But when you’re in person you just get so much more benefit. I think that we neglect that some days and that’s really something that a lot of people are missing out on.

Brandon: I think the ability to get some great information during the day, and then I’ll just leave it at the fact of live music and a mechanical bull night really tries to draw people together. I remember giving a talk recently this year at the American Academy of Forensic Sciences to new grads and people first coming into the industry.

My advice aside from the normal is really never be the first one to bed. Always make those connections over a meal or just having a cup of coffee or a drink. You meet lifelong friends that you see maybe once, twice a year at a conference like this. But you also are able to just reach out with, “Hey, have you seen this artifact before?” Building that network really is so much of the importance of having these events.

Desi: Yeah, definitely. And the advice that I give is don’t sit in the lecture theater if you are doing one after the other. Get up, stretch your legs. But go grab snacks – that’s what I love about conferences as well. There’s always a stock snack table somewhere that you can go get.

If you walk up and you just stand next to someone, you’re like, “Oh, hey what do you do?” The opportunities that I’ve gotten from just randomly talking to someone at a snack table because we both love snacks, is phenomenal.

Si: Absolutely. Common shared interest. And that common shared interest is food. I love it. The last conference I was at, I was very well equipped with bacon sandwiches, so that was a very good thing. So anyway, Brandon you work for Magnet now. What’s your background that’s gotten you to this place in your life and moving to Nashville?

Brandon: My background really starts in February 2014. I was working as a major crimes detective in a municipal police department in New Brunswick, New Jersey where we started really seeing a lot more digital evidence and video evidence becoming more prevalent in our cases.

Being the junior guy in the unit, I was tasked with doing a lot of this work of acquiring and maintaining predominantly video evidence from CCTV and then working with it. I realized that we were really ill-equipped to deal with it at the time. So I went to the bosses and I said, “Hey, there’s gotta be a better way.”

I must’ve annoyed them enough. They said, “All right, go ahead and figure out a better way.” We ended up taking some forfeiture funds, which we had in the most ironic ways. I worked a recent case back then about pirated CDs and DVDs where a contract investigator for the recording industry brought to our attention the proliferation of pirated Mexican bachata music in downtown New Brunswick.

We seized a lot of cash, and we used that money to buy our very first video forensic system and me some training. To Desi’s point, I still remember meeting a fantastic gentleman there who’s unfortunately no longer with us from Sweden who traveled for the class, and him turning me onto an organization called LEVA, the Law Enforcement and Emergency Services Video Association.

He said, “If you want to get serious about it, go find some training” and that’s what I did. I dove headfirst into the LEVA training, going to all four LEVA levels, getting involved in mobile forensics, attending some mobile training. And this kind of ties right back to it – during one of those LEVA classes, another great guy named Gene Henderson who retired from Texas DPS many years ago.

We were sitting at dinner one night and he said, “You really should get involved in SWGDE (the Scientific Working Group on Digital Evidence).” I said, “I haven’t been doing it this long.” He said, “No, you have something to say. You should show up and let your voice be heard.”

He encouraged me based upon a shared love of food. It wasn’t just snacks – it was a full meal and maybe a couple beers too. But I started to get involved in SWGDE, furthering my network and meeting many great people there, including some professors from the National Center of Media Forensics (NCMF) at the University of Colorado, Denver.

At the time I had a high school education. I remember saying to them, “I’m gonna go back, finish up college. I had a few credits left, and I’m gonna be your student.” So I ended up going back, finishing up college, working on a master’s at University of Colorado, Denver, in the NCMF program.

My master’s thesis was looking at video file structure and how it changes through iOS device transmission. A few years earlier, another great friend and colleague of mine, Bert Lyons, had shown me some research he was working on regarding file structure.

I nodded and smiled and said, “Oh, that’s really interesting,” but I didn’t quite understand it until it came time for me to look at it. I called up Bert and I said, “Hey, was this what you were talking about?” And he said, “Yeah, we built a prototype around that, a tool around it, at the time it was called MedEx and asked if I wanted to use it for my research.”

I remember talking to him literally two days later saying, “You have no idea what you have here.” Bert’s background is in library information science, very steeped in the digital archival world, but doesn’t really have any connection to digital forensics and law enforcement.

I said, “Listen, this is gonna make an immediate impact on media authentication, ICAC cases, CAM investigations, ICE investigations – there’s a lot of good that could be done with this.” So we ended up talking more and eventually launched a commercial tool called Medex.

The three of us – myself, Bert Lyons, and Dan Fisher – were the founders of Medex Forensics, which was then acquired by Magnet in August of last year. That tool has now been rebranded as Magnet Verify. And that’s my path to Magnet.

What I work on now – they’re not gonna take my hands out of the media authentication space because I have too tight of a grip on there and I like it too much to leave it alone with my crazy product ideas. But I’m doing a lot more work with our Idea Lab and the AI team, bringing the exam review point and the forensic application of what can be done within AI.

I like to stay active. Especially with my role at SWGDE, I currently chair the organization and my viewpoints and ways I think that we can deploy AI responsibly and do it in a way that is demonstrably reliable for a specific purpose. That’s where my role fits in now at Magnet, aside from media authentication, taking on more of how we could effectively, responsibly and reliably deploy AI.

Desi: Are there any kind of developments, because we talk about the deployment of AI quite a lot, both from a tools perspective and use by criminals. From your perspective, is there anything that you can share at the moment of what you’re working on or what’s already out there with Magnet and your division?

Brandon: Just to be clear, we have a team of product developers and engineers. I’m not actually the one with my fingers touching the keyboard to write any kind of code. There’s a lot of things that were set in motion and a lot of great stuff that they’re doing beforehand, before my involvement.

I’m really like the traffic cop at the intersection that gives the information back from the field to our developers and then helps relay that information to the field to explain which direction we’re going and making sure that it’s doing so in a way that actually has purpose.

Within the most familiar tools that we look at within Magnet – within Axiom is the Copilot feature where we have some advanced search, some natural language search features across outputs from cell phone exams or computer forensic exams. Really creating those efficiencies for the investigator.

We’re gonna start seeing a lot more of that in the future in Magnet Review to be able to create those efficiencies. I think it’s important to contextualize that because there is a big need. AI could be a time saver in many ways, but I think it creates some efficiencies in investigative outputs because it will provide us information that we would typically use in an investigation.

Not necessarily something where it’s gonna result in a forensic examination or opinion. The things I just talked about, in Review and Axiom are more in investigative outputs. Within Verify, we’re deploying AI in a different way – not generative AI, but machine learning in a way that is used as evidence with demonstrated reliable, probabilistic output from a classifier.

It has the signed error rates that meets the evidentiary standards to be able to introduce AI or machine learning evidence in court.

Si: Is that in an adversarial concept to verify or to at least attempt to identify the products of other AIs? Are you using it in that capacity?

Brandon: Within Verify, it’s not necessarily just identifying AI generative material, though that’s the biggest concern right now. It’s more about creating context for the creation of media files, whether video or images. How is this file created? What encoders, what software is used? Is this original to a device that it was acquired from?

If not, what touched it? What did it pass through? The probabilistic output really is taking a combination of what we know about our patented method of file structure analysis, which is really deterministic. It’s like a fingerprint for video encoders.

That gets you down to maybe 20 different encoders. If we want to look at which one is most similar, that’s where the probabilistic results come in. It differs from what we’re doing in Axiom because in Axiom it’s that investigative output.

Let’s say I ask Copilot in Axiom, “Can you tell me if there’s any evidence of drug use on this phone?” That’s really an investigative lead that somebody’s gonna look and review and use to say, “All right, I need to talk to this person, or I need to charge this person.”

The AI didn’t really give me the results. The AI told me where to go look for the actual data, and I read the data itself. I didn’t just look at the AI telling me that John Smith is dealing drugs. AI said, “Hey, there are some text messages here that are indicative of drug dealing.”

It gives me a citation to it, and I went and read those text messages. The AI isn’t telling me what it says, I’m reading it the same as I would without it. Where in Verify it’s providing that output saying that this unknown file is, out of all the 125,000 plus files in a reference library, most similar to Runway Gen 3 synthetic encoding.

That pushes past what a human is capable of, which I think is unique to that product, to that approach. And we do so in a way that we can discuss what the error rate is, how we articulate that probabilistic output and effectively use it in court.

That’s what’s missing in a lot of AI applications. I think the forensic community has done a good job of deploying probabilistic results from AI output. But I think a lot of people think AI results and they immediately think ChatGPT or other similar tools that aren’t necessarily built for that forensic approach.

It’s probably not the best idea to dump a spreadsheet or a list of cell sites into ChatGPT and have it map this out.

Desi: You mean we can’t get Midjourney to create a sketch of the suspect if we don’t know who they are?

Brandon: Yeah, that’s right!

Desi: I see you’re about to give a webinar series on “AI Unpacked” with Magnet. That looks like it starts on April 16th, and then there’s two more follow-ups on May 14th and June 18th. Maybe you could give us a rundown of what you’re going to be covering.

Brandon: I’m really excited about this webinar series because everybody’s interested in AI and how it works and how they could use it in their work, or should they use it in their work. There’s a lot of opinions out there and I think the goal is not necessarily to say should you or shouldn’t you, but to allow you to make informed decisions by providing good, responsible, reliable information.

That’s the goal of “AI Unpacked” in that webinar series. We have six planned for this season, at minimum. It really starts with that first episode that airs on April 16th. Those that were at the User Summit a couple weeks ago actually got a sneak peek of this.

I participated in Magnet’s product advisory councils Monday morning, gave this talk Monday afternoon, and I heard these really sharp, fantastic examiners talking about these concepts of AI. As a forensic examiner (and I get in trouble using the term interchangeably – “we” as forensic examiners, “we” as Magnet Forensics, so I’m trying to differentiate) – these great forensic examiners were talking about concepts which are not foreign within the AI world.

The only reason I know about them is because I’ve been working in the space for a bit and have had to learn them. Later that day I could say, “What we were talking about just then, this is the concept, this is what it’s called, and this is how it’s defined.”

Just trying to build that knowledge base of what the underlying methodologies are in AI and how it’s applied to digital forensics. So that’s really what episode one is – just that introduction. Let’s go over definitions, let’s go over basic concepts of how we evaluate.

I keep going back to probabilistic outputs. I think it’s probably the best way to describe what we talk about when we talk about AI outputs. It’s not an absolute certainty. It’s not like “I found this artifact at this specific file path location.” This is a probability of what this result is.

Even on the investigative side, did this person talk about drug use? The responses aren’t absolute certainties. With some degree of certainty this person probably talked about drug use, but it’s incumbent upon the actual examiner to go and look at that.

That’s really what we’re talking about in that first episode – to define what we have to understand about AI to then make informed decisions about it. We’re going to build on that from there.

The other two episodes that are up on the website right now are really diving into the guiding principles of AI development within Magnet. I want to put that right up front because I think it resonates with our user base that we’re not doing this just to do it. It is very transformational.

I said this at the User Summit in 2024 when AI was really becoming popular – this is a tremendously interesting time for us in digital forensics, both in terms of what we could do with software and what we have to analyze based upon this new technology. It really is transformational.

But I want to highlight the steps that we take as a software developer and really say, this is the thought process that goes into what we should develop, how it gets developed, how we do it reliably, and how we approach that. It’s a written guiding principles document that they take very seriously.

It wasn’t developed overnight. If you’ve ever looked at a document that has a lot of changes in a shared drive, it looks like a multicolor rainbow of words.

Desi: Takes five minutes to open because it’s loading all the comments.

Brandon: Yeah, exactly! Let’s start slow, let’s hide all changes and ease into this a little bit.

And then the third one that’s on there right now, which I think is probably the most interesting to people, is really the intersection of AI and the law. How do we responsibly implement this in our workflows? At the end of the day, we are all forensic examiners.

When it comes time to use this as part of an exam, what is the appropriate use for AI in our investigations and examinations to demonstrate reliability for court? And when do we say that it’s not appropriate for that? It’s not all things in all ways.

Si: Pulling you away from Magnet for a second, I’m sure SWGDE is doing something particularly interesting in that regard, being a fairly definitive source for the industry as a whole in the US and quite influential in the UK as well. We take SWGDE documents and correct the Zs to Ss and change some of the spelling around. But apart from that they’re really good. Where’s SWGDE sitting on the AI front at the moment?

Brandon: Great question. Our next meeting will be in May. In January of this past year, we stood up an ad hoc committee specifically to address AI. There was a tremendous amount of work done in the January meeting.

I couldn’t be more thrilled about where this document’s going on the initial use of AI within digital forensics. It will provide that resource not only to the digital forensics community, but for manufacturers to say this is what the community needs in order to demonstrate reliability in what you’re providing to us.

That’s very much in the works. I don’t know if it will be out for public comment at the end of May. I feel more confident that it will be out for public comment at least by the end of the September meeting. To get consensus-based documents created in six to nine months is actually a pretty quick process.

Desi: For our listeners that don’t know the acronym SWGDE, I had to look that up myself – Scientific Working Group on Digital Evidence. Maybe you could give a quick background on what that is for non-digital forensics people.

Brandon: I apologize. I should have led with that. The Scientific Working Group on Digital Evidence is a standards development organization that sets best practices and standards for how things should be done in digital forensics.

Whether it’s how to acquire media from a cell phone, or best practice for image authentication, or best practice for audio enhancement – it covers basic computer forensics, cell phone forensics, cell site analysis, forensic photography, audio forensics, video forensics, and provides solid reference material.

The importance of it is that it’s consensus-based. It’s not one person saying, “This is the way it should be done.” It’s a group of people that write the document together. That document goes out for public comment, and the result is really strong reference material that has been influenced by a wide range of practitioners.

Both public and private sector, academia, attorneys – the private sector plays an important part in providing that information for the community. That’s essentially what SWGDE does.

Desi: For our listeners as well, Brandon’s the chair of that and they have about 80 member organizations ranging from government agencies to private organizations like Magnet Forensics, Cellebrite – everyone coming together to help provide those standards.

Brandon: Exactly. It helps drive how examinations should be handled, how an investigation should be handled. It also provides great feedback to the tool developers. We can see that recently through a document that involves acquisition as preservation where you see two of the most major cell phone tool manufacturers developing methods to provide examiners ways to rapidly acquire or preserve data.

We know data can change rapidly on cell phones, and that feedback is directly related to what was published from SWGDE.

Desi: Fantastic. We’ll post the links in the show notes along with the webinar and everything else. I can already see there are some awesome resources you can go and grab straight from there.

Si: It’s fascinating actually. I came across SWGDE through LEVA the same way as you did. I did all four courses in one year because we’re insane. There’s no sane way of going about doing that! But I got hold of SWGDE through that.

It was very fascinating to see how, because I’ve been doing digital forensics and computer forensics for a very long time before I started doing video forensics. I went and got all the video forensic training because LEVA obviously teaches to it and works with SWGDE.

But then looking at the digital standards for computers, I realized what a wonderful baseline it is for best practice. What we have here are the ACPO guidelines, the Association of Chief Police Officers, for handling digital evidence. It was all very similar – it’s best practice, but it’s so well documented, so well written, and updated frequently.

As you say, there’s lots of input to it. You send these things out for comments, and it’s not closed. It’s open to anybody who wants to comment, whether you’re in the UK, whether you’re a member. If you are capable of inputting to it, you can. I think that’s a wonderful way to approach it. It gets us to the best place.

Brandon: Obviously I’m a true believer in the power of it. I started out in my digital forensics journey as a one-person lab in a municipal police department in an urban area in central New Jersey. I didn’t have a ton of resources.

I read the documents to say, “All right, how should I be doing this? Do I have to develop a policy? How do I develop that policy?” Then, starting to go to those meetings, I met lifelong friends that I still talk to on an almost daily basis.

The organization as a whole I think is one of the greatest aspects of the digital forensics community. I might be biased, but I’m proud of the work we’re doing. About the comments you mentioned – we encourage those, and they don’t just come into the committee to be adjudicated.

Everybody looks forward to them, and every single one is discussed and sometimes debated to see how we can improve those documents. Every person that comments gets a response, such as “Thank you, we’ve improved this based on your feedback” or “We understand where you’re coming from, but the document already says this.”

Every comment gets addressed and logged. The submitter is notified – it doesn’t go into a black hole. You’ll get notified about how it all pans out.

Si: How is SWGDE funded as an organization?

Brandon: Good question. SWGDE historically was funded by some US federal government agencies that no longer do that. A few years ago, SWGDE became officially a 501(c)(3) charitable organization, a nonprofit.

Right now we have a couple different grants from NIST here in the US that provide some funding to operate the website as well as…

Si: Sorry, just before you go any further, NIST is the National Institute of Standards and Technology. We deal in acronyms!

Brandon: Yes, dollar to the acronym jar! The National Institute of Standards and Technology. NIST has a couple different grants that allow us to keep the website up as well as, most importantly, help pay for travel funding for small businesses, whether private or government, that can’t afford to send guests and members to the meetings.

Our SWGDE meetings are in person. We actually found that during COVID when we went virtual, productivity decreased, which was a bit of a surprise. But I understand it after seeing it – you can’t lock 8-10 people in a room and have them focus on something virtually.

If you’re in the office or appearing virtually, somebody’s always getting pulled out and then coming back in. Inherently you work on something and then somebody that’s stepped away for half an hour comes back and says, “Wait, I have an issue with that word three paragraphs ago,” and now we’re back to that, as opposed to everybody locking in and getting it done. It’s actually a much more efficient method.

We also have support from some great people in the private sector through sponsorships. Magnet Forensics is actually our platinum sponsor, long before I went to work there. It really was a phone call that I took from a colleague at Magnet on the way to the airport after we first decided to take on corporate sponsors.

It wasn’t a decision we entered into lightly. There are very rigid rules – there’s really no influence. There’s not much you get out of the sponsorship, aside from saying, “I want to support the work that’s being done.”

I said, “You’re going to get an email from our sponsorship committee saying that we’re accepting sponsorships.” The immediate response was, “What’s the top level sponsor you have? How much is it?” I told them, and they said, “Put us down for it. We’ll square this away next week.”

They were immediately on board, no questions asked, because they really believed in the work that’s going on there. It makes me feel warm and fuzzy that the industry is being supported that way.

Si: Our industry is very interesting. On the one hand, there are people like Magnet – and I’m not picking on Magnet in any sense – that are software vendors. That’s what you do. If you look at the way the industry works for other software vendors, the soonest they can get one over on their competitors and get an advantage and market share, the sooner it happens.

In forensics and in our industry, it seems to me that everybody, because we come into this with a desire for justice, a desire for the right things to happen, actually seems to be very willing to collaborate, work with each other and get stuff to happen. It’s a great place to be, a great place to work.

Brandon: 100%. The people that you meet here, whether it’s software vendors or others – that conversation I mentioned with Magnet wasn’t just Magnet, that was just the first conversation we had. The amount of software vendors that said, “We want to support this” – you can go to the website and look at the list, it’s pretty incredible.

Going out to events and conferences, some of my closest friends work in the software community, some work in the forensic examiner community. I’ve never met an industry where – and I’m not trying to sound cool by saying this – it’s a different vibe within the digital forensics community.

I’ve never met people that are more open and willing to help and willing to help elevate and help a lesser experienced examiner or investigator step up and improve their skillset and just openly share information than in digital forensics. It’s such a unique and great place to work.

Si: So on the Magnet front, we’ve talked about Magnet Verify. What else is going on? Magnet is a large vendor with many products. What else is coming up on the Magnet radar at the moment? Axiom, Automate, GrayKey of course – everybody loves GrayKey, if you can get a license for it, because that’s quite locked down, isn’t it?

Brandon: We have GrayKey for the private sector as well. That’s getting outside my area of expertise, aside from being a GrayKey user for many years as a forensic examiner. What I’m most excited about, aside from the AI development (because I have my hands in there), is how much crime we’ll solve and the accuracy we’ll get.

We’ll achieve things that we don’t even comprehend now with AI, which I think is going to be incredible. On the acquisition side, there are some pretty exciting things coming out soon from the folks on the GrayKey side of the house, as well as vehicle forensics and acquisition.

Coming from my MedEx background, we were developed as a SaaS platform, natively cloud-based to start with. There’s a desktop app as well, but starting to see our tools like Review that are cloud native or the ability to work in more of a platform approach where I could move data around without having to get it onto a thumb drive and move from one computer to the next.

Then leveraging a whole bunch of different analytics tools in one unified platform, which we’ve called Magnet ONE. Looking to the future, I don’t want to paint this rosy picture, but the sky’s the limit. You unlock yourself to do so many more things when you start looking at this holistic cloud platform approach.

If I have this data, I could start running any kind of analysis on there. A lot more becomes available because it’s just so easy to move that data around. This isn’t going to happen next week – it takes development time and it’s ever-changing technology.

But aside from the AI stuff, the platform aspect of being able to leverage that and deliver some really interesting data about media forensics or media investigations to the end user or directly to the investigator based upon that platform approach – there’s a lot of power to that.

Si: I think it’s a very interesting area. My background before I came to forensics was information security. Cloud was kicking off just about when I was firmly in information security, and we were looking so much at how we protect large amounts of data in the cloud.

I think it’s changed a great deal. The technology has changed a great deal, but also people have taken up private cloud. Large organizations have taken up private cloud much more, which gets rid of some of those fundamental issues we were facing. You can’t put police data onto Azure because that’s just a really bad idea.

But if police forces have their own secure data centers and are running things, then we can start to do some more interesting stuff. For me, it was always the instantaneous scalability of cloud. I’ve got this thing, I need it tomorrow, let’s give it 4,000 processors and 20 gigabytes of RAM and we can have that in an hour’s time.

It’s going to cost a small fortune, but if that’s what’s necessary, you can do it. That massively distributed concept of computing I thought was fantastic.

Brandon: As you’re saying that, I’m thinking to myself and putting my government hat back on – I can only imagine how long it would take to purchase a system that I needed, where I could just spin up something in the cloud.

The story I tell people about IT infrastructure in a government agency is, there were so many times that we would have to go back and start from scratch with a quote, because by the time we got approval to purchase, the thing we wanted was actually obsolete and no longer offered.

That’s how long it takes, whereas you can say, “I have this cloud system where I could spin up as many workers as I need” or this kind of unlimited aspect without having to procure hardware and maintain hardware. And living through more than one ransomware attack in a local government agency, I feel more secure about putting my data into Azure or AWS than in the server in the basement of the PD.

Si: My favorite procurement story is actually from when I used to work at Cancer Research in the UK. One of our researchers had figured out that he had a company credit card to let him spend up to 10 grand at a time.

Brandon: I like where this is going.

Si: And he discovered that a blade chassis cost 9,000 pounds and each blade cost 9,000 pounds. So he basically bought a chassis and bought the blades without getting any authority whatsoever, just in 9,000 pound increments, for something that worked out to about 120 grand’s worth of system at the end of the day.

There were occasionally ways and means around these things.

Desi: Mine was very similar. Being in the Air Force, we were trying to do what this cloud stuff is – have a centralized server to have the horsepower on the back end to do the investigations and then have the endpoints just give the results.

I remember submitting the paperwork for the purchase order and then also the sustainment immediately. My boss was like, “Why are you submitting the sustainment?” I said, “It’s going to take us about 18 months to get the purchase order fully approved up the chain.”

“So the sustainment needs to be signed off because it’s already going to be out of date by the time we purchase the hardware.” And being in government, you have to adhere to all the patching and security requirements. I said, “We don’t want a system that’s brand new that’s already failing to meet an audit.”

He just said, “Fair enough,” and signed off on the sustainment as well. That ended up working well, though I’m pretty sure it fell out of sustainment pretty quick, like most government things.

Brandon: I think that actually even along those same lines, the three of us sitting here could absolutely immediately see the benefits. If you put 20 examiners in a room or frontline people in a room, it’s immediately yes. I think it’s going to take some education on our executives and our administration and IT people to say this is really where it’s going. I think it’s getting easier and easier to get that adoption, but it’s still a challenge.

Si: We’re filtering people through now. We’re a relatively young industry still. So people who are in a position of authority now and have worked their way up, haven’t necessarily seen all of the technologies that have come since they left operational service.

That’s gradually becoming less and less of an issue as people retire out the top and people get promoted up and explaining this. And also even if they haven’t had operational experience of what we are asking for, they at least have the language for us to be able to go and talk to them about it.

I think it’s certainly something which is becoming more common that people understand and are able to deal with, but also I think there’s a wider recognition now that it’s actually important. I think before it was easy for a senior police officer to look and go “I’d much rather spend money on putting another guy on the street because that’s gonna solve more crime.”

As opposed to now going, “Actually, you know what, if I can go through this guy’s computer and pick up another 20 drug dealers, that’s going to solve more crime.” So that realization of the way that crime works, the way that our industry works and all of that, I think is starting to be a bit more sensible now. All we’ve got to do is persuade the government that this is money that is well spent and get them to give it to us to spend it in the first place.

But next stage, hopefully we get some politicians who know what we’re talking about soon as well.

Desi: I just remember having a few conversations around cloud computing and adding that into digital forensics, probably beginning of last year. I think now, not only is the education there from vendors and also at conferences and everything else, but there’s also the use cases now, which I think weren’t around before.

So now there’s the success stories that you can point to. It becomes easier to sell because you can articulate the risk through all the education, but then you can also say, “Here’s proof that there’s benefit and here’s how you’re gonna save money and here’s how it’s used in these cases.” I think that’s getting a lot easier to sell in that aspect.

I do remember we were even on the fence – we saw the value, but then we were like, “What’s the risk?” But now I think it’s very clear in 2025 just how valuable it is.

Brandon: Yeah. I think you made a good point with conferences. I think you’re hard pressed to find a conference program nowadays in the digital forensic space where the description of the talk doesn’t involve something about AI or the cloud.

Si: Yeah, definitely. I’m thinking of the two conferences I’ve been to in the last month, and both of them had AI talks. One didn’t have a cloud talk, but the other one definitely did. That was about centralized media and CCTV media stuff, so you’re definitely right about that.

I’m going to say another interesting acquisition that Magnet has picked up relatively recently is DVR Examiner, which has been renamed to Magnet Witness. How’s that coming along?

Brandon: DVR Examiner actually is still an offering and it has evolved into Magnet Witness. I think it goes back to your background – if you ask any law enforcement executive: how often does digital evidence play a role in criminal investigation? And it’s going to be almost every case.

And of that, how much does visual media play a role in that investigation? It’s going to be almost every case. I think we’ve gone through the life cycle of originally the CSI effect, where it’s “Where’s the fingerprints?” And then we saw the OJ trial and now “I want to see the DNA.” And now we’ve migrated to “Show me what happened on video” because it’s so proliferated, it’s everywhere.

And it’s just the expectations. We live this life with so much surveillance video to actually be able to use that in our investigation. So that’s really where the DVR Examiner and Witness come in, not only for acquisition and initial analysis to be able to acquire large amounts of data and sort through large amounts of video data.

Then Witness allows you to look at that from a more individual file approach and to be able to convert and concatenate and trim files for use. A lot of the work that we do within video forensics is not really that forensic at all. It’s a lot more just processing and technician level of “Hey, I need to get this clip out for BOLO (Be On the Look Out) or to share this amongst investigators.”

Later in my career, a lot of work that I did was to prepare exhibits and demonstratives for trial. How do I take four hours worth of video and make it into a succinct five minute presentation that somebody that’s unfamiliar with an area can understand? And that’s really where Witness comes in, especially dealing with doorbell cameras with Ring, Arlo, Nest to be able to acquire those.

As we start seeing more of those, the missing piece of that – and I’ll mention this because it’s the product I’m most tied to – is Verify, which is really about proving authenticity. It goes hand in hand with that. You’re hard pressed to find a case now where we’re not seeing a concern or claim that a video file or image is a deepfake or synthetic.

How do we prove that authenticity? That’s why we need tools like Verify to be able to look at and deterministically, quantifiably say that we’re not taking a guess at it. We’re not looking at heavy signal processing to do it – we’re at scale, really rapidly using video as a data object or image as a data object, or an audio file as a data object to be able to say, “All right, this is an original recording as it’s claimed to be” and demonstrating that.

One of the things that shocked me along the way during product development is the need to demonstrate with an independent tool that video acquired by law enforcement or by the police has actually not been changed, because the officer’s word or that chain of custody is not held to the same weight that it used to.

We see agents that really need to take that step to authenticate and show that video has been unedited or unaltered, or is that camera original. That acquisition piece of DVR Examiner, the processing through Witness or the authentication from Verify is only going to be more important. I think Magnet sees a need with that and is really focusing on that media stack of products.

Si: Yeah. We are seeing a slightly different problem in the UK, or I’m sure that what you’re saying is still a problem here, but one of the issues that I’ve seen time and time again is victim self-submitting evidence.

Of course, the defendant is sitting there going, “Of course it’s a biased opinion. They’ve just accused me of something. They’ve handed this over. It’s clearly been tampered with.” And then we’ve got to unpick that, which is a thing. But the prevalence of the technology and the fact that we all carry a mobile phone camera filming everything – and then the police just go, “Oh, send it to me” – and we end up with it as evidence becomes a much harder proposition to address.

Brandon: And that’s where Verify actually really shines, especially as we start sending things through public evidence submission portals. The videos have been transcoded or images have been transcoded and metadata has changed.

Even without that, how do I know that victim-created video that’s five minutes long hasn’t been trimmed from a seven minute video? The metadata isn’t going to tell me when it comes from a submission portal because the metadata’s new. Verify, because of our unique approach, will absolutely discern and be able to say, “Is that original to that iPhone 13? Or has that been trimmed on that iPhone 13 prior to submission?”

Which is the all-important question, especially when you start talking about domestic violence issues or assault complaints where we’re relying so much on that cell phone-created evidence. Do I have the whole story? And how do I articulate that I have the whole story? That’s really where that file structure analysis in Verify really shines.

Desi: I’m not sure whether you’ve come across this at all – and this is just from my own personal interest – but any cases involving any of the new smart glasses and the video recording features on them?

From what I understand, I think the Meta ones stream from the glasses straight to your phone and then I assume straight through the app into some kind of draft format for Instagram.

Brandon: You know what, Desi, I think that you just gave me a note as the next project for our platform and engineers to look at. We have not looked at the glasses yet, but that’s a super cool research project. We typically try to identify based upon user feedback where we need to go next.

Recently we added WeChat, or stuff that might not be so prevalent here in the States, but we have partners across the globe that are able to access that. Or the newest iPhone comes out, or we need to look at drones, or whatever it may be. But glasses would be a good one.

Desi: I was watching a YouTube video with this ex-con who now cooks and travels the world and does a vlog series on YouTube and helps people try and stay out of prison through his motivational talking. One of the episodes he was using the glasses and the series was walking through the most dangerous neighborhoods in the world.

But he was using the Meta glasses to film a lot of it. I can imagine criminals just filming their cash hauls that they get. I can imagine them buying a pair of Meta glasses and then doing the same thing.

Si: You are being very civilized about this. We all know what it’s going to be used for, don’t we? Being able to have your hands free clearly leads it open to various other uses.

Strangely, I actually came across my first pair of smart glasses in the wild the other day, literally a couple of weeks ago. Somebody had a pair of the RayBan ones, and they loved them. They thought they were brilliant and really useful.

So they were getting a lot of time out of them. It was really interesting to hear. And also they weren’t as obvious as I thought they would be. It was only when I was standing talking to him face to face for some time and I went, “Hang on, are those smart glasses?” And he said, “Yeah, they are.” Otherwise, I’d been around him all day and I hadn’t noticed. It wasn’t something obvious.

Brandon: I’ve seen a couple in the wild. I’ve never had anybody that has had to acquire data directly from the glasses. Probably you get it off the phone, but I was also reminded of when the Z Flip phone first came out.

I remember saying, “I’ll never see one of those in real life. Nobody’s ever gonna buy it.” And I swear a week after that came out, one came into the lab for an exam. I was like, “Wow, it took somebody really long to have some criminality with this new Z Flip.” And naturally everybody wants to come over and look and fold the thing.

Si: I was similar to you. I thought these folding phones would never take off. My PT has one and it’s fine if he’s got it. And then they became commonplace. It’s just a thing that is out there now. Technology moves on and it never ceases to amaze me the things that get uptake. I never thought Alexa was gonna take off particularly, but there you go. What do I know?

This is a fantastic opportunity to sit here and go something like “Alexa play the Forensic Focus podcast” and then watch a bunch of people scramble for their phones at the moment.

Desi: Siri’s gonna be so mad at you, Si though. Because she’ll be like, “Who?”

Si: I have all of this stuff turned off because I’m a Luddite. I’d be the one throwing the spanners into the looms in the spinning machines. That’s me. I just grasp the technology enough to use it and then somebody brings something new out. I just want them to stay still for five minutes so I can have a bit of a break.

Desi: So we’re at the top of the hour now and we really appreciate you coming on and having a chat with us. We generally like to just check in with people to see what they do outside of their job at the end of the episode. So what do you do to unwind and enjoy your time?

Brandon: Right now it’s full-on moving mode. We’re all in boxes, but outside of that I do like to get outdoors as much as possible. A lot of the time right now is spent with my 10-year-old daughter who’s playing a lot of softball.

So it’s nice to get out and be able to watch her play and watch a whole bunch of kids really try hard. Youth sports is always a nice afternoon. So between boxes and softball, that occupies a lot of the time right now. I think there’s gonna be a lot of Home Depot trips in the future, but I’ll relax one of these days.

Si: Moving is always an experience from my previous times of having done it. I wish you the very best of luck and I hope it goes smoothly. Enjoy your new home in Nashville. Wow. That’s pretty cool. It’s on my list of places to go. I’ll be giving you a ring at some point when I drop by.

Brandon: No time like a Magnet User Summit to get back to Nashville. I’ll grab the grill, pull the grill out, and have everybody over at the house. It’s hard to pull you away from downtown when you’re right downtown for the User Summit. You’re not gonna wanna travel a lot, 25 minutes out into the country, but…

Si: 20-25 minutes, that’s nothing there. There seems to be a strange disconnect because my understanding of the US is it’s huge and people are like, “Oh yeah, I’m jumping in the car to go to the shop. It’s four hours away.”

And Desi is much the same actually being in Australia, which is vast. It’s “I’m popping to see my mate. It’s a six hour round trip.” For me, I live in reasonably rural Oxford here in England, and it’s still only half an hour for me to get to Oxford from where I live. I don’t consider that a long way, particularly especially if the traffic’s bad, then it can be considerably longer. But 25 minutes for a barbecue? No, I’m down. That’s not an issue for me. That’s a short trip.

Desi: Especially considering how far we’d both be flying to get there.

Si: Oh yeah, that additional 20 miles? Minor detail, that’s a deal breaker. Thanks Brandon. It has been an absolute blast. I’ve really enjoyed this and it’s been fantastic to hear about the new things that Magnet is doing and talk to you about it all. It’s really exciting. And I’m so happy for you to be moving to somewhere new and exciting. That’s brilliant. I’ll let Desi wrap up because I screw it up every time.

Desi: For all our listeners, anything that we’ve talked about, we’ll put in the show notes and there’s some links down there. We’ll grab anything else from Brandon and his team if they want to add anything else. There’s a transcript available from our website. And from the website you can grab the video, the audio, or see all of the platforms that we host our podcast on – Apple Music, Google Podcasts, any way that you can find us.

We also post it on YouTube as well. So there’s plenty of places that you can listen and watch from. But as always, thanks everyone for joining us this week and thanks so much Brandon, for coming and talking to us.

Brandon: Thank you so much for doing this. It’s awesome. Had a blast.

Desi: Cool. Cheers. Catch ya.

Si: Cheers.

Understanding The AI Act And The Future Of Image And Video Forensics

The following transcript was generated by AI and may contain inaccuracies.

Martino Jerian: I’m Martino Jerian. I’m the CEO and founder of Amped Software. I’m an electronic engineer. It’s important because this is a pretty legal presentation, but I also have former experience as a forensic expert, of course, in cases related to images and videos. And I’ve been a contract professor at various universities, but now I’m fully focused on Amped Software, as you probably know.

And yeah, about us – we founded the company in 2008 in Italy. And since a few years ago, we also have an office in the US. Our software is used by law enforcement and government agencies and private labs all over the world for working on image and video forensics. And our vision that stands behind everything we do is the concept of “justice through science,” which I think is very important and related to the content of this webinar. And here in this beautiful picture, you can see the entire team on the top of the mountain at our AMLO meeting that we’ve done in January. So it pretty much represents our mood.

Okay. Why this presentation? As you probably know, unless you are living under a rock, AI is everywhere or almost – not very much in our software yet, and for a reason. Law enforcement applications are a big part of the Act, a very big part, and we as software vendors, we develop software and from this point of view, we are subject to the Act. But also you, as I assume most of you are our users, are subject to the AI Act, and you should be aware of potential risks of using non-compliant technologies, or also when you are using our technologies, what are the things to be aware of?

It’s also important for non-European organizations. I see in the participants a lot of names of people I know from outside of the European Union. This is pretty important because the AI Act is a European Union law, but such as the GDPR privacy regulation, if you are from outside Europe and you are working with customers in Europe, or you treat the data of European citizens, you need to be compliant with it.

The fact that you are not in Europe doesn’t exempt you from respecting it in those instances. And also, we expect, as the GDPR – the privacy regulation – has been copied, not copied, but of inspiration, let’s say, in many other states and countries, we can probably expect something similar to happen for the AI Act.

As you’ll see in a few minutes, non-compliance fines are huge. So what’s the objective of this webinar? First of all, it’s a big study you may have seen on our blog. I will share the link at the end of this presentation. I did a lot of work for our kind of personal use as a software company, to understand what of the activities that our users do are subject in some way to some of the regulations of the Act.

And again, a big disclaimer: I am not a lawyer and this is not legal advice. It’s my reflection – my reflection on a very long and complex law and yeah, as such, maybe this webinar will be a bit different than typical webinars from us with a lot of nice enhancements, license plate examples or other hands-on software. So it’s quite a bit dense, I would say. But of course, you can watch a one-hour webinar or read 150 pages of the law as I did multiple times, so you can choose.

Okay, the big marketing of the European Union says this is the first regulation worldwide, and it has been advertised a lot like this. And I think this is a common way of saying that Europe is an innovator in regulation and a regulator of innovation. And I think these two definitions are similar – they are pretty much on spot, and we’ve been the first, we keep this – we started probably.

Okay. First of all, we start with a very brief overview of the AI Act in a nutshell, as we see here. So what is it? It’s a law – the European law of about 150 pages. So there’s a lot of stuff. It’s been published in July 2024. If you have been following my LinkedIn account, I shared multiple times because that is where the news – it has been approved many times because actually the approval happened in multiple steps. So again, it’s the fourth, fifth time that we see the news about the approval, but the final one, the real one was July 2024.

Most parts will be compulsory by 2026 and 2027, it happens in steps, some parts are already, let’s say, applicable, as we’ll see later, and there are some exceptions. It does not apply to use within national security, the military, research, and partially for open source software. And it’s pretty interesting from our point of view because some of our users are borderline with some of these, so sometimes it is a bit difficult to distinguish where law enforcement and public safety finishes and national security starts.

It probably depends on the kind of organization and activities, but sometimes the lines are blurred. And the penalties are very big because the penalties for non-compliance can be up to 7 percent of the global turnover of an organization or 35 million euros, whichever is the greater of the two.

And it’s important that this is not profit, but turnover, and it’s global, not only of the kind of European, let’s say, headquarter of a company, but of all the offices around. So this can potentially make a company default. There are some categories at a very high level defined in the AI Act. First of all, there are the prohibited AI practices that are, of course, prohibited – they can’t be done. Then there are what they call the high-risk AI systems, and they are – they can cause some risk from different points of view. So they can be, let’s say, used, but according to some compliance requirements that we’ll see later.

Then there are what are usually called low-risk AI systems. Interestingly, they are not explicitly defined. There is not a definition, or the low-risk AI systems are not even mentioned in the AI Act, but they are implied by difference. Anything else that is excluded from the other categories is low risk, with the exception of, let’s say, what they call in the law “certain AI systems” with some definitions, let’s say, and they can somewhat be approximated with the generative AI tools like those that were used to create text with AI, create images, videos, audio and stuff like that. And they have some transparency obligations that we’ll see later. And finally, what they call the general purpose AI that are essentially at the core of many popular applications that can do many different things, and they need also to adhere to some rules.

Going through the law, we will go through some important definitions. First of all, the first article, the purpose – you will see over the presentation, the italic font. This means that this is being copied and pasted from the law. And I highlighted some important words. Essentially this defines the overall idea behind the law. Here you see that very much in line with the European Union fundamental values.

Here, the objective is to have human-centric and trustworthy AI, and above other things, the objective is to preserve the fundamental rights, democracy and the rule of law. And then there are many other important things – safety, health, environmental protections, but essentially a good part for this reason is important for our field. Law enforcement use is a relevant part of the law.

Second big, let’s say, definition is AI system. It’s pretty difficult and they define – I put different points just to make it clear. Actually, it’s a single sentence in the law. It’s “AI system means a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers from the input it receives how to generate outputs such as prediction, contents, recommendation or decisions that can influence physical or virtual environment.” It’s pretty bad.

I think everybody can – at the beginning, I was trying to study this and see, from this, even normal software could be here, but then luckily, they released some guidelines about what is specified better, what is considered an AI system.

So it’s a multiple-pages document that goes very much in depth with examples on the points that we’ve seen before, but essentially the important thing is that more clearly it defines what we normally consider AI in general, even though there are many different kinds of AI, not only generative AI, which is, or deep learning, which are the most popular nowadays.

So essentially a critical aspect is the fact that is right here: “AI systems should be distinguished from simpler, traditional software systems or programming approaches. It should not cover systems that are based on the rules defined solely by the natural persons.” Okay, so this means that with software, where it is the human that programs the rules, this is not AI – to put it in a very kind of informal way – it is when the system, usually with a data set, learned what are the right parameters and rules, basically learning from data.

Then there are definitions of the various subjects that are involved in the AI Act. So normally I call ourselves vendors. In the AI Act, they call us providers. So in our case, developers of the technology, and then there are end users, and users over the law are called deployers. Okay. And then there are others. Others are normally called operators, and it’s other entities. It can be the provider, the deployer, but also manufacturer, representative, and importer distributor.

So all these in general are called operators, but the vast majority of the things we will focus on will be provider and the deployer. So we are providers, you are deployers, and then there is a definition, very precise, about law enforcement, and they define this like “any authority or competent for prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, but also any other body or entity that has been assigned these duties.”

What does it mean? That, according to my interpretation, of course, what we will see over the law about law enforcement is actually applicable also to private forensic labs exactly in the same way, because these private labs we assume are being assigned by the public authority to do this kind of job as well. Another definition that I pretty like is deepfake.

I usually write deepfake altogether without the space, but they prefer this form and it is the way it is. And they define it like this: “deepfake means AI-generated or manipulated image, audio or video content that resembles existing persons, objects, places, entities or events, and will falsely appear to a person to be authentic or truthful.”

Interestingly, here, we see that it’s not much a technology – of course, it’s done with AI-generated or manipulated, but also the context in which we evaluate this image. And I think it’s pretty much in line with the definition of the SWGDE, Scientific Working Group on Digital Evidence, the definition of authentication, which is the process of defining that the data is an accurate representation of what it purports to be. Okay. So again, here, there is not much about the technology – it’s just doesn’t really represent the truth.

And so we can make a couple of examples. Okay. So probably, Midjourney – it’s one of the many applications where you can do text-to-image. Okay. So I asked Midjourney to “create an image of a night-time realistic photo of a group of a cop looking at himself in the mirror seen from the side.” And I get this image, which is pretty much, yeah, realistic photographic style.

So if I pretend this image to be a picture, a real photo of a real person, this is a deepfake. Okay. But then I use the same technology for doing this, a drawing in the style of a seven-year-old dinosaur riding a motorbike with some other technical features, okay?

This is clear that it’s a drawing. I’m not pretending that a real dinosaur is riding a real motorbike, okay? So it’s not a deepfake. But if I pretend that this drawing has been done by my seven-year-old son, for example, maybe this is a deepfake because the context is different. Probably we can discuss on that – it’s a very philosophical thing. But this is just an example of the idea behind it.

Over this presentation, we will evaluate typical image and video forensic activities and see what the AI Act has to say about them. This is a very generic application, even a video search and content analysis. So a video summary, find all people with a blue t-shirt or the red cars in a video, find all explicit videos, pictures with drugs, guns, so content analysis, okay? This is one possible application that we will study.

Then face recognition on recorded video. Typical question: Is this the same person? This is me, believe it or not, many years ago. Yes, it is the same person. And this is a typical question that can be probably solved by AI, but should it be?

Then, license plate recognition on recorded video. You may have already played with our tool DeepPlate that from a very low-quality image, it estimates what are some possible character combinations recommended for investigative use, of course. So this is another topic that we are investigating.

Then image and video redaction, pixelating, blurring, putting a black rectangle over sensitive details, another very common practice.

And then there is image and video authentication. For those of you who are familiar with Authenticate, you know that we provide many different tools inside it. There are traditional tools based on traditional image forensics papers totally unrelated to AI, but since a few years, we also added some AI tools to complement the traditional ones because it’s pretty hard, even though not impossible, to fight AI without AI.

So this is our image generation tool. So you see on the left my colleague Marco, which is clearly not an image generated with GAN (Generative Adversarial Network), while the other person has been created with the website thispersondoesnotexist.com and of course it’s detected as such. And then we have our classical image and video enhancement. Typical example of a blurred license plate. You already know everything about it, probably. So this is, of course, a very important topic to investigate in the light of the AI Act.

And then let’s go into the depth of the AI Act. Now we’ll compare this list of typical activities with what the AI Act says that is prohibited. Will any of these activities that we do be prohibited to be done with AI? Let’s see.

So what are prohibited practices? And I simplify them a bit. Of course, there is the law. If you want to go into the very nitty-gritty details of it, behavioral manipulation – so using AI to unconsciously change the attitude of people, social scoring – evaluate the behavior features of people, predictive policing – it’s partially prohibited, not in all instances, but some parts are prohibited, emotional recognition in work and education – it’s prohibited, biometric categorization with some specific purposes that we are not going to go much in depth here.

This is interesting – scraping of facial images for face recognition from CCTV or the Internet. This part of the law, I think, has been written with a specific use case in mind. And I read up the name of the company, but there is a pretty well-known company that created a database of faces scraping Facebook and other sources and that have been fined for a million dollars/euros by many European countries because it’s totally against our privacy regulations.

So they did put this in the AI Act too, and then law enforcement use of real-time biometric identification in public. The keyword here is “real time,” okay? Doing forensics, we are not much interested in real time, but on recorded video.

So there are some exceptions to this prohibition, okay? Oh, yeah, by the way, these are already enforced since this February, okay? This stuff is already forbidden. You cannot do it in the European Union. What are the exceptions for the real-time biometric identification? The most common application is of course, face recognition – cases of abduction, trafficking, sexual exploitation, or missing persons, imminent risk for life or terrorist attack, and identification of suspects in serious crimes that are punishable with detention of at least four years.

Okay. This was a big part between different member states of the final negotiation, because someone wanted more power to investigate. Some were more protective of privacy. So it was a big discussion over the last time of the last part of the negotiation for the law.

So interestingly, let’s go over very quickly our topics: image and video search and content analysis, face recognition on recorded video (on recorded because the other we’ve seen is prohibited), license plate recognition on recorded video, image and video redaction, image and video authentication, image and video enhancement.

These are not prohibited, so first step – it’s okay. Then let’s see if some of these activities are under the high-risk category. These are defined in the Article 6 and Annex 3. Putting together, it’s a bit complicated, but it took some time, but I did it. So what are high-risk AI systems? Safety component for some products like cars, biometric identification – not verification, but only identification, biometric categorization in general, or some specific instances are prohibited.

We’ve seen also emotional recognition prohibited in work with education, but in general high-risk, critical infrastructures, education, employment and workers management, medical devices, access to services like insurance, banks and stuff like that, law enforcement and border control, justice and elections and voting. I highlighted here the part of interest potentially for us.

So what I did, I went to study those specific particles. So the first is biometrics. So I think the first thing which is written everywhere, it’s “insofar as the use is permitted under relevant Union or national law.” This means that the AI Act is not the only law that we have in Europe or in other member states. So maybe according to the AI Act it is allowed, but there are many other laws to consider. That’s important. This does not supersede other laws. And in general, are remote biometric identification systems. Okay.

So what does it mean? That face recognition on recorded video is considered a high-risk activity. Again, on recorded video, on real time, it’s prohibited. Okay. And remember it’s not just recognition in general, any biometric identification system – of course, face recognition is considered the most common and critical from this point of view.

Then we have law enforcement as a category again, if the use is permitted under other laws. So the first point, which is very interesting, is “AI systems intended to be used by or on behalf of law enforcement authorities.” Then other test is “polygraphs or similar tools.”

I studied a lot of these because I think probably we need some more precise definition if it’s only related to polygraphs or there is more, because if we interpret this literally, it can be much more, let’s say, much wider. But it seems to be into kind of lie detector stuff. And then this is also interesting: “AI systems intended to be used to evaluate the reliability of evidence.”

And what is an example of this? Image authentication, of course. So these we will check later. But essentially, we already have a hunch that it’s about deepfake detection or in general, image and video authentication done with AI since it’s to evaluate the reliability of evidence. And then we have another section, which is border control, migration, asylum, and border control management.

Again, there is the section, the same as polygraphs or similar tools. And then we have “AI systems used, blah, blah, blah, for the purpose of detecting, recognizing, or identifying natural persons.” Okay? So this is very wide. And it’s interesting that essentially, border control is also – someone that implies – it’s related to law enforcement, but they have stricter rules. Okay. So this is pretty important for our analysis.

Then there are justice and voting. And so I went here, since what we do is related to justice, but essentially the only part that could be somewhat related is this one, “to assist the judicial authority in researching and interpreting facts in the law and in applying the law to concrete set of facts.” And this is what we call the robo-judge or the AI judge. So it is not related to what we do with videos essentially.

So after this deep dive into the high-risk activities, oh, yeah, there is the derogation because even if you are in one of those cases, you may not be subject to it if the AI system is intended to perform a narrow procedural task, so it’s not doing the entire job, but just a small part. If it’s done – if it’s used to improve the results of an activity completed by a human, and/or if it’s a preparatory task to an assessment that is done in other ways.

Okay. If you think you’re subject to derogation, you need to document and do an assessment before placing the system on the market. Okay. And this is something I discovered pretty recently. On the first analysis, I didn’t notice this. This is interesting. There are systems that are so-called “grandfathered.”

What does it mean? That if there is a high-risk AI system that has been put on the market before the 2nd of August, even if it’s a high-risk system, it does not need to be compliant unless there are big changes to it. And unless it’s been used by public authorities, then you have time until 2030 to become compliant. This is pretty interesting.

Okay, so our typical image and video forensics activities, high risk? Let’s see one by one. Image and video search and content analysis – in general, this is very wide, could include some of the various activities. But in general, imagine a video summary, find all cars and stuff like that – is not a high-risk activity. Maybe an exception in the context of border control, but likely would be derogated as a preparatory task, like search for all the cars and then the human investigates more. And this is for recorded video. Real-time analysis again can be a bit more problematic, especially if it’s done for profiling, which is an entirely different matter.

Face recognition on recorded video – it’s a high-risk activity. Very clearly, also other biometric IDs are a risk and let’s remember that real-time biometrics and scraping of face recognition database from the Internet are also prohibited. Very important.

Then license plate recognition on recorded video – it’s not a high-risk activity. There isn’t anything written around there, but there has been a nice paper written by Larget at others in 2022. They work on a draft of the AI Act and they came to similar conclusions to what we do in many aspects, but they had a different idea about this in the sense that they think that also other systems like license plate recognition or other kind of photographic comparison should become high-risk because they are – they can be used for identification.

Essentially, we can tie a license plate to an individual that owns the car. So they expect this to be considered high risk, but there is nothing written in the law as far as I’ve seen, that can do this. Of course, things can change.

Image and video redaction, of course, as expected, is not a high-risk activity. Image and video authentication, yes, because we already seen it’s probably a high-risk activity when done with AI, of course, not with other techniques, because it’s used to evaluate the reliability of evidence, okay? And also, the authors of the mentioned paper agree on this.

Pretty clear again. This is more part – if you think about our use case, because in Authenticate, we have many other tools. And in any case, the result, the final analysis, it’s put together by the analyst – it’s not that an image is automatically classified as fake or not by an AI. And that’s it. It’s just a tool that can, that is being used by a human. So maybe some derogation may apply in this case.

Then we have – I’m pretty big on image and video enhancement. According to this list, it’s not a high-risk activity. Maybe it could be high risk when done with AI. Again, traditional algorithms, for example, those that we have in Amped 5 are not based on AI. So we are not even remotely discussing that for now. But maybe it can be a problem in context related to border control, maybe derogated, but that’s a longer discussion.

Okay. But one thing about AI enhancement I want to mention is that it’s pretty risky. I’ve been discussing these over and over. This is an example that I show in other webinars that I think is pretty impressive. It’s on the homepage of this tool that is linked here. It gives impressive results. Amazing that are good for your vacation photo, definitely. But if you think about this as evidence – you can very clearly see that it’s changing the brand of the car when enhancing it, as it’s totally making numbers and letters of the license out of nothing.

If we are working with evidence, this is very risky because it can create something that looks like a legit image, legit high-quality image, and where we can put our trust. But it’s actually not, because it’s an image that has been AI-generated and AI-manipulated. It’s very risky and very interesting. It was this case – it is somewhat recent. It’s about one year ago. So far, there has been the first big case in March 2024, where some videos have been disqualified in court in the US because they’ve been enhanced with an AI tool.

Essentially as the law, based on previous cases, works in the US this sets up pretty strong precedent. So AI enhancement is not acceptable as far as these – it was, if I remember correctly, a Frye hearing, several experts were called to testify on it. And also after these, there were quite a few interviews with experts, the field of discussion on legal journals. And it was pretty clear that for various reasons that were mostly legal at this point, and the acceptability of the science, not kind of a pre-conceptual things about AI – in any case, this was not deemed acceptable. And I pretty agree with that, from my position.

What are the requirements for high-risk AI systems now that we’ve identified? So it’s a lot of articles of the law, we’ll go through the main points, but of course, if you need to make your software compliant, you need to do a lot of work. So the first part is data and data governance, essentially keeping under strict control datasets used for training, validation and testing. Okay.

So you need to track very carefully the process of data collection, origin of data, and the purpose of data collection, because maybe for privacy reasons, you are authorized to use those images for marketing, for example, but not to train an AI, then the examination in relation to possible biases that can have a negative impact on fundamental rights. Okay. So the data set should be built in a way to minimize bias as it’s written in the next point.

And then, of course, the data set should be representative. Let’s think about face recognition. If I don’t train the system on a data set which is relevant and has more or less the same proportion of people of different ethnicities, for example like in the country where I’m using it, then the result will be wrong. It happens already.

And it should be free of errors and complete – which is, databases are huge to be complete and free of errors – it’s quite a challenge and this puts a kind of a bigger responsibility on the vendor, because for AI, the data sets are the most complicated and the biggest thing that we have to create, and this should be checked under control. It’s pretty correct.

Then record-keeping. Okay. The system should have logging capabilities. For example, recording the period of use, the reference database, because the database that they’re using now, maybe it’s different from that of five years ago, the input data that has led to a match, natural persons involved in the verification of the result, because they must be verified. I see here a lot of privacy complications, saving all this data. Again, having one without the other is not always easy.

And then another big thing about AI is transparency. So they should – there should be enough information given to deployers to understand the output of the system and to use it. So for example, what’s the purpose of the system, when and where it does work, how robust it is, in which situation it can give wrong results, and things like that. Again, where can it be misused or when the conditions do not allow to use it. And then there are a lot of other parts, like providing information that is relevant to explain its output, performance in specific personal groups, specification for the input data, information to interpret the output.

All of this is not easy. In fact, they put kind of workarounds – “where applicable,” “when appropriate,” “where applicable,” because this is the big problem with AI. Especially the ability to explain its output. Very rarely we are able to explain the result given by AI. They are like a black box. That’s the main issue, let’s say for AI, and then we have the human oversight. So the big point is they should be effectively overseen by persons, so this person should be able to detect the anomalies and unexpected performances. They should be aware. So there should be education.

There is what is called automation bias – our tendency to trust instinctively, maybe too much, the result given by a machine because normally machines work better than humans, maybe, and also to be able to interpret the outcome. Okay. And of course, they – the human should be able to override it, not to use the AI system or reverse its output and interrupt the system with a stop button. Maybe it doesn’t make sense for some applications, but for something that has a physical impact, a stop button is pretty important.

Okay, so we’ve seen very quickly the compliance, the main compliance topics for high-risk systems. But there is another category, what we call earlier “certain AI systems” that we can oversimplify – it’s AI image and video generation tools, okay? What are their obligations? And there’s right here in the Article 50, okay?

They say “providers of AI systems including generative composed AI system generating synthetic audio, image, video, or also text, shall ensure that the outputs of the AI system are marked in a machine readable format and detectable as artificially generated or manipulated.” Essentially, any output created by generative AI should be digitally signed or watermarked.

This is already done by certain mobile phones that already put some information. Also, some of the image generation tools, they put these watermarks or metadata that, of course, are not foolproof always. What I’m mostly worried about, even though it’s not our topic, is text content, because how – there are somewhat some ways to watermark text content, but yeah, it’s not as easy.

So we prob – the – we solved the problem. We did fix, right? Because they are all watermarked, so we can easily find – no problems. Of course not, because first of all, this is a European law and not all the providers are in Europe. And of course not everybody respects the law. Otherwise, we won’t be here. And then of course there are a lot of open source tools that make these unenforceable. Because even though an open source library or tool has the, let’s say, the watermark feature, being open source, a programmer can easily remove it.

So there are some exceptions. Even though we have AI-generated or manipulated images, we don’t need this kind of disclaimer, this transparency, if it’s just an assistive function for standard editing. For example, I use a traditional brightness and contrast adjustment, but the optimal settings have been found by AI. That is an assistive function – where authorized by law to detect, prevent, investigate or prosecute criminal offenses. The most obvious thing I can think of is a fake social media profile done with AI-generated images and maybe about the text.

Of course, if I’m a kind of undercover agent trying to investigate something with a fake bot or whatever, I cannot put “I’m a fake.” And this most important for us exception – “when they do not substantially alter the input data provided by the deployer or the semantics thereof.” And we can have a big discussion.

So this is one of the tools that we tested for AI enhancement. So we took a picture of Tommy Lee Jones. We made it smaller without scaling and then we made it bigger with an AI tool. Okay. So if you have this picture on the right, you can see it’s a pretty high-quality picture. Okay. And I can also say that it resembles a lot the picture on the left. Okay.

But on the other hand, if I need to use these for identification of a person, this is completely unreliable, completely dangerous because it looks like something I can trust. Of course, from the picture in the middle I can’t say much, but at least I wouldn’t over-rely on it.

On the picture on the right, I seem to have some good material for investigations, but actually the nose shape is wrong. The pretty peculiar eyes of Tommy Lee Jones are completely changed. There is also a distinctive trace, a kind of red mark on his forehead and it’s gone. So you can see these – this – does this substantially alter? This is a very bad definition. Okay. So this is important.

So this was for who creates the tools. This is for deployers. So you should disclose that the content has been artificially generated or manipulated. Then there are exceptions. For example, if you do something that is artistic, satirical, and this would hamper the enjoyment of the work, then it’s attenuated, the requirement. Again, when authorized by the law, you can avoid it, but still responsibility on your end too.

Okay, so let’s come to the conclusions. So I want to compare these with the preexisting position that we had on AI. I’d been studying this topic for years. Probably now this post is from 2021 that you see linked here. If you have been following this, you know that what I did, I was dividing these into kinds of categories. If we did evidential use, so to use the result as evidence, or investigative use, like a lead, like intelligence, stuff like that. And then I divided enhancement – so when I have – I’m producing another image – or analysis – went from an image, I get a decision like face recognition.

And in general, my big no has always been using AI-based enhancement for the reason that we have seen on the previous slide, no, because it’s not explainable. And there is a bias from the training data. For investigative use, we could probably use it. But I need to be sure that intelligence doesn’t become evidence because then it’s a big deal.

So like putting a watermark, something writing, “not for evidential use” or something like that on the image. And I need to educate operators about risks, because if you over-rely on this image – you look for this guy and you find that actually Tommy Lee Jones and it’s different – then you can go in the wrong direction.

But what regards analysis – you can probably use both for evidence and intelligence with safeguards. So only for decision support. So the human must always have the last word. I should know the reliability, when it works, when it doesn’t, what is the success rate, and mitigate the bias of the user. How can we compare with the AI Act?

Of course, they are minor kind of rules of thumb, very specific for our field. The Act is huge, much more detailed – it’s a law, which is not a blog post, let’s say – but you can see there are pretty – the key points are more or less in line. You see “only for decision support” is the article for human oversight. “Know reliability” is transparency and provision of information to deployers.

“User bias mitigation” is in the article about AI literacy that we didn’t go through, but it’s also another part of the AI Act and the risk management system. One thing that I didn’t write about that I think is pretty important is the data governance. Of course, it’s not much about how the user uses the system, but how I train the system with the proper data sets.

So let’s summarize what we’ve discussed. So probably – I say probably because again, this is not legal advice, this is my interpretation – probably high risk when performed with AI: image and video authentication, not just the deepfake detection, but also the detection with AI of traditional projects, and also face recognition on the post analysis of recorded video. Again, in real time, it’s prohibited, same for some specific situations. So these are the two things to be aware of.

Probably not a risk when performed with AI: image and video search and content analysis, license plate recognition (for now, maybe it will change, but for now it’s okay), image and video redaction, and image and video enhancement. But, as you have seen in the last part, according to the AI Act, image and video enhancement is okay, but the image must be marked as AI-generated or manipulated. This is very important. And again, the AI Act allows it – it doesn’t mean that it should be used for evidence. This is just one part of the law, and it’s not specific about, let’s say, investigations.

I want to leave you with some final notes and thoughts. Maybe it could be also – we can have a small discussion over the chat. I didn’t manage to keep up with the chat, of course, because I was speaking. So again, I’m not a lawyer. So for official legal advice, discuss with your legal counsel. Things can and will change because the technology is changing so fast and there are so many things that the law needs to define for actual application, as right here.

There are – even though some parts are already in effect, especially the prohibited activities – to actually be compliant, there are many more guidelines that we expect to come because now it’s too bad. Okay, and it’s, of course, it’s not time yet, and there is one of the questions that I was asking myself.

So let’s speak, for example, about deepfake detection. Okay. There are lots of websites, tools that claim to be deepfake detection with different rates of success. Okay. Let’s say I’m developing one of these tools that I put on the wild just for, maybe for people just to test stuff on social media, and you, as law enforcement, use this tool, which was not, let’s say, developed explicitly for law enforcement use, but still can be used.

So we have identified that deepfake detection potentially is a high-risk activity, but this developer didn’t follow the AI Act because it’s in some other part of the world and didn’t imply it to be used by law enforcement. So who is responsible for using it? Probably you, but also this developer? I don’t know, but it’s something that left me thinking.

Then, this is a big one. We’ve seen over and over speaking about the fact that compared to many other countries that are very aggressive towards adoption, in Europe we have this Act. You have seen it’s pretty stringent. Okay. So is it a risk for innovation? I think so. But different countries have different values and focus. And if you go to read the fundamental values of the European Union, the focus on privacy, attention to human rights, fundamental rights and things like this – I think it’s very coherent.

So you may not like it because you would like some – this group of countries to be more aggressive and not be limiting the technology. And we can have different opinions. I can be more conservative, you can be more aggressive. It doesn’t matter. I think it is coherent with the fundamental values of the European Union.

And again, yes, probably it is a risk for innovation. And I think related to this, I think it’s very important with adoption of AI – I think this is the kind of big thought I want to leave you with. Let’s imagine this AI becomes a kind of an oracle. It’s an oracle, which is a black box. Okay. That is almost always right. Okay. Let’s say 99.99 percent of the time, it’s right.

For law decisions, putting some person in jail for life is probably more right than people – they’ll say it is for now, but let’s put aside and let’s say that still, you trust it, but you don’t have a way to verify when it actually works or not. You don’t know how it works inside. Would you trust it for critical decision or not? This is almost always right, but you don’t know why and how – would you trust it or not? And I think this is a big question that I leave to you to reply because everybody can have different opinions on this and that’s it.

Here we have the QR code and the link to my big blog post with more or less the same content as this webinar. I hope you enjoyed – I know it’s a heavy topic. It was heavy for me to study, but very interesting. I hope I did make it a bit clearer and yes, thanks for being with us. Let me check the comments.

Oh, I see. There is a lot. Yeah, we have a question from Carrie. Okay.

Okay. Three minutes ago, one of the last ones. Okay, let me check. Thank you. Thank you. Okay, can you speak a bit about the AI Act implication for DeepPlate? As I said, according to the AI Act, for now, there is no – it’s not a prohibited and it’s not a high-risk activity. Okay. On the other hand, as you – let me go back to the slides so it’s clearer.

Okay. It’s a tool that’s for analysis. Okay. So we don’t do enhancement with DeepPlate. To be transparent, actually inside DeepPlate, it also creates an image. And in early versions of it, we also showed the image. Internal version for development. What is the problem? That once you show the image to a user, and it was a very nice image, you give too much trust to it. Okay. While if I just give you the numbers with a level of confidence, you end up more skeptical, as you should be.

We implemented DeepPlate with all the safeguards. First of all, there are disclaimers everywhere that it is only for decision support and to minimize bias. We also tell you, you first need to analyze yourself the license plate and then use the tool. So you are not biased by its results. And then about the non-reliability, we did a lot of testing with real license plates. We are seeing if we are able to publish a paper on that as well. So we put some safeguards, but again, for the AI Act, it is not an issue at all.

Magnet Forensics Demonstrates Continued Leadership In AI With New Product Innovations And Resources

Magnet Forensics today shared numerous product updates, integrations, and resources to help the digital investigations community with the vital tools and resources they need surrounding artificial intelligence (AI). As a pioneer in the space, with the release of Magnet.AI functionality in Magnet Axiom in 2018, Magnet Forensics continues its innovation and focus on AI to ensure law enforcement can stay one step ahead of criminals.

As an exciting addition to their robust product portfolio, Magnet Forensics has introduced new AI-enabled features in Magnet Review, a web-based solution allowing non-technical stakeholders to view digital evidence quickly and easily. This latest update allows for natural language search for content contained in audio, images, and video. With these capabilities, users can now surface more relevant search results in a sea of digital evidence—saving valuable time in any investigation.

Magnet Axiom has also seen continued expansion in its AI functionality with the addition of Magnet Copilot. Initially introduced in Axiom as a cloud-based integration to bring the powerful AI capabilities of Magnet Copilot to even more forensics teams, Magnet Copilot was recently made available for offline use. Magnet Copilot helps examiners quickly find key evidence by allowing them to ask questions about conversation threads or web searches. It then highlights the most relevant artifacts in the case. Responses provided through the interface also include citations for the case data so users can easily validate the results and investigate further.

“At Magnet Forensics, we’ve always seen the potential of AI to help anyone working with digital evidence,” says Jad Saliba, Magnet Forensics co-founder. “With the mountains of data coming to users every day, we need to arm them with the tools necessary to cut down on the noise and find what they need faster than ever.”

Magnet Forensics also recently partnered with T3K.AI, an innovator in artificial intelligence technology, to empower law enforcement agencies and investigators worldwide with cutting-edge tools for their digital media investigations when using the Magnet Griffeye suite of products. This helps investigators detect and prioritize critical content faster for a variety of use cases such as counterterrorism, war crimes, and child sexual abuse cases.

“AI has taken a huge hold over every aspect of modern technology,” adds Saliba. “Anyone creating technology-based solutions has to be at the forefront of that change to make sure users don’t get left behind. But equally important is taking the proper steps to make sure that AI is responsibly included in any initiative at Magnet Forensics.”

With that in mind, Magnet Forensics has shared their Principles of AI, a seven-point guide for the company that demonstrates how they are developing AI tools that uphold the highest standards of transparency, fairness, and ethical responsibility. The Principles of AI are now available in the brand-new AI Hub, along with a large collection of resources dedicated to helping those in digital investigations understand the implications and uses of AI, as they move forward in their field.

Also, the company has just launched its brand-new webinar series, AI Unpacked—a monthly presentation hosted by renowned expert, Brandon Epstein, that will dive into the leading questions in AI. The series will help anyone in digital investigations make more sense of the issues they’re either now facing or will soon. To get the latest Magnet Forensics’ resources for AI, visit the AI Content Hub and sign up for an upcoming episode of AI Unpacked here.

AI Unpacked With Brandon Epstein: New Webinar Series Explores The Latest In Artificial Intelligence And DFIR

Artificial intelligence (AI) is revolutionizing the DFIR field, with exciting advancements happening at a breakneck pace. This new webinar series will break down the latest in AI within digital forensics, allowing you to make informed decisions about how to deploy it effectively in your cases.

You may know Brandon Epstein as the co-founder of Medex Forensics, for his work as the Chair of the Scientific Working Group on Digital Evidence, or for his presentations at Magnet User Summit, Magnet Virtual Summit, and various other conferences around the world. Suffice it to say, Brandon is noted as an expert in the area, and he’ll be bringing that expertise to the AI Unpacked series.

In the first webinar of the series, taking place on April 16, Brandon will focus on what AI is and what AI isn’t, as it is applied to digital forensics. We will cover basic definitions and concepts to give you a foundational understanding of AI, in order to build a realistic picture of the technology.

Register Now

New episodes of AI Unpacked launch regularly—check back often to reserve your spot. The next two installments are now open for registration, so sign up today!

Advanced Detection Tools From Amped Software Aim To Combat AI-Generated CSAM And Protect Children

Have you ever looked at an image or video and wondered, “Did that really happen, or was it AI-generated?”

With the rapid development of artificial intelligence, this question is becoming more relevant than ever. Generative AI has transformed digital content creation, but it has also led to significant concerns, including the rise of AI-generated Child Sexual Abuse Material (CSAM). Amped Software is committed to equipping you with the tools necessary to combat the growing threat of AI-generated CSAM and deepfake exploitation.

The Escalating Concern of AI-Generated CSAM

As AI tools become more accessible, the ability to create hyper-realistic deepfake images and videos has led to misuse in devastating ways. The question arises: How can you tell what is real when AI-generated content is so convincing?

According to data from the National Center for Missing and Exploited Children (NCMEC), the number of digitally manipulated CSAM reports has surged from 100,000 in 2010 to over 36 million in 2023. This staggering increase highlights the urgent need for advanced detection technologies, stricter legal frameworks, and international cooperation to protect victims from exploitation.

What makes AI-generated CSAM so difficult to tackle? While traditional CSAM laws cover explicit content created using cameras, AI-generated material presents a new challenge. The laws surrounding deepfake exploitation remain inconsistent worldwide. Until recently, only two U.S. states – Texas and Louisiana – classified AI-generated CSAM under the same legal framework as traditional CSAM. However, as of 2024, 20 states have enacted laws criminalizing AI-generated explicit material. Still, many regions lack legal clarity on the issue, making it vital for forensic tools to step in and bridge the gap. 

Advanced Forensic Solutions from Amped Software 

How can you determine whether an image or video is authentic or AI-generated? Amped Software provides advanced forensic solutions for the authentication of images and deepfake detection. Amped Authenticate assists you in the analysis and verification of digital evidence. By examining metadata, compression patterns, and structural integrity, you’ll be able to identify whether an image was captured by a camera or generated by AI.

Key capabilities of Amped Authenticate include:

  • Tampering Detection: Uncover inconsistencies such as face replacements, altered elements, and synthetic image generation.
  • Metadata and Structural Verification: Analyze file characteristics to identify AI-generated manipulation.
  • PRNU (Photo-Response Non-Uniformity) Analysis: Trace images and videos to specific camera devices, ensuring source verification.
  • Shadow and Reflection Analysis: Examine lighting inconsistencies and reflection patterns to detect manipulations and AI-generated content.

These features are crucial in determining the authenticity of digital evidence. They provide clarity in legal proceedings and safeguard victims of AI-generated CSAM. With Amped Authenticate, you can trust that every image and video you analyze is backed by verified forensic data.

Strengthening the Fight Against AI-Generated CSAM

Amped Software is set to participate in key industry events dedicated to combatting crimes against children, such as:

With AI-generated CSAM on the rise, what can be done to protect the innocent? The fight against AI-driven exploitation requires collaboration between governments, tech companies, and law enforcement. Amped Software remains committed to advancing forensic technology to ensure that digital evidence is authenticated and that justice through science is served for victims of AI-generated CSAM.

Read the blog post to learn more!

DFIR In 2025 – AI, Smart Devices And Investigator Well-Being

Si: Welcome to 2025, a year of exciting upcoming presidential swaps in the U.S.

Desi: Yeah, 20th of January, Donald Trump is in, Joe Biden is out. I only read about that today, and then that deep fear struck me. But we’ll see how that actually turns out.

Si: I was flown out to a conference in Luxembourg, in central Europe, on AI in law.

It was talking mostly about the implications of AI in the court system and in things like decisions made using AI in immigration processes etc.

It’s quite broad, as well as the things that we’ve talked about, like computer generated imagery and stuff like that. It was the day after the election, so we were all sitting around and I could see the tickers on the news saying that that Donald Trump had won.

There were a couple of Americans who were at the conference and one of the things that they were telling me was actually that some of the legislation that was actually put through was very good on a legal standpoint.

They were saying for presidential acts around AI, one was done by Obama, two were done by Trump, and one was done by Biden, and they’re all actually good law.

What we see externally is often fear mongering because it sells newspapers. It’s not about the good stuff that gets done in the background that you know makes a country work. It is getting a bit better and it will be interesting to see.

I think my concern with that particular one is that I feel we’re already seeing some of the impacts of it in things like Facebook or Meta as a whole because it includes Instagram, are scaling back on their moderation.

Desi: Yeah, the free spirit. I found out about that as I was scrolling through LinkedIn this morning for looking for stuff for my job. There was a bunch of articles about Mark Zuckerberg being a convicted paedophile and had gone to jail for the last 36 months and contracted all these diseases. But it was a mock Facebook post.

That’s how everyone is now reporting on this news. I saw six of them and I was like, what the hell’s this? Then When I found the video of and who knows whether that video was deepfaked. For someone who is so in the public, it’s very hard to tell some of these defects because there is so much voice data and visual data.

Si: Yeah, I mean basically, we’re screwed then. You realise that, don’t you?

Desi: Oh yeah, definitely. Definitely realise that. I was looking at AI generated images in terms of humans in pictures and you could train your individual self to try and find pictures, I think it was earlier in the year we might have been talking to Ant about that.

It was like that uncanny valley. You’d look at something and you would feel slightly uncomfortable. You wouldn’t know what it was, but it was that kind of deep human feeling that this isn’t natural.

I was looking at some of those images today and now I’m questioning myself. Is this an actual photo or are they saying it’s AI generated and it’s not. But looking at the photos, it looks like family photos from two years ago, it was phenomenal, some of the content that was coming out.

This is scary, now we’re getting to the point where if they can hide the digital traces of this, and especially with phones now. You have Samsung, you’ve got an Apple, all of that has AI software into the pictures. How do you tell between the two?

It’s a scary thought going into 2025. Not the fact that the technology is there, it’s how it’s going to be used is the scary part.

Si: There was interesting proposal that was put forward by Leica, the camera company. They basically digitally watermark genuine images from the start.

So, we’ve given up on trying to show what’s not real, but if we can prove that something is real, then at least you’ve got that extra layer of assurance. I think we may end up going that way, actually.

It’s easier to do that than it is to get everybody to tag. Because unless you’re going to make your own camera, which is possible and technically feasible to do.

Desi: It’s almost the reverse of when DVDs had the copyright encryption on it. People would go through and jailbreak that copyright so they could then burn the DVDs and sell them to the black market.

Companies like this will do this encrypted watermark. If this watermark is on the picture, it means the picture’s real. I can see criminals then reverse engineering that, to then put the watermark on AI generated images.

Then you have, in the news cycle, cybercriminals who have figured this out. These images from these dates we don’t know whether they’re real or not, because it’s got this watermark. We’ve updated the watermark, but between this six month period, who knows.

Si: Yeah. I think this is the new normal whereby you see something and you’re not necessarily going to be able to trust it.

It’s interesting because we’ve given all sorts of advice. You can go and look up all the advice about how to check an image and check sources, verify using multiple things and all of this. But none of us really do it. This thing pops up on your Instagram feed and you’re sending that to everyone.

Desi: Yeah, and it’s already there designed to be an echo chamber of your own opinions and what you’re viewing.

Si: I think the other problem is, is that reality is actually every bit as bizarre as I think it is. You get some really weird headline saying that some politician has said something and you’re like that can’t be true. It turns out to be utterly real.

There’s a quote attributed to Einstein, which I think it may have been disproved as being his but I like it for him anyway, which was there’s only two things that are infinite, the universe and human stupidity, and I’m not so sure about the universe.

Desi: I love those fake quotes. There was one from Isaac Newton that said, kids are always on their phones these days. That’s fantastic.

So, to continue on from the watermark breaking and putting on pictures, where I can see that becoming an issue is the value. I was just looking for news articles, there’s been a bunch of men convicted in 2024 for generating AI CSAN, and they’re getting quite hefty prison sentence sentences for all of that.

I can see the rarity of the natural product that they’re pushing, which is the CSAN material that’s generated with real victims being a premium within that market. So, this whole encryption thing is where I could see the motivation for doing that. Those niche circles to push that, to then generate the AI images to sell, maybe if they’re selling them at a higher cost as a market product.

Si: Oh, that’s so deeply disturbing.

Desi: I know right, but that’s the real dark side of AI and where all this technology is going. There’s so much benefit, but then when you try and put yourself in the shoes of a criminal and go how would I use this poorly? How would I use this for bad?

I think it’s because we’ve had so many of those discussions last year in terms of AI is being used to try and detect this stuff and where I can see it being used on the other side. Unfortunately, probably where some of those conversations will go this year, as we talk to more vendors and more people in the space that are researching it, that it’s that prediction where it’s going.

I read today that NVIDIA is coming out with a desktop supercomputer for 3,000 US dollars. Have you seen that?

Si: I haven’t, but then you’re going to say that you’re younger than I am, so you haven’t seen quite as many iterations of the desktop supercomputer as I have.

In my garage, I have one of the very first, desktop level, supercomputers, which was a Silicon Graphics Indy Machine. At the time, the graphics card in it alone was a £15,000 purchase and the rest of the machine was an incredible piece of kit. When I picked it up, we were throwing them out from the company I was working with. Which was insane, I’m having one.

I’m going to say it’s Moore’s Law, isn’t it? We constantly increase in this almost exponential rate. It’s slowing, but it’s the processing power that’s available and the cost of it is coming down. The processing is going up, the cost is coming down.

Then again, the new M4 chips with the Mac are phenomenally powerful desktop processors. The speed of them is ridiculous. I’ve got one M1 and one M2 chip and even those are still blazingly fast.

This is on the M1 and it’s still blazingly fast. A machine that’s three, four, five years old and it’s still holding up brilliantly.

Desi: Until the AI models, when you’re trying to generate that stuff where you need way more processing power, anything else you can throw out day to day is nothing, right?

We hit a peak on where we couldn’t generate a software program big enough to challenge the chips that we had. With AI now, when you’re working with large data model sets, that’s the next benchmark. Cinebench will go away and it’ll be handling these multinomial AI models and see how fast you can churn through the data set.

Si: It’s interesting because there’s huge range of issues in doing AI. Like you say, churning through a data set and building a model, but actually disk access.

You’ve got to have your buses that are handling all of that data to be able to put it into a multi core processor in a VPU. To distribute it, and then the memory’s got to be able to pull it and push it at the rates that the process is handling at.

The technology is being pushed on leaps and bounds. This is before we even get to quantum computing.

Desi: I think that’s the leverage, looking at some of the write up for this. They haven’t released all the specs yet. They announced it recently. The leverage that it has they’re doing a lot of it in VRAM. All the processing’s done there and then it’s out onto a NVME drive. Still quite high right speeds, but all the processing be done. It’s just pushing the solution out of it.

Si: Obviously parallel processing is the way forward. How can it not be? You’re doing more things at the same time, purely logical. I wonder if we’re heading towards seeing more things like distributed parallel processing, whereby you’re, you’re chaining together multiple machines, perhaps of a lower spec.

Desi: That’s the NVIDIA one.

They were talking about that you can buy multiple units and chain them together.

Si: When the link comes into the show notes, I’ll look forward to that very much. 

Desi: It’s a brief, initial announcement for them. You can go on a waitlist at the moment, but it’ll be interesting to see some of the early testing that comes out when they pass it off to vendors to run tests and what their reviews say.

They’re going the way that Apple went. Everything integrated onto the one chip, it’s not a piecemeal thing. If you’re plugging pieces in, your bandwidth is limited. So, they’re pushing everything in the same way.

Si: Interestingly, on the chip front, Raspberry Pi 5, 16gb edition drops this morning, so you can have a Raspberry Pi with 16gb of onboard memory as a system on a chip.

Desi: Raspberry Pi is now just like a computer from 2010, right? That’s where we’re at.

Si: I would agree with you, except I think it’s better than a computer from 2010. I’ve got one that sits behind my TV running a of a media server version.

Desi: I have a computer from 2010 running a media server. So, it’s probably better than mine. I had to get mine fixed because the RAM failed. So maybe I should just upgrade to a Raspberry Pi 5.

Si: Yeah, there you go. It’s probably cheaper than a couple of sticks of RAM.

Desi: It is, because it’s Ddr4 which is like hen’s teeth to come by these days.

Si: I was going to say, you offered to send me something earlier, I’m pretty sure I’ve got a drawer full of DDR4 kicking around somewhere. I’ll send it in exchange.

Desi: I was in that transition period when I was looking to buy my new computer, which I didn’t end up buying before I got this one. It was right in that in between where Ddr5 was new and it was so expensive, but then Ddr4 was getting more expensive because they weren’t making it anymore. I’ll just wait five years and then Ddr5 will be cheap.

Si: The one thing about the Apple ecosystem is that I can’t upgrade the memory in my machines because otherwise it breaks them. So, I buy as much as I can from the outset and then live with it. Having said that, my laptop is a 96gb machine, so it’s not insignificant for a little portable device.

I’ll share this window with you. Apologies for the quality of the photo, it was taken in the supermarket but this is where we’re heading.

Desi: Rise of killer robot fridges. Boffins fear AI devices going rogue.

Si: The prevalence of fears about AI hitting the press. I wouldn’t necessarily say that the Daily Star Sunday edition is quality press.

Desi: The font type of choice doesn’t scream professionalism to me.

It almost looks like one of those slasher films from the 80s and the camera starts off looking at a news stand about a serial killer killing a bunch of people. Then it pans to the street and there’s all the college kids having a milkshake or something.

Si: This was in the entryway to my local supermarket, so a pan to the right would have given me the meat fridges, and if they were eating someone it would have made perfect sense. Perhaps it’s a horror film yet to come.

Desi: Those fridges, they’ll get you.

I’m fascinated by stories, the headings and the kind of choices that journalists make for their titles that are clickbait. Then when you read the actual article, what is the underlying message?

It’s always been like this, but you see it a lot more in Instagram, Reels or TikTok’s, where you read the title and it’s not representative of the content because it’s generally AI generated or it’s just trying to be catchy.

Are you looking at the story?

Si: I’m actually looking at the daily star.

Desi: Your phone is going to track you and give you a lot more Daily Star now. That’s going to be the end of your news cycle on your phone.

Si: But yeah, fridges could lead a robot takeover of the world.

Almost all UK homes have a refrigerator. That’s a fairly self-evident statement. 40 million fridges. Experts, however, reckon that as home tech gets smarter, they could soon be plotting to overthrow us.

Desi: I’m currently reading the same article, and I’m not against one of the points in here.

So, worries, however, have been raised that the internet connected fridges could be targeted by hackers, and that they could talk to other devices through WiFi. Now, that, I’m on board with.

I went and did a sleep Apnoea test. Turns out, didn’t have it. The breathing machines were really shit to use, but the majority on the market are WiFi connected. Now, there’s the whole ethical issue about those companies just collect your data and then sell them off. I found a security researcher that hacked a whole bunch of them and gets you your data, which is awesome. I’ll try and find that and link it in the show notes.

Those devices themselves are WiFi connected, so the doctors can remote in and then control the breathing function. Now, if you had a full face mask you could ramp up the pressure to push the air back. I don’t know whether you could kill someone, but you could definitely disrupt their sleep for a long time and make their life miserable.

It’s those WiFi home devices that I’m then concerned about. It’s not the fridge killing me, but if the fridge is the initial vector, then into a breathing machine. Or even heart pacemakers that are Bluetooth connected. Could someone get in, via the fridge, into someone’s laptop, which then has the Bluetooth connection to the heart device for the pacemaker?

Si: There’s a beautiful murder case coming up somewhere in the future, isn’t there? Am I giving the criminal the plot now? I am so struggling to remember what series it was on television, that somebody carried out an assassination by Pacemaker in this television series and this was years ago.

I think it was probably more complicated at that point in time. I went through the sleep apnoea test as well, although I didn’t have a mask at the time. I was wired up to a million different things in The John Radcliffe Hospital in Oxford, overnight.

Desi: Oh, you did the overnight test. I just did the, I did the take home one. 

Si: If there’s nothing that is going to make you sleep worse than being wired up to a million different things overnight, I can’t imagine it.

Desi: Not in your own home as well.

Si: I have one of those CPAP machines. It’s Constant Positive Airway Pressure, CPAP machines and mine isn’t WiFi. I don’t know whether it’s better or worse. It’s actually mobile, it’s GPRS, it sends them to back via the cellular network.

Si: For free, I hasten to add. I didn’t buy the machine and, and don’t pay for the data.

Desi: In Australia you can put little Sim chips in them and some connect via WiFi. I was researching because I was trying to find the security researcher that hacked the CPA machines. There was another one. All CPAP machines now have an activated microphone by default. It’s meant to collect sound data, but it’s like another Alexa just collecting your voice data.

Si: I may have to check on that. I don’t think mine does, but I may have to check that.

Desi: When I was chatting to these people, because if I did need to get a machine, I want one that I just control. Happy to have a digital interface, but I don’t want to have GPS. I don’t want to have WiFi. If it does have WiFi, I want it to be disconnected and I want it certified that it is not connected. That it can be proven.

They couldn’t provide me, because it’s all like really closed network of these companies that sell these machines. So, none of the actual specifications are available.

To buy a machine that doesn’t have any of this stuff was like twice the cost. They’re just not produced as much, so they’re rarer to get and there was one company in Australia that you could get it from. That’s ridiculous.

It’s essentially pushing people who need these machines into this closed off market where their data, let alone the security concerns of someone hacking your own CPAP machine. The fact that these companies can then just harvest your data and you can’t do anything about it is horrible.

Si: I was enrolled into it automatically by the NHS and it’s really good, by the way, if you do need one. I thoroughly recommend.

Desi: I’ve got plenty of family that use them and they’re great.  It’s just the privacy concerns.

Si: I log into my app and it tells me all of my sleep data about how many what incidents in sleep apnoea, when you stop breathing.

Desi: To finish off on this CPAP rant that I had because I went down a rabbit hole last year about it. I think there was also a case where an insurance company had purchased the data and then denied someone, some kind of insurance claim because of it.

Obviously that person found out somehow, I think someone whistle blowed or something, and then they countersued as you shouldn’t be able to access that data because it’s private medical data.

That was interesting, I’ll definitely try and find all this stuff with the CPAP Machine. I might have notes somewhere, because I really went down a rabbit hole on this one. It was super interesting, because it’s a niche medical industry.

Si: That is an interesting question though, isn’t it?

On the one hand if you are disrupting someone’s sleep through a hack. I know how much better I feel for having been on it, versus not. How much less tired I am. If you can induce somebody to be in a state where they are more likely to have an accident, then there’s that.

At the same time, being told by my insurance company that, no, you were driving tired that day and therefore I’m not paying out on that accident claim that you’ve just put in. That sounds horrific. It’s an interesting topic perhaps to debate, which is that wearing an Apple smartwatch.

I think it’s an Apple smartwatch. You’re wearing a smartwatch of some kind.

Desi: Oh, mine? Mine’s a Samsung Fit 3. I bought the one where it’s not collecting much. It does step tracking, I can get it to do my heartbeat, and that’s about it.

Si: Oh, right. Okay, so it’s not as bad as it could be.

But even that if that was subpoenaed as part of an investigation into something about you, it’s going to start handing over data that normally wouldn’t have been collected.

Desi: There’s a recent one. Apple’s privacy lawsuit with Siri. They had a 95 million dollar payout. I’m just reading the article from Reuters.

They settled a 95 million dollar lawsuit for Siri, which includes probably some health data out of that, realistically.

I think they calculated per user what that was for how many estimated Apple users they have, and it was like 0. 09 cents per user.

I think it said how much Siri made in a year, and I think for Apple based on the data that they have. It’s not in this one. It was 205, from memory, but I can’t remember whether that was million or billion. Either way, 205 million is still above in a year, is above the fine that they got for essentially selling their data or using the data inappropriately.

All of these things and how it’s being fed into AI, and where all of our data is going, in terms of privacy, is an issue. When it’s then being used against us in health insurance claims and everything else.

Si: I guess the question is, are we heading towards the dystopian future of what was it?

It’s Tom Cruise Minority Report, isn’t it?

Desi: Where they predict the crimes and stuff?

Si: Predicts you’re going to commit a crime in advance and acts. To a certain extent, already we see it because there’s predictive algorithms.

Desi: Your cholesterol’s a little bit high; you’re definitely going to stab someone today.

Si: Yeah, that’s it. But predictive algorithms for policing patrol.

Desi: Yeah.

Si: They do do that sort of thing. To a certain extent, yes, we are. We are already starting to live in the dystopian future. Happy 2025 everyone. Actually, that was an interesting one.

Desi: Just as a side thing, I found the security researcher, which I’m very happy about.

Going back to the Apple thing. Apple will pay out 20 dollars to Siri users and users can submit a claim for each device they use. It’s not just an automatic $20; you have to submit it. Up to five devices or $100 total. Ridiculous.

Cancel the apocalypse, what we can learn from film set in 2025. Right.

Si: I came across this the other day. What the future has been predicting for us in 2025, Pacific Rim. There we are, we have Repo man. Reclaiming organs if you don’t pay your debts. I’m not sure Thor counts entirely.

But Pacific Rim. Large robots fighting in the middle of the Pacific to guide you, he says, stretching his knowledge of Japanese culture. 

Desi: Yeah, it is. Wasn’t it last year that Japan built the giant robot? The giant fighting robot? Then the U.S. were like, we’ll fight you, and I don’t think it worked. Was it Japan?

Si: I mean, if anybody’s going to have done it, it’s Japan, isn’t it? Let’s face it.

Desi: Oh no, it was a while ago. I was way off. It was 2017 when that happened. Well, those nine years went fast?

Si: Time is purely a social construct anyway.

So, what will 2025 actually bring? Hopefully it’s not large giant robots battling, or nuclear apocalypse, although that’s on the cards, it seems.

Desi: I don’t know whether we spoke about this actually, but I got recommended a series, which is also a book and I ended up listening to the audio book of it. It was about the US’s strategic preparation plans for like continuation of president and the White House, essentially. Like Designated Survivor, if you’ve ever seen that TV show.

What it did is go into the history of how all that started. When presidents essentially started to become targets for assassination they went into the world and were traveling around the country, that kind of thing. Then the Cold War with the nuclear deterrents that were going on between the two countries.

The presidents back then, I don’t think they do this anymore, but for a while, there was an assistant to the president that would always carry around the suitcase, which was the football, which had the nuclear armament codes, and that they could launch nuclear weapons.

I should look up what that’s called, but there is a series that you can watch in Australia it’s on SBS, so you could watch it on demand. It was very interesting to hear how there was this huge nuclear arms race, and then what essentially stopped two of the explosions were just people being really hesitant, not wanting to blow up the world, but it could have happened.

Then you see some of the dictators who are chasing nuclear arms who are just unhinged. An you’re like, are we going that way?

Si: I think that’s somewhat scarily been brought more to our perspective with some suggestions of the annexation of areas of land that are of strategic importance, shall we say. Like Greenland. Yeah, put the title of that in, that sounds fascinating.

I did watch some of Designated Survivor.

Desi: Raven Rock is the book. I’ll find the link for that and the TV series is called something else, but I’m sure if you’ve looked up Raven Rock TV series. Very, very interesting.

We’ve kind of talked a lot about AI. That was one of the things we wanted to talk about when we jumped on. The other big thing that we both spoke about a lot together last year and with the guests that we had on was mental health.

I don’t know about you, but I felt myself, and with a lot of people that I’m close to, 2024 was a rough year for a myriad of reasons.

This is me speculating, but I was thinking about this today before we were doing this, well this is my night time, before we were doing this. I was wondering if this is the hangover from COVID still. We had this massive pandemic and for me, that was a huge time sink.

Now, we’ve kind of lost two years, and then we’ve done two years. For me, now I’m like we now coming out of this, and there’s a lot more problems that are symptoms from what we all went through as a society, and even as we’re working.

I felt like cybercrime rose a shitload when we all went to remote work because there were so many workflow changes without any of the security in place. World economics and countries that are putting tariffs on each other, and there’s so much more turmoil than there seemed to be. Then that’s flowing from a macro level down to the micro community level as well.

For me it felt 2024 was like that. I feel like we were only just scratching the surface at mental health when we were chatting last year. I think, I know we wanted to focus on mental health again this year, and we’re going to have another host that’s coming on and he’s doing a few talks potentially around mental health as well that are going to be released.

Si: It’s interesting because I saw this informational video the other day. I will share and I’ll try and find a link for it that doesn’t go through Facebook, but this is the copy of it that I found.

I don’t know if I can share sound, but let’s just go with the video. It’s documented anyway, and it’s fairly self-obvious. It helps if I also share it, doesn’t it? That really helps.

Desi: I see what this is doing.

Who put out this ad?

Si: Sandy Hook, one of the US shootings.

Desi: I know it’s from one of the shootings, is this like a foundation thing though? Like, the Sandy Hook Promise?

Si: I don’t know, actually. I think it is. I’ll try and find out more detail.

Desi: Oh, it is. Sandy Hook Promise Preventing Gun Violence. It educates and empowers youth and adults to know the science to prevent violence in school shootings.

It’s a non-profit US organisation established in 2013. I’ll chuck that link in our show notes as well.

Si: Just the isolation, I think it definitely had an impact, I think it definitely had a feed into it.

Desi: Yeah. Well to share a bit of a personal story, I got out of the military in 2021, I think? No, September 2020. I think September 2020. COVID had started at the end of 2020 and then we went into it.

During that time a whole bunch of defence stuff, defence is great sometimes and then not great other times. I think coming out of defence you lose that familial network of peers. Then hitting COVID straight away. I’d also ruptured my Achilles and had just had surgery as well. So, I was like house housebound for kind of eight months straight.

The year and a half of COVID where it was very limited interaction, for me exacerbated quite a lot of social anxiety. Which is weird because I jump on this and I can chat to you and one on one is, is fine. Doing podcasts and all the content that I put out is fine, but I found coming out of that, it was very hard to go to social gatherings, even with friends if it was more than like three of us there.

To the point where, plenty of times Liz and I would jump in the car to drive and I’d get halfway and I’d be like I can’t do this. I didn’t think anything of it. I was just like, oh, I’m just tired, or there’d be all this other stuff. I’d drop her off, and then I go pick her up afterwards.

Then I went through an assessment process from post military through Defence Veterans Affairs in Australia and part of that’s a mental health assessment. I had all these things that I wanted to talk about from when I was in the military, but as I was talking through them, and he was asking me questions about what I’m like now, I was explaining some of this stuff. I thought that I’m way more fucked up than I had realised.

I think it is typical for a lot of veterans to feel isolated, but then I think COVID made it so much worse because my workmates all still lived near me, but we couldn’t hang out and have beers because of COVID, so there was none of the getting out and still hanging out with friends for a little bit and making some new friends. It was just you’re in lockdown and that’s it.

I think that’s where I was kind of coming at it from. 2024 for me was my realisation year that, that happened. It’s still bad, I haven’t solved any of that, but it felt like that for a lot of people that I spoke to. It’s hitting them that they’re having to go out in the world again now, because there are workplaces that are return to work three days a week kind of thing, two days at home. I think that’s stressing people out because they’re like, I haven’t had to do this for four years.

Si: I’m going to say that the return to work thing is actually a particularly interesting one because, I work at home anyway, so it’s not really an issue for me. But I know that for a long time, even before COVID hit, what I was doing in a day was going into an office, sitting at a desk, typing on a computer and interacting with people for maybe an hour in that day.

I used to travel a lot for work, not in the sense of I used to travel a lot like you do to go to conferences and go places and seek clients, I just used to do an hour plus commute every day to get there and an hour plus on the way back. I was wasting two and a half, three hours of my day, occasionally on one particular job, four hours of my day, getting to a place where I sat at a desk.

The somebody goes, you can work from home. Great. I have four hours of my day back. That’s 20 hours a week that I am not spending getting to somewhere to earn a living when I don’t need to be there. I think a lot of knowledge workers are actually objecting to that encroachment into their personal life again.

It’s not the issue of being in the office. If there was a transporter that would take them there for the meeting that they need to see people for and then they could be back in the comfort of their own home, sitting at their desk, doing the things that they do anyway. I think the return to work thing, as well as that we’ve forgotten how to be social animals to a certain extent. I think that’s quite a weighty conversation.

It’s interesting the way that certain employers have taken it as well because it’s like some employers were like, right, we’re going to save all our costs, scrap all our offices.

My accountant did this. In fact, he doesn’t have an office anymore. He’s only a small firm, but they figured out that everybody was working from home, it was all going perfectly swimmingly. So, they now don’t have an office. Everybody’s perfectly happy. Whereas others are now saying you’ve got to be back in three days a week, minimum.

Desi: Yeah.

Si: So yeah.

Desi: I think beginning in 2024 when I started seeing it, I was against the whole.

It’s never been a threat for anywhere I’ve worked. All of the companies that I’ve worked for since I left the first initial cyber job that I was in when I first got out of the military, have been American companies and they are remote work.

So, start of 2024, I was like this sucks for a lot of people, but I think even myself sometimes, if you only interact with people for one hour a day, it really depends on what your home life is like.

If you’ve got a family, maybe you’re taking your kids to sport, you’re interacting with other parents and you’ve got social interaction in that sense, then work from home makes 100 percent sense. You’re getting the human need of human interaction, physical human interaction, because I think that’s different from you and me being on a call.

I loved when I came over and you showed me around Oxford. Fantastic. I’m not saying this is shit, but it’s way different from the catch ups that we do. So, Liz has had a very busy year at her work, she’s been away a lot for trips for her work and is very busy all the time and I’ve just got the dogs. My human interaction, I’ve found, is very minimal.

If I’m not forced to do it, then I don’t need to do it and it was already an issue for me to avoid it. I definitely felt that towards the end of the year. Especially when I was going through all the shit towards the end of the year, I was like I actually don’t have any work friends that I could just go for a coffee with and sit down, and have a chat.

Sure, I could arrange a call and have a coffee with someone, but that isn’t the same as let’s just go for a coffee because you’re at work. I’ve definitely appreciated having that in the past. I think it definitely depends on your family dynamic, where you’re getting your social interaction and that’s just the individual human side.

There’s definitely arguments either way for companies. On the other side, because my background now is insider risk. Insider risk is much easier to manage when you’re in an office. It is much harder when you’ve got a remote workforce. But then it’s also how society has gone.

You used to live in a house and you drive five minutes to the factory. Whereas city costs, cost so much, which is where all the tech centres are with knowledge workers, and what you were doing is now a commute. Now if businesses were hiring you and then paying you for that commute, you might be less opposed to doing an hour commute, because you can listen to a podcast, you’re just driving into work, but it’s part of your job.

When companies say we’re going to employ people from two, three hours away. I think if they took that stance and they only going to hire people in the city, and then no one can live in the city, they’d find out pretty soon that they’re not going to have any workers.

There’s economic arguments and time based arguments etc. But, it’s a tricky balance. It feels like an us versus them. Going full circle back to what we were talking about at the start, sensationalised media. That’s what the media is like.

Every article title that I read about return to work, work from home, it’s like companies are losing all this money, but then on the other side they’re making Brenda, who’s like a single parent, travel two hours. It’s not clear cut. Let’s have balanced reporting, but I don’t think most journalists know how to do balanced reporting.

Si: Balanced reporting doesn’t sell. It’s that simple. Looping back around in conversation perhaps this is a good parting point for us, is that boring articles that are very fair and reasoned aren’t going to sell newspapers if you don’t have killer AI machines.

Actually, the headline the other day on the Daily Star was how to survive a Yeti attack. So clearly, they know their target market. I have to say, I have taken the photo of covers of that newspaper twice in probably about two weeks because it’s caught my eye, because I’m human, because I’m a magpie like everybody else and I look for shiny and it does that.

We’re a victim of our own success as a species, aren’t we? We pull it out. We want to hear about the gossip. It’s very interesting, two books, I don’t know if you’ve read either of them. One is the Selfish Gene by Richard Dawkins, which is a fundamental exploration of evolution, funnily enough.

Where Darwin specifies that the item that evolves is the species. The species does it. Richard Dawkins puts forward the suggestion that actually it’s the genes because the gene is the bit that gets transmitted and survives. The animal doesn’t, but the genes do. It’s very interesting thing in that regard. The other book is Humans by, and I’m going to get his name wrong, unless I look it up.

Desi: It’s not A Brief History of Humankind? Yuval Noah Hari

Si: Yeah, that’s it.

Desi: Or Sapiens.

Si: That’s it. This is what happens when you don’t make notes before you start a show, and then think of things on the fly. But yes, that one. Obviously, you know, communication and gossip and things that build us as a society are hugely advantageous to us.

We value information, and that information means that. I don’t. associate myself with someone who is a risk to me. Gossip basically exists to go, you know that bloke who lives down the street, he’s a bit dodgy, stay away from him. Means you stay away from the guy who lives down the street who’s a bit dodgy. That sort of thing is actually a survival instinct. It’s something that we as human beings do.

Gossip for us is actually a hugely important aspect of our societal structure and as we build into larger societies the way that we communicate these things is by the press, by television, by word of mouth. We still want the gossip. We still wants the things that are going to stick in our mind as important facts.

Fear AI fridges and perhaps it’ll work, perhaps we will stay away from AI fridges. Perhaps it will stop them from getting world domination and imposing a lifetime of ice cream upon us or something.

I don’t know. We are victims of our own success in this, but what we’ve done is then gone off and created a bunch of tools that allow us to make up stuff completely fictional.

Desi: That’s the thing, right? Gossip, and especially language, has evolved.

Us evolving when language started, the gossip would have been to protect the tribe from external threats. When you think about it, maybe like a from threat within the tribe would have been potentially someone with like a mental illness that was struggling

So, that was gossip to stay away from them, which I think is interesting because I mental illness has been a big thing that I’ve been looking into this year around the different disorders that exist and also, into the research that exists. It’s still quite infant when you look at it because the human brain is such a hard, complex thing to map, let alone understand the actual thought process that’s in it.

Then how does that play in it. Then we’ve gone and created all these methods to create fake things. Then we’ve also created all these networks to then publish all this information very fast so that we can’t even fact check. The news cycle used to be the 24 hour news cycle and it would go into a static paper. Whereas now, the news cycle is like a minute.

Si: I was going to say 24 minutes would be good. It’s not even that long, is it?

Desi: Well, when you look at the attention span of most people and what reels are these days it’s like 15 seconds. How much information can you put in front of someone in 15 seconds? They’re scrolling through that for an hour. How much information are they taking in? How much of that’s fake?

Si: This is a really good question. How much of it are we taking in? I remember the informational piece I showed. I remembered that from an Instagram scrolling session, admittedly. It’s obviously successful enough to have caught my eye and to be memorable. But if you asked me what else I’d scrolled past, I have no idea.

Desi: That’s probably good point to end, because it’s late at night for me.

Si: Yeah, I was going to say, it is very late at night for you.

Desi: That was quite a good recap. We’ll capture some more links to put into the show notes, but we’ve got quite a few there.

Si: I think it was a good warmup for the year. Hopefully we can get a few good podcasts set up. We’ve still got Brett Shavers to organise. Between the three of us, we have singularly managed to fail to coordinate a workable time.

Desi: There was quite a lot of travel towards the back end of the year. Which I think hit all three of us at some point.

I think when we first tried to book that in, I was actually working remotely in Thailand at the time.

Si: Yeah, you were in Thailand, he was in America, I was in the UK. Then he was in Japan, you were in Australia, and I was in the UK. It just didn’t pan out. But we will figure it out. We will get there.

So that’s certainly coming up, and hopefully we will have conversations again with all our good friends. I’m pretty sure that Amped will be on again with the AI image generation. I know that they’ve just released modules to do with reflections and reflection tracking, which is really interesting and an exciting piece of work.

Again, it’s something it doesn’t get right yet, so if you can start to figure out those things. So, that’s another good way for picking it up if you have a reflective surface within.

Desi: I am optimistic for this year. Excited. It will be, I don’t know how much you’ve been tracking cyber threat actors, but as always, Christmas was an exciting period for our cyber defenders out there. We’ll probably see that trickle down into cybercrime. It will be a busy start of the year for those people and I think the message there is to take care of your mental health.

I’ve been there before, and you probably haven’t had much of a break, and you’re probably running into a very busy start of the year with a lot of companies coming back, realising that they have been breached.

Then to all of our Digital Forensics friends as always, there’s lots of mental health issues there, was chatting to a few of them over Christmas as well around, a bit of burnout. There’s a few people who changed different roles from the criminal side into more admin roles. So that’s always an ongoing concern, but it will be a big topic for us again this year, I think.

Si: I think it’s always going to be a big topic.

The question is, is are we going to get to the point where there’s something that’s actually being done about it or not? 

Desi: It feels like at the moment, and where we were getting to at the end of last year, is it’s more of that exposure in those roles that haven’t had it before. If talking about it more on here helps push it out more, gets it in people’s minds, then that’s a good thing.

Si: Absolutely, and maybe some decision makers somewhere up the tree will listen and go, maybe we should invest some money in this.

Desi: I guess the message that we’ll leave you all with, as Si and I sign off, is that if you are feeling lonely, there are plenty of services that you can reach out to. I know Lifeline’s a big one in Australia that’s reached out to a lot over the year. You’ve got Beyond Blue. We’ll try and dig out a list and we’ll put those in the show notes as well.

Si: We’ll make sure they all get put on to the end and indeed if any of you are really struggling pop onto the Forensic Focus, he says, also in the vague pitch attempt Discord channel. If you DM me I’m, I’m happy to have a chat with you personally.

I’m not qualified, but I have been where you are so, do let me know.

Desi: Also, to the people that aren’t struggling, if you are working remotely, reach out to your peers is what I’d say. Christmas and the holiday period itself is a very stressful time for a lot of people because families aren’t always a great time.

So, if you are doing well, then reach out to the others and try and have a deeper chat than you normally would. Especially at the start of the year as we move into 2025.

Thanks everyone. We will see you in a lot more podcasts this year. Hopefully we’ll make it out to a few conferences and can meet you in person. I am excited to be back. Forensic focus. I think this is going into our third year, right? I think like we were kind of halfway through. We’ve definitely done two new year things. So, it’s going to be at least, at least one year full plus others.

Honestly, when I started this, I was like, this will be a quick year-long thing, but here we are three years later and it’s still going.

I’m keen to keep doing it. Good stuff. All right. Well, we’ll catch you all next podcast.

Si: Bye everyone.

AI Takes The Stand: Revolutionizing eDiscovery In The Legal World

Artificial Intelligence (AI) is no longer a distant future technology but an integral force driving change across multiple industries, including the legal sector. Specifically, AI is revolutionizing the practice of eDiscovery, where legal professionals face the daunting task of managing vast quantities of electronically stored information (ESI). As data continues to grow at an exponential rate, AI has emerged as an essential tool in making eDiscovery more efficient, cost-effective and accurate.

This article delves deeper into the significant ways AI is reshaping eDiscovery processes, with a focus on recent developments, key technologies like machine learning, natural language processing (NLP), predictive coding and ethical considerations in AI’s legal applications. We will also explore the practical implementation of these technologies and discuss the evolving future of AI in legal discovery.

1. The Shift Toward Automation in Document Review

Document review has historically been one of the most labor-intensive and expensive phases of eDiscovery, often requiring large teams of legal professionals to sift through millions of documents in search of relevant information. With such a high volume of data, the risk of human error and oversight can be significant. AI is reshaping this aspect of eDiscovery by automating large portions of the review process and increasing both speed and accuracy.

Machine Learning and Predictive Coding: Predictive coding, a subset of machine learning, has become one of the most transformative AI technologies in eDiscovery. It allows legal teams to train a machine learning model to recognize patterns in data—specifically, to categorize documents based on relevance. Legal professionals mark a sample set of documents (typically a small portion of the dataset) as relevant or irrelevant, and the AI system uses this data to “learn” and categorize new documents.

Predictive coding is highly effective in reducing the volume of documents that require manual review. It allows legal teams to prioritize the most relevant documents, significantly shortening the time required for document review and reducing associated costs. The AI model continually refines itself as more documents are reviewed, a process known as continuous active learning (CAL), ensuring increasing accuracy throughout the review process.

Case Example: Da Silva Moore v. Publicis Groupe

The adoption of predictive coding gained momentum following the Da Silva Moore v. Publicis Groupe case, which marked a pivotal moment by being the first federal case to formally approve the use of this technology for discovery.

In this case, predictive coding was employed to sift through over three million emails, achieving an impressive 86% accuracy rate in identifying relevant documents. This drastically reduced the time and expenses typically involved in manual document review, showcasing the technology’s effectiveness in streamlining eDiscovery processes.

Recent Development: Companies like Relativity have integrated predictive coding into their platforms, providing legal teams with powerful tools to scale up eDiscovery reviews. These platforms offer features like CAL, enabling the system to update categorization models based on ongoing review, improving efficiency and accuracy in real time.

2. The Role of Natural Language Processing (NLP) in eDiscovery

Natural Language Processing (NLP) is an AI technology that enables machines to understand and process human language. NLP is having a profound impact on eDiscovery by enabling legal teams to extract meaningful insights from vast amounts of unstructured data, such as emails, contracts or social media communications.

Entity Recognition and Sentiment Analysis: NLP tools can identify key entities—people, organizations, dates and locations—in large document sets. This capability is invaluable in helping legal teams focus their efforts on critical documents and ensure they do not miss key information. Additionally, sentiment analysis powered by NLP helps legal professionals understand the tone of communication, which can be crucial in cases involving defamation, fraud or other emotionally charged disputes.

Document Summarization: NLP is also being used to generate concise summaries of lengthy documents, reducing the need for manual reading and allowing legal teams to focus on key points. By scanning through large datasets, AI models can identify relevant clauses, terms or references in contracts, speeding up review cycles significantly.

Example: Dentons has developed an AI platform for contract automation that incorporates NLP to interpret and automate contracts within the Contract Express system. This technology enables the AI to understand and process contract language, reducing the time needed for automation. The platform is designed to be user-friendly, allowing lawyers with minimal technical expertise to automate contracts efficiently. The use of NLP is central to the platform’s ability to work with various languages and streamline the contract drafting process.

3. Scalability and Efficiency: Reducing Costs and Increasing Productivity

As the volume of data continues to expand, traditional methods of handling eDiscovery become increasingly unsustainable. AI’s ability to scale up processing capacity without increasing the need for human resources makes it an indispensable tool for law firms and in-house legal departments dealing with high volumes of data.

Automating Routine Tasks: Legal teams can automate tasks that would traditionally take hundreds of hours of human labor, such as document classification, keyword searches, and data extraction. By automating these processes, AI allows legal teams to allocate their time and resources toward higher-value tasks, such as formulating legal strategy, client engagement and expert consultation.

Cost Efficiency: In terms of cost savings, AI-powered solutions have proven to be highly effective. By reducing the amount of time required for manual document review, AI can reduce costs associated with hourly billing, freeing up resources for more strategic legal work. For example, using AI to handle the initial review phase allows firms to pass on the cost savings to clients, making their services more competitive.

Example from the Field: JP Morgan Chase has transformed its contract analysis process with the introduction of its AI-powered system, COIN (Contract Intelligence). This technology uses natural language processing (NLP) and machine learning to swiftly analyze complex financial documents, drastically reducing the time and costs associated with manual reviews. COIN enhances accuracy, consistency and scalability, while helping the bank ensure compliance, manage risks and improve customer service. By automating the analysis of contracts, JP Morgan Chase has set new industry standards for efficiency and precision, underscoring the pivotal role of AI in reshaping financial services.

4. Ethical Considerations: Bias, Accountability and Compliance

As AI continues to reshape the legal landscape, it brings with it a host of ethical and regulatory challenges. The deployment of AI in eDiscovery raises critical questions about transparency, bias and compliance.

Mitigating Bias: One of the key ethical issues with AI tools in eDiscovery is the potential for algorithmic bias. AI models are only as unbiased as the data they are trained on, and if historical datasets contain biases, AI can unintentionally perpetuate them. In legal contexts, this can result in unjust outcomes, such as biased document classification or the exclusion of relevant information.

Regulatory Compliance: As AI tools handle increasingly sensitive data, compliance with legal standards—such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the U.S.—becomes a significant concern. Legal teams must ensure that AI tools respect privacy laws and adequately protect sensitive information during eDiscovery.

Transparency and Accountability: Ensuring transparency in AI-driven decision-making is vital, especially when AI tools are involved in legal proceedings. Legal professionals must understand how AI systems make their decisions to provide accountability and ensure the accuracy of the results.

5. The Future of AI in eDiscovery: What’s Next?

As AI technology continues to evolve, its potential applications in eDiscovery are only expanding. We are seeing the development of more advanced AI tools that not only support predictive coding and document review but also provide deeper insights into case strategy, legal research and even predictive analytics for trial outcomes.

Generative AI and eDiscovery: The rise of generative AI technologies, such as GPT-based models, is opening new frontiers in legal discovery. These systems are capable of generating human-like summaries of documents, suggesting case strategies and even providing automated legal research. As these tools become more refined, they will further revolutionize the way legal teams approach eDiscovery.

Integration with Legal Analytics: AI is also increasingly integrated with legal analytics tools, enabling legal professionals to predict case outcomes based on historical data. This integration will empower legal teams to make more informed decisions, predict the trajectory of litigation and optimize case strategies based on data-driven insights.

Conclusion: Embracing the Future with AI in eDiscovery

AI is undeniably transforming the eDiscovery process, offering significant improvements in efficiency, accuracy and cost-effectiveness. With its ability to automate document review, process vast datasets and extract actionable insights from unstructured information, AI is helping legal professionals tackle the growing complexities of modern litigation.

As AI tools continue to advance, the legal industry must address important ethical, compliance and transparency issues to ensure that AI is used responsibly and effectively. By embracing these technologies, law firms and legal departments can not only streamline their eDiscovery processes but also gain a competitive edge in an increasingly data-driven legal landscape.

The future of AI in eDiscovery promises even greater innovation and efficiency, from predictive analytics to advanced legal research. For legal professionals looking to stay ahead of the curve, understanding and adopting AI-driven solutions will be essential for navigating the challenges and opportunities of tomorrow’s legal world.

About Cellebrite Enterprise Solutions

In a world that’s evolving rapidly, Cellebrite Enterprise Solutions looks beyond the horizon to design solutions to keep data within reach, transform it and reveal important insights to protect your business and employees. From headquarters to home office, e-discovery professionals and corporate investigators can access endpoints anywhere with Cellebrite’s enterprise solution offerings.

Alexis Brignoni, Special Agent and Digital Forensic Examiner, FBI

FF: Alexis, tell us about your background and how you ended up in your current role at the FBI.

When I graduated college, I went to work in the information technology department of the university I graduated from. As I was thinking about what I wanted my career to look like down the road, I came across the FBI Special Agent position on the USAjobs.gov website. At that time, 17 years ago, they were looking for candidates with technological backgrounds as well as foreign language speaking abilities. As a computer science graduate with an MBA in Management of Information Systems, who also happened to speak Spanish natively, I had the right skills at the right time. After a very hard and intensive process, I was given my badge and credentials as an FBI agent. It goes without saying that this was one of the proudest moments of my life.

One of the many good things about the FBI is that we want to hear from people with all different levels of experiences and skills that are interested in keeping our country safe while doing meaningful work every single day. Folks can go to fbijobs.gov and research all the different careers available at the FBI.


FF: What does a typical day at work look like for you?

AB: As a Computer Analysis Response Team (CART) Digital Forensics Examiner (DFE), it is my job to Identify, Preserve, Analyze, Document, and Present on items of interest from digital systems and media. This means I will be working on mobile devices, computers, and even vehicles (cars, trucks, EVs) in order to determine the truth of a past event as recorded in these devices.

Most of my work involves mobile devices like iOS and Android cellphones. This fact informs my approach on the open-source tools I maintain, as well as how I understand developments across the broader field of digital forensics. It is important to underline that neither the tools nor the opinions I express are endorsed by the FBI. These DO NOT represent or reflect on the FBI or FBI policy in any way. I speak only for myself and no one else.

It is important to recognize that this truthful reconstruction of the past from digital media by a skilled DFE can demonstrate guilt, or innocence, in the context of a legal proceeding. This fact places on the DFE an immense level of responsibility. Getting it wrong is not an option. This is why for 2025 I want to focus on three aspects of the DFE that speak to our quality as individuals beyond our technical knowledge. These are:

  • Probity. It is defined as having strong moral principles. We are not here to please our stakeholders. We are here to find and present facts. Probity is leaving our beliefs at the door and working based on our values, with the value of truth being the one to lead us.
  • Attention to detail. Accuracy is key. Being able to look at massive amounts of data in order to pick out what is really important is a skill we have to consciously work on every day. It requires discipline and work ethic, especially when you are pressured to get results quickly. DFEs need to push back and assert that attention to detail takes time and is a requirement we won’t compromise on.
  • Due Diligence. This is what we owe our cases, what we owe our stakeholder, and what owe to ourselves. We owe our cases time, expertise, and thoroughness. We owe our stakeholders concise, clear, and accessible explanations of our work and how it impacts the case. We owe ourselves to reflect on what we could do better, to make time to self-train and to conduct research. We owe ourselves to not be content with being mediocre and making sure we share what we learn with others.

FF: Tell us about your RLEAPP, ALEAPP, iLEAPP and VLEAPP open-source tools and how they benefit digital forensic practitioners.

The tools are collectively known as the LEAPPs and their purpose is to quickly triage items of digital evidence using an open-source framework. They are coded in Python and are designed to be accessible to developers with a beginner level of experience, while providing for the complexity advanced developers need.

One of the benefits of the framework is that it automates the ingestion and reporting of data, which means it is easy and quick to build a parser for an artifact that third-party paid tools don’t support yet.

We are currently working on a new reporting system called LEAPPs Artifact Viewer App (LAVA) that we unveiled recently at the 2024 Cyber Social Hub Conference. It will allow for faster, modern, and efficient reporting of LEAPPs’ parsed data. Folks can sign up at LEAPPs.org to receive notifications of the latest LEAPPs releases, as well as when LAVA will be made available to the public.

As data sources multiply exponentially, we can’t expect paid tools to keep up with all our parsing needs the moment we might need them. The job of the DFE is not to just use tools or press buttons to see what the tool is unable to identify. The main job of the DFE is to be able to recover, parse, and interpret data when the commercial tools cannot. This assumption that commercial tool output is all encompassing is a willful negation of our due diligence responsibilities.

Since the tooling is open-source, transparency is built in. Anyone can look at the code and follow the operations of it. Even though source code access is not needed for validation and verification, having it does help.

I believe the future will favour the DFE that uses tools, knows code, and understands how relevant technology operates, while also being able to put it all together in the context of an investigation. Alex Caithness has said: “Learn to code because every artefact exists because of code.” I agree. This understanding needs to be part of every DFE skill set moving forward if we are to be successful in our mission to uncover the truth, wherever it might be.

FF: Are there any other challenges within digital forensics for which you’d like to see open-source solutions?

I would like to see not only open-source development but also any type of development that grows our understanding of how memory operates in Android devices. MSAB is doing great work on this front and I would hope others will join them in this area. Memory analysis of Android devices is an area that many are not aware of, and we need to be. Unlike RAM analysis on computers, the memory of an Android device keeps data between reboots and after turning the device off. This means there could be a lot of data persisting in memory that might not be found on the device’s storage anymore. I welcome any and all developments in this direction.

FF: Tell us about the Digital Forensics Now podcast. What is it like being the host of such a popular show?

When I proposed the idea to my wonderful and amazing co-host, Heather Charpentier, we had no idea how well received the podcast would be by the community. It has been a little over a year since we started the podcast, and we are enjoying every second of it.

I believe the podcast is filling a need for consistent content that speaks specifically to current matters in digital forensics, as opposed to other podcasts where the focus is the broader fields of incident response and cybersecurity. We have tried to stay away from making the podcast an interview show, in order to present the current news and our opinions on these topics of interest.

To me, one of the unexpected sources of value that the podcast provides is the chat community that has grown when we are live on YouTube. I know you won’t find a more active and smarter group of people than the folks that chat with us when the show is being streamed live. We leverage their knowledge during the show for the benefit of the rest of the audience but also, and mainly, for our own benefit. I don’t have enough words to express how grateful we are for the folks that chat live, the ones that send us messages over at our podcast’s social media presence, and for all the opportunities the podcast gives us to disseminate important information with a personal touch from those that are active in the field.

FF: How do you see AI evolving in the digital forensics space, and what safeguards need to be in place to ensure its proper use?

This is a great question that could easily fill a 300-page dissertation. From my perspective, current generative AI implementations come with a risk level that has yet to be mitigated by standardized policies or procedures. It is also important to recognize that adoption proponents rarely talk about AI limitations and how using those systems might affect current processes. There is work to be done before we add these technologies into our workflows.

If DFEs start using Large Language Models (LLMs) without output verification, we will quickly find that such reports will be filled with errors. In fields where the output can change lives forever, like medical or legal, we need to go slow and make sure we are doing things right.

Some things to consider:

  • Discovery responsibilities. I can easily foresee an immediate future when the opposing party in a legal proceeding will require the prompts that were given to the AI in order for it to achieve the provided output. Are the prompts consistent with the legal authority provided? Has the AI touched upon matters not covered in the legal authority? Legal proceedings are based on transparency, and we need to start thinking about how to make these technologies more transparent, in regards to how they work and how we explain the way they work. More logging and more traceability are needed.
  • Training data provenance and bias. Where has the training data come from? Has it been procured in a way that does not violate the authorship rights of others? In the same way we will never use unlicensed software, do we know where the training data came from? There are many documented cases of bias manifesting in AI output. Bias needs to be fully avoided. We need to establish not only best practices on usage but also best practices on how to compile the training data to be used for these systems within our field.
  • Lack of consistent answers / variability. AI will give you the same answer to a question only once. The multiple answers to the same question might change a little, a few words here or there, or they can change a lot, to the point of hallucination. This means that current validation processes are not suitable for AI, and therefore all AI output needs to be verified for accuracy. We need to think about validation processes that are suitable for these technologies, while realizing the time limiting reality that these tools impose when the verification of every single piece of output provided is needed.

FF: And finally, apart from coming up with brilliant digital forensics memes, what do you do in your spare time?

I love memes! Being able to make a joke that other DFEs relate to brings the community together. We are not as distant as we might think we are. Even if you are the single DFE in your office, there are thousands of others that understand you, want to help you, and laugh with you when you enjoy a meme about our field.

Memes are great, but I do like other things. Since 1998, I’ve been playing a video game called Starcraft. I love lifting weights but hate cardio. Teaching is an activity that fills me with joy.

Because of that, I am proud of being the author of the Android portion of the IACIS Mobile Device Forensics Course and also the author and instructor of the data structure portions of the IACIS Advanced Mobile Device Forensics Course.

I literally love long walks on the beach and reading books but mostly the audible kind. At the end of the day, there is no real spare time. We decide what we do with the time we are given, and my hope is to use it as best as I can.

Detecting AI Fakes: Forensic Image Analysis With Cellebrite

Si: Hello everyone, and welcome to the Forensic Focus Podcast. Today (as was being briefly discussed before I pressed the record button) I have the first forensic married couple that I have ever interviewed. And we’d like to welcome Heather back, who’s been with us before, and Heather and Jared Barnhart, who are both from Cellebrite, and who have come on today to talk to us about some work that they’ve been doing with regard to AI and image analysis on the basis of forged and fraudulent images created by AI.

So, first of all, thank you very much for coming back. Obviously, we didn’t manage to put you off last time, so that’s a good sign! And also, thank you for coming to talk to us about something which is incredibly topical at the moment. I mean, I was away last week at a conference in…I got to go to Europe. I went to Luxembourg. It was fun for me.

But the conference on AI and the law and criminal cases and certainly the idea of bringing deep fakes and things into the courtroom is a huge worry and concern to lawyers and in the criminal law academic community and we’ve seen some cases already whereby…perhaps not necessarily if the actual material has been present, but people are sort of starting to try and use the AI defense as opposed to the Trojan defense, and we’ll touch on that in a minute. But you know, obviously working together and being married wasn’t enough for you, so you decided to go off and do some research. What prompted this? What brought you onto this? 

Heather: I would say my whole RSA talk last year on sextortion and then the Taylor Swift deep fakes. That was kind of a huge thing in our house. We have three little girls and Taylor Swift is queen and you don’t do wrong to the queen. So I think just the fact that we started generally…AI is huge. Everyone is like, “oh, you must talk AI.” And this is sad, but true. I knew if we threw an AI topic into techno security, we’d get accepted. So it was like the guarantee in, but then we didn’t know what to do with the research because we truly didn’t know what we would find.

Jared: Yeah. I think in the last 12 months or so, we’ve sort of lived this fun, watch a video and think, “is that real?” You know, just that casual feeling and of course it’s real. And I was like, “no, that’s definitely not real. Look at the…”, and then you start to pick apart visually some of these things. And now it’s, I guess happened so quickly that it’s almost a zero trust of…I can’t even believe what I see. And so it just kind of worked, I guess. 

Si: I mean, obviously it came at a very pertinent time. And, you know, for listeners, this is being recorded the week after the results of the US election were announced. And we won’t go into politics, because that’s something that it’s best to steer clear of, I think, for various assorted reasons. But, you know, there were suggestions on all sides that created media was being there. And the fact that you…I mean, we’re professionals and we look at something and we have natural skepticism built into us! But it is getting so good now that the lay person isn’t going to pick up on it straight away.

So, you know, raising public awareness is definitely a thing. So, I mean, has that sort of tainted your view of it as well? Or did you finish off on…or I was going to say the Taylor Swift stuff was clearly related to the election itself anyway. So some of it, some of it other stuff. So what do you think the biggest sort of risk is now? Is it that people are so unaware or is that it’s so good? Or is it just…where is the actual problem? Is it that we are so trusting of media or is it that we are not, you know, not critical enough. Or what do you think?

Jared: We actually had this talk in the last few days of…as consumers, we get our own flavor of the internet and flavor of whatever we are choosing to participate in. So her feed on a certain social media platform is strikingly different than mine. And as we would discuss, “I didn’t see that, or I didn’t hear that.” And it’s sort of got us thinking about not just trust of, like, is this one thing real, but that we’ve fallen into this, I guess funnel as consumers.

And some of the truth that’s out there will never even hit my platform that I’m choosing to live on. So it’s not just true or not, but which version am I getting of what’s out there and then the thing that I see is that thing even believable? So it’s become quite complicated as individuals to understand what truth is. And I think that is going to…

Heather: And our kids (so think of the next generation), our kids range from 7 to 12. They believe everything they see. So it’s like, “oh, I saw this thing, this is true.” Or “did you see…?” It could be…they love Benson Boone too, it could be Benson Boone broke up Travis Kelsey and Taylor Swift and they saw a video, so it is the truth. And now all things must occur. But kids have no idea. And I think that is also…oh, I say kids: my dad, my dad has no idea. I have no idea half the time.

Jared: Yeah, I mean, less technical people or those who maybe aren’t as skeptical as some of us in the forensic cybersecurity arena, they just accept that what hit the screen is a lot of times a fact. And it’s a wild environment right now as to how different those things are.

Si: I was going to say, it’s interesting because it’s a sort of a bit family folklore, but my youngest daughter, I mean, she’s 18 now, so she’s well past…well, she’s not well past receiving media…that’s very true, but she’s…I’ve built a healthy skepticism into her over the last 18 years that at least makes her question things. But once upon a time, you know, for her, she went with her mum to a cash machine and tried to swipe on the screen on a…so an ATM. Because for her, touchscreen was such a natural interface.

Do you think we’ll get to a point where the next-next generation perhaps are so media savvy that they don’t believe anything? Or do you think it’s curable? Do you think it will reintroduce skepticism? When they realize that, you know, what they see isn’t necessarily true?

Heather: I personally fear it will get worse. I think that they don’t even take pictures and share photos unless it has a filter. They’re immediately changing everything about themselves. Like our two oldest have phones. They will rarely take a picture that is not filtered or something added to it nonstop. So that is their reality. Like, they never had to develop film and wait for doubles and…remember all that? Like, it was crazy you get one shot and then you get two copies and that’s it .

Si: Yeah after waiting a week as well! That’s the other thing, yeah.

Jared: I think that we’re definitely trending in a direction where we will perhaps focus instead of on maybe like large networks of, “I prefer this network versus that network” that we will actually tune into individuals. And I think that’s been a thing for decades of a certain host of a show that you engage with better than someone else.

But I know for me in the last few years of a lot of sort of misinformation, disinformation, obvious campaigns to lead people in one direction or another, whether true or not, that I have latched on to certain people in the media that I believe that I can trust as, you know, doing due diligence and things like that. I do worry that the generation that we…ahead of us is all in on the network and the generation behind us, I have no idea. I mean, what will they…what is true to them?

As Heather said, we have a Snapchat generation that every…the first picture they ever took, they thought it would be fun if my face looked better. You know, and that’s, you know, a terrible thought. But not just better, but now., “I want to, you know, have some other feature.” And so everything has been some sort of AI spun improvement or change. And that’s the normal, much like you’re swiping at the ATM screen. Like, her normal is that that screen is supposed to behave with her finger and it’s, you know, it just didn’t so…

Si: Yeah, I think it’s interesting because I think you’re absolutely right. And also, I think there’s the sort of the insidious back end of that, which is the computational photography that’s built into certain devices. It infuriates me. I have some fantastic cameras. I still have some film ones. I still develop film. So I’m very aware of that. I do it myself and it’s fun to do of a weekend, but my wife will pick up her phone, an Apple phone and we’ll take a far better photo than I do with my thousand pounds worth of camera because it has the computational photography built in that does that. But obviously that’s not 100% of true representation of…or is it? I mean, that’s a…it’s a philosophical debate as much as anything else really.

But what I’ve certainly seen people asking is that where people are using phones to take pictures of injuries that are then being cited in domestic abuse cases, is that is that a real bruise or is it enhanced by the fact that the color has been, you know, jumped up, popped, to make it pop? And, you know, that sort of issue is definitely prevalent as well as the, you know, deliberate attempts to distort or to auto enhance, but…to make things look that way.

So, you know, in terms of the research that you’ve done so far, how are you getting on with detecting these sorts of things, especially once it’s been put into something like Snapchat or Facebook or Instagram, or one of those where they’re actually removing a lot of the metadata from the imagery during their processing so that when, you know, when somebody else is able to look at it, a lot of that sort of, you know, EXIF data is vanished?

Heather: You want me to start? All right, so on the originating device, if I take the photo and then share it with you or put it on Snapchat or whatever, Android or iOS, there are databases that know everything about the images. So on iOS, you have photos that SQLite on Android external.db R2 that will tell you the application that was used to create or take the photo.

So if it was a AI generated picture, it’s actually tracked in that database. The issue is it doesn’t just carry into the EXIF. So even if you had EXIF and you were just looking quickly, it’s not going to be with the image, it’s going to be in the database that has information about the image, which makes it a little bit more complicated because the tools don’t do a good job saying, “I know this from over here, I know this from over here.” So it requires manual forensics.

Si: And I mean to be fair, you’re both representing Cellebrite today so is that something that you’re looking at in terms of device forensics? If I plug in the phone, is it going to…is that something that’s that you’re either able to do or going to be able to do soon?

Jared: Yeah, so one of the one of the features that we did somewhat recently, it was called Media Origin, and it took, I would say, one of the most commonly asked questions and simplified it, but the simplification was actually extremely difficult. “Was this photo taken with this device or not?” And, “oh, well, just go, go look at the DCIM folder and you’ll know.” Well, no, that’s not how that works, because if you send me a photo and I save it to my gallery, it hits that same folder, right.

And then we’re digging into metadata to understand like which type of camera and as you describe being a photographer of sorts, if you take this pristine photo somewhere in the world, you don’t want to post it and then have someone say, “look at this picture that I took, it’s mine, it’s not his,” right? And so they’re the metadata and that signature of me, the photographer matters. I’m not really sure that we have a clear answer on the easy button.

So Media Origin was fun as it solved the problem of like, “hey, this…taken by this device,” that’s really important to my investigation, a really fast filter, or not, right? And so to say what, what things may have been received from someone else that are resident on this thing and filtering that big chunk in or out can make analysis quite fast. An easy button for detecting AI is, I think, even more complicated than the previous, but it is definitely something that we’re working on. One of the really common things that we see as we dig into the file system and understanding how these different applications are behaving is the file path, like path to file, as simple as it sounds, like file names, file paths. A lot of the applications that we tested created some pretty grotesque file names.

Heather: Like whatever you typed in…

Jared: Like your prompts plus, you know, dot web P or whatever the file type was, right? So some obvious indicators that can get you there quickly. I think the arena where we have the biggest problem with this is not necessarily the slow on device forensics. If you really have to figure it out, you can probably dig in and take, you know, a week to be sure of something. But we’re making this analysis up from online platforms where it’s, “real or fake? Real or fake?”

And truly the thing that was posted, so taken with whatever application, modified with AI, and then posted where everything gets stripped off to the internet, and then law enforcement or whoever is going to seek that file and say, “give me that, that’s the bad thing, I think.” And when they get it, they have this really disconnected version of where it started. So it really always brings you back to that originating device. And so I think that investigative approach is very solid to determine what happened on this phone versus another, and then file paths and file names are sort of a quick win. There’s some other stuff coming for sure, but there’s like the staple quick wins, I think that we’ve found so far.

Heather: And I think from the investigator perspective, similar images. So if you found…if we walk back through what Jared just said, and you find the AI one in Snapchat, but then there’s two other iterations of it, similar images in things like Pathfinder, could also help a lot.

Si: Yeah, no, I mean, again, you step outside of the technical sphere and into the investigation sphere at that point, don’t you? It’s like, you as a human being are able to say, “okay, you know, I found three variations of this particular type of image obviously being created and using a similar prompts to get to this point. Therefore, this one is probably not…or probably like that.” So yeah, no, I appreciate that. I mean, there’s been a lot of talk about the AI companies. And it’s in the AI Act in the EU as well about putting watermarks into imagery. What are your thoughts on that? I’ve got some fairly strong thoughts on that, so I’d interested to hear what your opinion is.

Heather: One: they should have to do it. But you can pay your way out of it from what we’ve seen so far for like $6 US dollars. You flip a switch and you pay them money and they take their watermark off. So that has to stop. Like, if it’s a forced watermarking to keep people safe, that’s not good enough. You shouldn’t be able to pay your way out of a label.

Jared: Yeah. I think philosophically, I love that obligation placed on those generating the content. It clears up the whole dispute of real or fake. Like, “if it came through here, we modified it in some way. Just letting everyone know.” And that would just clear up so many things. At least to have a flag or, you know, a skepticism mark. “This isn’t the original thing.” And, you know, if my face on this video, you know, has less lines up here than it really does in real life, we all click that button to say, “please, just fancy me up a touch.”

Heather: I don’t know where that button is on here though, so if you want to give us that button, I’ll press it!

Si: Yeah, sorry, this isn’t Zoom, it doesn’t have the smoothing effects and there are no Snapchat filters for here. If we talk to Zoe nicely, she might do something for us in post. I, unfortunately, I had some dental work and I can see now in this bloody video the gap in my teeth far worse than I’d noticed in the last two weeks when it was sorted out. But anyway, so yeah, we might be having words about that! I think, certainly from my side, I think watermarking is fascinating, but I could…my…it strikes me that it’s almost, I mean, apart from that, I didn’t…I wasn’t aware you could pay to get out of it. I mean, I think that’s horrific.

But it’s almost impossible to enforce because I can download open source software that will allow me to generate stuff and a) it doesn’t come with watermarking anyway, and b) even if it did come with watermarking, it’s open source. I can recompile it, or somebody competent could recompile it without the watermarking included in it. Leica put out a camera that I can’t afford that has watermarking built into it to generate a watermark for genuine images. Do you think that’s something that we might potentially see rolled out into things like Apple devices and Android devices, whereby instead of authenticating things that have been created by AI, we actually authenticate things that are genuine? Is that a concept you think that holds water? 

Jared: Okay. So…but I think I would just challenge even your foundation of that question with what you said before, of that what the device is doing for me as I press the button to take that photo, and is it real, is that the real thing? And you mentioned the domestic assault injury. And I think back to being in law enforcement and looking at that arm with a bruise or the red mark, and then trying to capture that with the cheapest digital camera that was assigned to me. But think of even just the simple thing of lighting. Too much light on that thing makes it look like it didn’t even happen. Not enough light makes it look like, “I can’t really tell.”

And it would have to be some version of perfect. And we hope that when the flash goes and that it captures that it’s the correct thing. I think from what you said, I would love a feature as a Apple iPhone user that just puts even the simplest small Apple emblem to basically say, “the native camera on this device took this picture.” I don’t know how they would police…I now take that picture to the next thing and modify it at an auto strip off the watermark because it’s been changed now. I don’t know. But I like the idea. And they very proudly have commercials and everything to say, “filmed by the iPhone 6 Pro”, right? Like, they’re proud of it, but I don’t know about the visual so that everyone else can say, “that was just simply taken with the camera.”

Heather: And it’s in the metadata, but think about how many people don’t look at that. When they’re just scanning images quickly. If you have…if you’re working CSAM investigations and you’re looking at hundreds of thousands of images, you’re not looking at the metadata of every one. You’re trying to see how it exists. So I think that’s tricky too, for the push button examiners. We’ll have to call them that. We’re going to call them…

Si: Yes. I think…I mean…I think it’s that…I think what…you call them push button examiners. I mean, there’s obviously various schools of thought about how one approaches this and on the one hand, you want people to be as thorough and as detailed and as technically knowledgeable and as, you know, evidentially sound as they can possibly be when you’re presenting evidence that obviously is of critical importance. Conversely, we also know that there are hundreds of thousands of phones in the world and there aren’t that hundreds of thousands of police officers to look at them.

And therefore some of these police officers aren’t going to be as highly trained as others. And that’s where tools such as Cellebrite that can do this consolidation piece to say, “okay, this is…there’s enough evidence to suggest that this is AI versus not AI.” Not that it makes any difference in this country, certainly on CSAM anyway, because, you know, it’s an offense to have either generated or real.

Heather: Yeah. 

Si: Slightly different offenses, but you know, it’s still charged very similarly. Do you, I mean, I believe if I remember correctly…and I did read the…I haven’t read obviously your original work, because that was in…you presented that at the conference. But did you touch on, sort of, sensor noise as well? Is that something that Cellebrite can look at? So image ballistics, as other people have referred to it as image ballistics, where, you know, a given electronic sensor creates, you know, known noise patterns. And also those noise patterns are reflected across multiple devices of the same type. So, you know, there are similarities between the sensor noise on one Apple and one and another Apple.

Jared: Yeah. So I think our approach…I haven’t…a while ago, I heard someone say media ballistics and they were sort of talking about what we did already with Media Origin. And so Media Origin allows you to say, “this device or another device or an attributed account of the owner of this device.” So Jared’s Snapchat username is this, and we see that that’s the logged in account. So these photos are also attributed to this person. That’s sort of an approach. Not necessarily the way you’re describing as the media ballistics, but I think as we move forward with our AI detection, it will fit in nicely with the Media Origin.

To say, you know, we’re checking all these other, the semantics of all these other things, and now we think that taken with this device, but also this one here, label it as AI, gen AI, modified AI. I think another difficult part is: was there an original thing that was touched up or was this a prompt that became a file? Right? And that’s a big thing to tackle because there’s so many avenues on the device for one or both of those things to happen. 

Heather: And we actually…we just finished a CTF at Cellebrite, and it was our biggest one ever. It’s always fun to create. But we had a little mishap where I was two people at the same time on a Disney cruise and I left the other phone on the cruise. And I was like, “I just ruined our entire timeline, our entire scenario.” But Disney shipped it back to me. I filled out a lawsuit and I got the phone back. I was like, “excellent!” But in our chats, we had already kind of murdered him. So we’re like, “he’s dead. Now what?” So I was the girl he was dating.

So I was like, “you know what? I’m going to use AI and I’m going to become him.” And this was like to generate images, to put Facebook posts, like all the things. And then Physical Analyzer parsed all of it as a chat. So you could literally see what Jared was just saying. If it’s gen AI created, if I said, “create a picture of a man with headphones on a podcast,” it showed exactly what I asked for in the response as a chat, and I was actually kind of annoyed because I didn’t want it to be that easy. I was so impressed. I was like, “I guess it…”, and then I was kind of put off on it’s not a conversation, but it is. You are talking to an AI chat bot asking for something and it’s giving you the return. 

Si: You’re getting back into the semantics and philosophy of AI as a whole. I remember…I’m was going to say, I am older than both of you, I suspect, both by a reasonably large amount. But you know, if you may have come across Eliza as the therapist chatbot purely because you’re in IT, and therefore you may have come across it. But the idea of the Turing test of, “am I talking to something?” is obviously one of the…talking to a computer or to a human being?” is one of the fundamental pre premises of AI as a field. So to hear you say that you’re considering these things to be a conversation, it is quite fascinating, really. I was going to say that I totally lost my train of thought, which I really like because it’s always fun. Totally different rabbit hole! Oh, yes.

So, in terms of AI detection. Okay. I mean, obviously we’re looking at things like metadata and we’re, you know, the sensor noise is another option, but quite a lot of people are leveraging other AIs against images to get results. So effectively adversarial neural networks that are going, “is this a real image or not?” Is that something that you’re using and Cellebrite at the moment, or is that still a stage away in terms of you’re looking at the hard data rather than throwing it into another black box to ask it questions that it doesn’t necessarily know how it’s answering.

Jared: So, I’ll talk not Cellebrite for a second. What you just suggested is I need to ask AI to tell me if something is AI. How would you…what if…so, and I think this is the foundational challenge that we have right now in digital forensics is…you alluded to it before: volume of devices, volume of data, not enough trained people to do the work.

So we are certainly on a path of how fast can we get the job done? And we have this conversation somewhat frequently of saying, “look, the speed of that job can only be as fast as we can do it while being forensically sound.” We can’t just pipe straight to an end product and everyone just throws their hands up and says, “I don’t know. I didn’t really look at it, but that’s it.” So to ask AI to do something for us, I think, we certainly have a lot of things that are being considered. We have to do it safely, right? We’re not just gonna jam stuff in that’s not carefully being used. But to increase efficiency, I think there’s a lot of things, and we already have some. So our Cloud Solution Guardian.

So, storage of evidence, but also a SAS based analysis platform. So instead of your hardware powering everything, AWS is behind, you know, full throttle. So sort of a faster way to look at data. And within that we see things like chat summary. So to say, “here’s a thread and within this thread, we see a conversation about eluding the police while discussing potential drug use and weapons.” Something like that, right? Now, if that thread is one of 1000 threads in the queue and on the other side of it is a chat with my mom and down here with my wife.

And that one in the middle is the one that I truly need to find as an investigator. I’ll take that. I’ll take that summary that points me in the right direction. That doesn’t put someone in jail. It doesn’t output an auto report of saying, “here’s why we think this person’s guilty.” Like, none of that. But it got me to what I’m ultimately going to be looking, and so trying to find ways to integrate safely into product AI, it’s definitely happening. But with that, we are definitely faced with a challenge of: what is AI to the court? Like, I always throw this example: when I was a police officer in Maryland, they said, “texting and driving is really, really bad. We’re going to make it illegal.”

And the first thing that hit the books was you cannot send an SMS text message while operating a vehicle. Well, that’s great. But as I sit here and watch the phones glow and the driver’s hands going by, I have no idea if they’re surfing the web, on YouTube, like all the things that you didn’t make illegal. So you put me in a pretty tough spot, right? We’re sort of at that moment with AI, of the courts are now going to start to see the use of AI that led to something that hits the court. And the analysis of that is sort of something that we’re going to be waiting for at least for the next few months.

And we’ll start to see initial cases that potentially deal with the issue. But we’re at the very beginning of what this looks like. And as a company, we’ll have to react a bit to what is palatable by those triers effect.

Heather: It will require a human. That’s what I think everyone has to realize. You can’t go from AI to court. You need human eyes on it in between.

Si: I think essentially what you’re saying is that there’s a big difference between an investigative lead that’s generated by a tool that helps you to find the evidence that you’re looking for that you then examine, and pressing a button that gives you answers to everything that you then presented court, not actually having reviewed it in any way, shape or form. I think…I mean, I agree with you. I think we’re at a fairly critical stage in…somebody sort of said the other day in this conference I was at, is that we sort of we had, you know, various revolutions over time of, you know, stone age, iron age, whatever…industrial revolution.

This is probably one of the larger revolutions that we’re going to face, possibly even more so than the digital revolution itself. You know, the information revolution happened thousands of years ago at the Library of Alexandria before it burned down and then, you know, okay, so we’ve made it a bit quicker, but fundamentally there’s not been a huge amount of change in some things.

This will generate comments if nothing else does. But this lack…this point where we are effectively handing over understanding or deep understanding of what’s going on inside the black box and then allowing it to make decisions is an interesting turning point in the world and therefore is something to be watched with a great degree of interest as to the way the courts will judge it.

And I mean, it certainly has come up in…there’s a couple of US cases that were cited the other day, whereby somebody had upscaled and enhanced a video and then asked if they could admit it as evidence, which obviously (I’m not going to say, obviously), fortunately, the judge decided was a bad idea. But he only decided it was a bad idea because he couldn’t explain how it works, not because it in and of itself was clearly obvious to anybody thinking about it that he’d just created a bunch of stuff and stuck it in a video.

So I think we will see some interesting case law that happens over the next, like you say, months, years, couple of years to set the standards on that. So, I mean, obviously, this is a not insubstantial piece of work, and on the one hand, it’s never going to be finished because every time you build a better mousetrap, the…nature built a better mouse. So your AI hunt will continue ad infinitum. But what is the next step for you guys on this one?

Heather: So we…when we did techno security, I feel like we left it as, “you must look at the metadata you understand and then focus on the gaps” on the ones that just are missing stuff, which is terrible. It’s not good enough. And then we just did this presentation again. And that’s when we found photos that SQLite and external DB tracking the app that was used to create it.

But I think, honestly, testing the tools that are starting to release AI assistance (that’s what I’m going to call it), AI assistance, because it’s not the answer, will be next. I plan to (and it was actually Jared’s idea), for RSA this year, I’m going to submit the idea of doing the misinformation/disinformation, but even have different countries, like where you are and what’s created and try to get people thinking on what’s real and what makes those things target you in different ways. So I think all of that is going to keep us really busy personally. 

Jared: Yeah. The…as you said before, the volume of data that is, you know, everyone is facing today, we’re going to see AI applied in a good way. As everything adjusts and allows it to be used. But at the same time, the speed with which people can do things that is creating more data is amplified in a great way. “Hey, write this email for me with this tone,” and it’s done in seconds, right? So the faster we’re creating data, we’re still not dedicating the proper resources to all the police units and the people that have to deal with it. And I think that’s one of the biggest challenges that I’ve seen in the digital forensics community over time, is very few places have paid attention to the volume and resources around digital forensics.

Everybody’s happy when you find a deleted message that incriminates someone, or prove the case with whatever picture, video that you find. Like, everyone is super happy for that, and they expect, you know, this, “give me everything, make it fast, and be able to explain it perfectly later in court.” But we’re not scaling those units as we would everything else if it saw the same volume. Any crime that happened, if it started happening 10 times more within 3 years, you would have that many more investigators applied to go investigate it. Digital forensics has every single case doesn’t matter, big, little, everyone has some sort of digital footprint and it has not been prioritized by resources. So I think we’re hopefully going to see that challenged, that fixed, because we’re headed for a really tough few years of the volume is going to go crazy big.

Si: Yeah. And on sort of just again, taking what you’ve just said and going off on a complete tangent…because I’m good at that, and Desi’s is not here to keep me in check today. I’ve heard an interesting…so I’ll do a background story on this one first. In the UK, we had a huge problem several years ago with something called mad cow disease. Okay, mad cow disease is a disease called bovine spongiform encephalopathy. There you go. That’s random things that I know.

But actually what it is to do with is the fact that we were feeding cows cows. Okay. They were…we were taking dead animals, turning them into food, and then feeding them back to vegetarian animals, which is not a good way to go. It’s the way of horror movies. We should have seen it coming. If you just watched a couple of things, you’d know this is a bad idea. We did it anyway. We weren’t alone in it, but we did it anyway. But there’s this concept that we’re getting a whole bunch of AI generated imagery, putting it onto the internet, and then the internet is scraping that AI generated imagery and using it to train AI generators. What do you think might be the outcome of this in the long run?

Jared: So we have a, I’ll say a great colleague, Dan deBeaubien, that works at the SANS Institute, and he’s very good at explaining AI, because it’s complicated. But also pushing forward some of the proper guardrails that need to be applied to some of the models and how it behaves.

And so I think surface level consumers, I think of AI as: I open up a prompt, I type and it does something for me. But as we start to apply it to commercial products and enterprise level things, I think if we’re extremely careful about what it’s intended to do, we can avoid what you were just describing, which was a digital forensics mad cow disease. But you’re right, you know, if the thing is supposed to go out and scrape everything and just know, if what’s been scraped is already terrible and wrong, then it’s going to start to produce that as the correct thing.

And that’s why Dan’s name popped into my mind is because I’ve heard him speak about, you know, there is a good proper way to do this, and to do it safely. And I know that in the US there’s some government directives around AI and making sure that as it starts to be applied to lots of different things, that it’s done correctly because we don’t want, well, the targeting system decided based on the decision tree that this thing had to explode.

And well, there was a mistake. We wish that there was a human there to make that decision. And there wasn’t. So there’s a lot of things in the balance. And, you know, when you’re talking wartime decisions, it’s very different than digital forensics. But I like what you said, because you’re right. If there’s a junk out there and it’s the only thing we train it on, then it’s going to produce junk, and that is unfortunately…

Heather: Yeah, but the negative side of that…yours was very positive: your AI response was…

Jared: I killed the wrong person!

Heather: The negative is what you said earlier: it’s open and you can have smart programmers do whatever they want and change it and still provide access. And that’s what we have done AI generated CSAM talk several times and people were like, “isn’t it protected? Aren’t there things in place to prevent it?” But you can’t prevent someone smart downloading it, training it on what CSAM looks like, and then it’s out there. Now other people can search for it and use it. So we will have nice things that people will always do terrible things with. That’s what happens, right? So you will, like, have a little bit of a mad cow in there.

Jared: Yeah, sure. I mean, it’s…I think as a company, we’ll do the opposite, right? So one approach that we have was training a model based on a large amount of child sex abuse material to basically say, “if we can understand what these images and videos are, we can flag potential hits for our users.” Much as what I described before of that investigative speed of not saying, “hey, this is illegal,” but saying, “hey, take a look at this one specifically because we think that it might be.” Yeah, and if you…

Heather: …and preserving mental health.

Jared: Yeah, right. Like, I have to scan through, you know…my screen’s disgusting all day long, but if I can save myself a bunch of time and be efficient with viewing some of the disgusting stuff, then I think that we definitely preserve some mental health along the way, which a lot of times gets lost in the speed and demand.

Si: Yeah, I mean, I couldn’t agree more in that regard and…I mean, the counterargument to this is always, “well, what if it misses something?” But it’s not as if human examiners are devoid of…especially when you are scanning…I mean, I’ve certainly done cases where I’m reviewing somebody else’s work and I go through their stuff and I find another five images because they didn’t find them. Or something like that. It’s not an unusual thing for a human to miss it as well.

So there is some argument for a degree of false negatives to be allowed. I think the problem is always around false positives and false negatives whether it’s, you know, human detection or not. And I think the area where I personally have the biggest concern is the idea of…somebody told me the other day that they have a…oh, actually, a couple of things…one came up, which was to do with…it’s the largest supplier of body worn cameras in the US, actually, it’s Axon. They now have AI technology that writes police reports on the basis of what it sees in camera…

Heather: My goodness!

Si: …for you. So, to speed up the reporting process, so that scares me slightly. I mean, again, if it speeds it up and somebody then actually properly reviews it and goes, “well, actually, you know, that’s not correct, or it needs this added,” I’m okay with that. But we all know what happens to process when time is on the line and money isn’t. And there’s that.

But the other one is the aging of CSAM because, you know, it is a subjective process anyway. And I don’t understand how an AI can have any subjective idea of what that is, in my head. But you know, that’s just me and my nightmares. So that’s fine. And then…but the idea of anything that could help out mental health is definitely a good thing. Now, while we’re on mental health, I’m just going to be completely personal and ask you: is it easier for you to be able to talk to each other about it?

Heather: I think so.

Jared: We have a really healthy relationship. We try really hard to keep this solid. So, and, you know, we’ve had a lot of personal stuff coming at us in the last few days. And we’ve sort of, you know, taken a moment to say, “glad we have a solid foundation for this one. We’re great.” But you know, we take a lot of action and efforts to take care of us first.

So I think, from my time in law enforcement, it would have been taboo for me to raise my hand and say, “I feel…I’m feeling (really anything) like I’m feeling like, I’m struggling to do this work anymore,” or like that would have been…I don’t know that that would have been laughed at. I had an amazing organization and administration, but it wasn’t normal then. Mental health wasn’t a conversation. Barely, within ICAC units, the crimes against children specific people. I think we’ve come a long way since I left law enforcement in 2018, come a long way for mental health in that arena, for sure.

But also we’re talking about it, right? There’s platforms to…right here. We’re speaking about it, that it is okay to not be okay. And that was again, not something that was ever really said. Law enforcement in general shows up. They see terrible scenes, not just crimes against children’s stuff, but just terrible, terrible things that they’re supposed to walk into their house later that evening, kiss your husband, wife, kid and pretend like everything’s fine.

And then tomorrow the same thing can happen again, right? Like, it’s…what would shock some and, you know, send them crying for a week, law enforcement is expected to deal with on the fly and to keep making good decisions no matter what. So, definitely a challenging task. I’m glad that things have changed a good bit to be able to prioritize mental health and I know a lot of…when things happen now, it’s like an automatic task of, “you experience that you’re now going to go…you don’t have to say a word, but you have an opportunity to, and you actually have to go,” and then, you know, “if you need more, we’ll take care of you.” But it’s better, but I’m sure not great. And I’m sure there’s many that still struggle quietly. There’s one person units of “I look at CSAM all day.”

Heather: Yeah.

Jared: And no one…no, you know, sounding board, no mandated walk outside to clear the air, right? Like, I don’t know.

Si: No, it’s back to that issue of there’s more and no more resources being allocated. And, you know, even if we assume that it’s just more people and the percentage of CSAM doesn’t increase or the AI doesn’t generate more images that you have to work through, it still means that there’s just more. So yeah, no, you’re absolutely right. So, you know, correct funding is obviously a hugely important thing. Is that (and not getting too political), but is that something that the new administration has any interest in? Improving is funding for law enforcement. It struck me that perhaps that was something that they might invest into.

Jared: I don’t know so well what is coming next. I believe that the early sound is that I think law enforcement funding specifically (and I don’t want to go down a whole bunch of political rabbit holes, I’ll just stick with it as we’ve been talking) I do believe that law enforcement funding will be solid or increased, but they’re not going to see a defunding moment here. Where…how that gets prioritized, at least for the United States, unfortunately…you know, Heather took the stage at RSA this year and talked about sextortion and about, you know, some of the resources that are available to everyone to educate your kids and to make it normal to talk about very uncomfortable things.

As we come out of the election cycle, I think the only thing that everyone’s screaming about is border security and, you know, sextortion, as reported by the National Center for Missing and Exploited Children, has seen a phenomenal increase, which is terrible. The numbers are massively increasing and we don’t hear enough, in my opinion, conversation from those who are choosing where the money goes. Ultimately that money needs to go to digital forensics, it needs to go to regulatory functions around social media to mitigate some of the activity that ultimately causes children in their teens to be preyed on, and entrapped by these people from wherever in the world whose whole job is to fish for that next victim. Without consequence. So while law enforcement may be funded adequately in this next cycle, I worry that the priorities may be missed with that money.

Si: A very good answer. Thank you. I appreciate your candor. It’s interesting because in the UK, we changed government recently, earlier this year, and they have done some things to the legal system that have not necessarily made a lot of sense. But one of the things they’re mooting at the moment is the idea of banning social media for under 16s. It’s just been done in Australia. And they’re looking at that now to see whether that’s something that we could roll out here. And that would probably have a huge impact on quite a lot of this, this as a concept because if you can’t do sextortion, you can’t get, you know, images, you can’t do grooming of somebody who’s under 16 because they’re just not on social media. Obviously that makes a huge difference, but we’ll, you know, we’ll see what happens. 

Heather: You’ll have to be in the video games too, because they’ll get them through those chats.

Si: Yeah, absolutely. There’s…something you can rely on is that criminals will be very inventive about ways of carrying out their crimes!

Jared: I think we’re trending in the other direction. Instagram just released, like, Instagram for teens. So very specifically targeting, “here’s a platform just for…”, and you’re targeting a group that doesn’t have a photo ID or some qualifier to say, “I’m definitely not an adult.” You know, maybe they do a great job. And I don’t mean…I have a tremendous amount of respect for most social media companies trust and safety groups and what they try to do while participating in the obviously bigger machine that is the platform, the ads and all the other stuff. But to say, “let’s sign up all the 13 year olds and let them share pictures and have chat…”

Si: Yeah! How to create problems for yourself? Yeah, absolutely. 

Jared: And will very surely generate just more content, which is bad. 

Si: Yeah, it’s bad. If nothing else, it’s just purely more volume for everybody. Yeah. So, thank you so much for your candor and your honesty and doing the research because obviously it’s an incredibly important area that we need to address and, you know, nobody really wants to do it, if we’re brutally honest! It’s really nice when it’s a theoretical pictures of fluffy ducks, and it’s a lot less pleasant when it’s…

Jared: We have development teams that are focused on doing a good job with this. Like, it’s a task that is assigned and being worked. Don’t take just our, “hey, we want to look into this and we want to determine, you know, what’s the easy button? Is there some really easy way to detect AI as people start looking at pictures and seeing things, you know, every day in their analysis?” We have other things that are really actively being worked to do better, faster. But this…sort of our first splash in 2024 was let’s just figure out what we can see. And it just so quickly went down these rabbit holes of every application behaved a little differently and so it wasn’t a red flag, “just go look for this thing”, which we hoped for. It wasn’t.

Si: Yeah, that would have been nice, wouldn’t it? But I mean, it’s really important because you’re…I mean, you know, you work for a commercial company, and you are out talking about it. You’re coming here to talk about it. You’re talking at events. You’ve got, you know, publications online that talk about this. You’re not keeping it to yourselves. And I think that’s a big mark of your integrity and shows the integrity that you’re operating within. That it’s not just about, you know, doing it better for Cellebrite, it’s about just doing it better. And you know, I’m hugely grateful to you for your work on that. And, you know, thank you very much. And it’s fascinating. And it’s an absolute pleasure to talk to you both.

Jared: You as well. Thank you for this.

Si: And, no, it’s been wonderful. And hopefully Desi will be back with us the next time we have this opportunity, if you’re willing. I mean, Heather’s done this once and you’ve now done this twice.

Heather: It’s great, it’s fun!

Jared: I mean, I love this.

Si: So you might come back another time, maybe with two headphones, maybe with one. I think this has worked really well! We’ll see how it goes, but thank you so much for coming on. Everybody who’s been listening to the podcast, thank you for joining us. I hope you found this as interesting and as exciting as I did. You can find the podcast on (and I wish Desi was here because he knows all of these), it’s on Spotify, YouTube, you can pick it up on the Forensic Focus website. There are other things, Apple…Apple i…podcasts. I don’t know.

But anyway, thank you very much for joining us. We hope that you’ll be back soon in the near future to listen to the next interesting thing that we come up with. But again, thank you so much for both joining us. And I’ve thoroughly enjoyed this and come back in six months and tell us what the next great thing is. Because I’m really looking forward to it. But in the meantime, thank you so much. Honestly, and, I’ll say goodbye, goodnight and stop the recording at this point.

Heather: Thank you. 

Jared: Thanks.

Si: Pleasure.

AI-Powered License Plate Detection With DeepPlate

by Melissa Kimbrell, Trainer and Technical Support Specialist at Amped Software

Artificial Intelligence (AI) has become a hotly debated topic in many different industries. It has exploded in popularity over the last few years, largely due to increased computing power and overall technological improvements. AI is being leveraged for all kinds of tasks, some of which we are largely familiar with, such as writing and illustrating, online shopping, vehicle navigation, and social media. Others might be less obvious, such as computer coding, diagnosing cancer, learning a new language, video gaming, curating a playlist of music you’ll love, and robot vacuums navigating your home.

AI in Legal and Forensic Applications

When it comes to law enforcement and legal proceedings, there are mixed opinions. In the landmark case of State of Washington v. Puloka, the court rejected the use of AI-enhanced imagery, ruling it inadmissible because it failed to meet the admissibility standard of general acceptance in the relevant scientific community. Amped Software agrees with this ruling and maintains a firm stance that AI does not currently have a place in the restoration and enhancement of image-based evidence. Evidence processing, like any forensic science discipline, requires reliability, repeatability, and reproducibility. Since one cannot know for certain how a machine-learning algorithm has been trained, it is impossible to know reliably the process by which it determines how to clarify an image and improve it. Each time this operation is performed, it could potentially result in a different solution, thereby failing a test of repeatability. Consequently, because the method is neither reliable nor repeatable, another qualified analyst could never expect to reproduce the same result exactly.

Amped Software believes AI has its successful place in the investigative stage. At this point, any leads generated will be fully scrutinized before anything is presented in a court of law. In the case of Facial Recognition, for example, a series of possible facial matches might be returned to an investigator. Each lead must, however, be researched and interrogated independently. While the result of the Facial Recognition search would not be admitted as evidence, it does provide a vital step in furthering an investigation.

When video footage relevant to an accident or crime scene is evaluated, oftentimes license plates become visible. While investigators approach these scenarios with optimism that the license plate characters will be clearly legible, this is not often the case. Though cameras and recording systems are increasing in quality and resolution, video examiners are continually facing heavily compressed or poor-resolution license plates that are difficult to read. This is where Amped Software’s DeepPlate can shine.

Introducing Amped Software’s DeepPlate

DeepPlate is a deep-learning-based algorithm for deciphering license plates affected by the common issues introduced by surveillance systems: perspective distortion, poor resolution, optical and motion blurring, and compression noise. Amped Software trained its dedicated neural network with millions of synthetically generated and distorted license plates utilizing the known font, spacing, and character structure configurations for several countries and states. Since the source plates were synthetically generated, Amped does not have, nor use, any stored data related to any real license plates.

While Amped Software wanted its Amped FIVE users to have access to this investigative tool, it was adamant about keeping all AI separate from the mathematical basis of Amped FIVE. This separation aligns with Amped’s belief that AI does not currently have a place in the restoration and enhancement of imagery evidence. Therefore, Amped provides 50 uses per month (per license seat) within the Support Portal to users with an active license of FIVE.

How to Use DeepPlate

The usage of the tool is easy!

  1. Navigate to the Support Portal and select the DeepPlate tab.
  1. Agree to the Terms and Conditions to access the Upload page.
  1. Choose an available license from the dropdown menu, ensuring the selected license has remaining DeepPlate uses for the month.
  1. Select the relevant country. Some countries offer additional dropdowns for narrowing down to specific states or territories. Selecting a state requires the specific configuration of the letters and numbers in the license plate in question. Since these can often be customized or non-standard, the State selection can be omitted.

As an example, this image displays an enhanced frame from a surveillance video:

Because it is suspected to be a standard Texas license plate, the following selections were made:

  1. Select the image in the “Choose File” dialog box and proceed by hitting the “Upload” button. Note that though DeepPlate does require the uploading of the file, it will not be stored beyond the use of the DeepPlate process.
  2. Once the image is uploaded, select the four corners of the license plate by right-clicking each corner, beginning with the top left corner and proceeding in a clockwise manner. If needed, press the “Clear selection” button to perform the right-click selection again.
  1. Press “Continue” for DeepPlate to run its process.
  2. The tool rectifies the image by enlarging and correcting the perspective of the license plate. Before viewing the results, users are reminded that this is an investigative tool only and should not be relied upon as evidence. It is encouraged to form independent conclusions prior to viewing the results for bias mitigation.
  1. Click “Show results” to view two charts.
    1. The first chart lists possible characters for each position, sorted by confidence level. The confidence level is only how confident the neural network is about its conclusion. A high confidence level does not mean you can be sure the character is correct. As is the case with any neural network, DeepPlate can be very confident about a character and still be incorrect.
  1. The second chart is derived from the first one. It displays a list of 60 possible license plates sorted by the aggregated confidence of the characters. This is computed by multiplying together the individual confidence score of each character in the license plate.
  1. By the time you see the results, the data deletion process has already begun on Amped Software’s servers. The results page is stored locally on your browser cache, but at this point, the imagery is no longer retained. The “Generate PDF” button exports the results to a PDF file for later use. Results will be presented on the second page of the PDF to mitigate bias as much as possible.

Final Considerations

Amped Software has been very pleased with the ability to provide this tool to its users around the world. Development is ongoing to expand support for more countries and territories in the future. Amped Software always prioritizes clarity about its capabilities and intentions. For this reason, it is transparent about this process being AI-based, and maintains that this tool cannot replace a human in making conclusions regarding license plate characters, even only in an investigative context. It should also be noted that there are times when DeepPlate will be inexplicably incorrect, which is exactly the lack of explainability that leads Amped Software to exclude the use of deep-learning algorithms from its evidentiary material.

How The AI Act Impacts Image And Video Forensics – New Article By Martino Jerian

In a detailed new article, Martino Jerian, CEO and Founder of Amped Software, analyzes the significant implications of the AI Act on the world of forensic investigations. The article, titled “How Does the AI Act Impact Image and Video Forensics?“, was published on Amped Software’s blog. It explores the challenges and opportunities presented by the AI Act, which aims to regulate the use of artificial intelligence in various sectors, including image and video forensics.

Passed in August 2024, the AI Act introduces a comprehensive legal framework designed to safeguard fundamental rights, protect public security, and ensure the ethical use of AI systems. With its phased application through 2027, the law categorizes AI systems based on risk levels—ranging from prohibited practices to high-risk systems. Martino’s article explains that AI technologies used in forensic contexts, such as biometric identification and image authentication, are classified as high-risk and thus face stricter oversight.

Martino underscores the importance of understanding these new obligations. He states that forensic professionals must be aware that compliance with the AI Act is not optional. The law introduces significant penalties, with fines reaching up to 7% of global turnover for organizations that fail to meet its requirements.

The AI Act’s core mission is clear. Martino notes that the regulation aims to “promote the uptake of human-centric and trustworthy artificial intelligence while ensuring a high level of protection of health, safety, and fundamental rights.” This is particularly crucial in forensics, where the use of AI systems can directly affect the course of justice.”

According to Martino’s analysis, key forensic technologies such as facial recognition on recorded video and AI-based image authentication are classified as high-risk. He highlights that the AI Act places stringent compliance measures on these systems, requiring transparency, human oversight, and robust risk management. He explains that the AI Act specifically targets systems used in law enforcement, including those intended to be used for “evaluating the reliability of evidence in the course of the investigation or prosecution of criminal offences.” This means that forensic technologies like deepfake detection, or even traditional forgery detection, will be under intense scrutiny.

Martino also draws attention to prohibited practices under the AI Act, particularly the creation of facial recognition databases through untargeted scraping of images from the internet or CCTV footage. Additionally, the use of real-time biometric identification systems in public spaces for law enforcement is prohibited, except under tightly controlled conditions. These measures reflect the EU’s commitment to preventing the misuse of AI in ways that could threaten individual privacy or public security.

While he acknowledges the need for such safeguards, he also expresses concern about the potential impact on innovation in forensic technology. There’s no doubt that the AI Act is a critical step toward responsible AI use. But there’s a risk that such stringent regulations, particularly in Europe, could slow the pace of innovation in AI-based forensic tools. As we’ve seen with the GDPR, compliance can be a heavy burden for companies, especially smaller players in the market.

The AI Act also stipulates that all high-risk AI systems must undergo thorough documentation and risk assessment processes. This includes ensuring that training, validation, and testing data are free from biases that could affect the outcome of forensic analysis. Martino points out that this emphasis on data governance is a welcome development for forensic professionals. Ensuring that AI systems are trained on representative, unbiased data is critical in forensics. The integrity of evidence can be compromised if the tools we use are not properly vetted and tested. The AI Act pushes the industry to adopt higher standards, which is ultimately beneficial for the credibility of forensic analysis.

As Martino outlines, human oversight remains a key requirement under the AI Act. The law mandates that AI systems used in high-risk scenarios must include mechanisms that allow human operators to monitor and, if necessary, override the AI’s decisions. He stresses that during forensic investigations, AI should be seen as a decision-support tool, not a replacement for human expertise. Analysts must always have the final say, and the AI’s output should be transparent and explainable, so that the human operator can make informed judgments.

One of the key quotes from the AI Act that Martino highlights is Article 14, which states that “High-risk AI systems shall be designed and developed in such a way, (…), that they can be effectively overseen by natural persons during the period in which they are in use.” This ensures that AI remains an aid rather than an independent decision-maker in critical situations like forensic investigations.

As Martino discusses in his article, the impact of the AI Act will likely extend beyond Europe, just as the GDPR reshaped global privacy standards. He notes that the AI Act is expected to influence AI regulations around the world. It will likely inspire similar regulations in other regions, especially as AI becomes more prevalent in law enforcement and judicial systems. Forensic professionals across the globe should be paying attention to this law.

Martino’s article offers valuable insights for forensic practitioners, legal professionals, and technology vendors alike. He concludes that while the AI Act imposes significant responsibilities, it is a necessary evolution for maintaining public trust in AI systems used in sensitive fields like forensics.

Read the full article now on the Amped Software blog.