Measurement: Sensors 29 (2023) 100860

Contents lists available at ScienceDirect

Measurement: Sensors
journal homepage: www.sciencedirect.com/journal/measurement-sensors

Digital forensics approach for handling audio and video files

A R T I C L E I N F O A B S T R A C T

Keywords: Digital forensics is the modern approach in scientific data analysis for data acquisition, analysis of data, and
Digital forensics preservation of data contained in digital sources, which can be used as electronic evidence in cybercrime in­
Multimedia forensics vestigations. One of the essential digital forensics tasks is audio and video data analysis, also called multimedia
Digital evidence
forensics. Audio and video are digitalized sources of evidence that can be found at a crime scene, with the victim,
Digital investigations
or with the accused in audio tape from a mobile device or any CCTV footage. In cybercrime investigations, digital
evidence is critical and plays a vital role in proving the crime before a court of law. As a result, audio and video
forensics is the most important discipline of forensic research in the digital age. The present paper briefly dis­
cusses the basic audio-video forensics approach using simple tools.

1. Introduction 2. Objectives of the digital forensics

Digital Forensics is described as the procedure of discovery, protec­ ● Digital Forensics is used to find the source of cyber-attacks, the type
tion, investigation, recording, and presentation of computer proof that of damage that occurred in the IT system, attacker-related informa­
could be utilized through a court of law [1]. It is the science of discov­ tion, the period of the cyber-attack taken place, the kind of attack
ering evidence from a digital medium similar to a network, server, and their consequent roles, etc. well-known expertise is essential to
mobile phone, and computer. The forensic team presents excellent tools extract the required information from various log files from different
and methods to handle complex digital-associated cases. Digital Foren­ digital devices, which needed for digital forensic analyses. Many
sics assists the forensic team in investigating, examining, discovering, strategic methodologies, policies, and procedures are based on the
and protecting the digital proof on various kinds of electronic equipment cause or type of required cyber-attack for Digital Forensic experts.
[2]. ● During the Investigation process in digital forensics, different types
Digital forensics collects evidence for various digital devices, of evidence are collected from various digital sources in the network
including audio-video systems. This evidence is retrieved from elec­ environment. Artifacts are the areas to hold information about the
tronically stored information like audio files, video files, photographs, activities performed on the computer system, networking environ­
documents, information management systems, operating systems files ment, or in any digital infrastructure set-up. Therefore, artifact in­
etc. [3] Digital investigators also collect the information included formation management is necessary for digital forensics.
deleted files and encrypted and fragmented data. Investigators essen­ ● Audio and video are digitalized sources of evidence found at a crime
tially have expertise in computer systems and their technology. Having scene, with the victim, or with the accused in audio-video from a
thorough knowledge in handling various digital forensics tools is also mobile device or any CCTV footage. In civil and criminal disputes,
essential [4]. Audio-video forensics mainly has three essential issues in such sorts of digital evidence are critical. As a result, audio and video
multimedia forensics - the acquisition, processing, and interpretation of forensics is the most crucial discipline of forensic research in the
audio and video recordings are valuable and necessary for proving a case digital age. Audio-video forensics encompasses three essential prin­
before the court [5]. Video quality handling and various filtering tech­ ciples in forensic science: the acquisition, processing, and interpre­
niques are essential in multimedia forensics. tation of audio and video recordings that are acceptable in a court of
law.

* Corresponding author.
E-mail addresses: [email protected] (S.M. Pedapudi), [email protected] (N. Vadlamani).

https://doi.org/10.1016/j.measen.2023.100860
Received 22 February 2023; Received in revised form 24 May 2023; Accepted 6 July 2023
Available online 7 July 2023
2665-9174/© 2023 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-
nc-nd/4.0/).
S.M. Pedapudi and N. Vadlamani Measurement: Sensors 29 (2023) 100860

Fig. 1. The process of Audio - Video files Forensic Analysis.

Fig. 2. The thumb view of the converted video files into multiple-jpg file.

2
S.M. Pedapudi and N. Vadlamani Measurement: Sensors 29 (2023) 100860

Fig. 3. Histogram of jpg file.

3. Literature survey 4. The task of digital forensics

The most excellent technique by developing a method to perform the ● Identification: It is the initial process of the forensic procedure. The
inquiry circumstances for digital forensic experts and professionals [6]. identification procedure primarily has things similar to what proof is
Previous research works initiate methods for finding the objects of there, where it is recorded, also finally, how it is recorded (in which
forensic significance in learning. However, there was no exact testing to format). Electronic storage mediums could be PC, smartphones and
agree on the technique. In this work, an incorporated method is planned PDAs, and so on [6].
using the triage method and 1-2-3 zone method for unstable data ● Preservation: In this process, data is separated and protected. It has
protection. averted human beings from utilizing digital equipment thus that
Prem et al. [27] discussed how memory forensics utilized to examine digital proof is not damaged.
the storage of the various disk drives. A few particular usages are able ● Analysis: In this process, investigation agents rebuild pieces of data
also planned, particularly merely for Windows OS in a similar method. and also sketch conclusions using a proof set-up. Though, it may get
Here the authors examined some frameworks that are presently superior many iterations of assessment to sustain a particular offense theory
at performing a digital forensic analysis. The authors all planned in such [7].
a method that it contains the characteristics to carry back at full power ● Documentation: In this process, evidence of entire able-to-be-seen
examined account of its advantages at its method flow regarding what’s data should generate. It assists in reconstructing the offense scene
beneath the scheme hood. and reviews it. It engages good documentation of the offense scene
Case et al. [26] reviewed modern memory forensics, presented an by taking a photograph, drawing, and offense-scene description.
essential investigation of recent-generation methods, explained signifi­ ● Presentation: In this final process, the procedure of summarisation
cant alterations in OS plan that impacts memory forensics, and sket with clarification of conclusions is completed. Though, it must write
marked fields for more analysis. in a layperson’s conditions utilizing abstracted terminologies. The
Because of the more features of multimedia-based tools utilization, entire abstracted vocabulary must reference the detailed information
criminals can easily carry out digital crimes data modification and its [8].
change. It may not be easy to authenticate the integrity of video content
that has been digitally modified, for example. Zawali et al. [25] Based on 5. Kinds of digital forensics
the proposed PBFM model, an open-source multimedia forensic tool was
utilized. An extensive examination of the tool’s usefulness against file ● Disk Forensics: Disk forensics is the science of taking electronic
tampering revealed that it could detect faked files, proving the PBFM evidence from digital storage like Floppy disks, Hard disks, Flash
model’s basic premise. Furthermore, the result can be utilized in video drives, DVDs, CDs, USB devices, and so on. The procedure of disk
investigations as evidence in the forensic investigations process. forensics is discovering digital proof, snatching & obtain the evi­
dence, and validating the evidence [9].

3
S.M. Pedapudi and N. Vadlamani Measurement: Sensors 29 (2023) 100860

● Network Forensics: Network forensics is a computer network traffic 7. General procedure audio and video forensics
data analysis for cybercrime detection and investigation of intrusion,
including criminal activity discovery [10]. Digital forensics approach for handling audio video files (shown in
● Wireless Forensics: The most crucial objective is to present a the in figure-1) after obtaining the audio or video related devices, proper
method upon which computer forensic scientists could gather and backup should be taken on a long lasting storage which should foren­
examine wireless interactions that can be utilized in a court of law as sically accepted. Required suitable tools can be utilized for this purpose.
digital proof. It is essential to generate the hash values and record this information
● Database Forensics: Database forensics is a branch of forensic properly for proving the integrity of the data and procedures adopted.
research of databases and their associated metadata in large data By utilizing suitable tools meta data can be generated for obtaining
handling and accessing systems [11]. details like, file size, file profile, format, name, duration, bit rate,
● Malware Forensics: Malware Forensics deals with discovering ma­ channel details, compression details, sampling rate, codec detail,
licious code to learn their worms, viruses, payload, etc. [12]. encoding particulars, overall bit rate, format settings, resolution, display
● Email Forensics: Email forensics is proof to discover the actual aspect ratio, frame rate mode etc. based on audio or video types.
sender and receiver of a message with some other data.
● Memory Forensics: Memory forensics is a computer’s memory ● After taking the backup, it is necessary to record procedures adopted
dump analysis. It provides evidence in computer crimes, and the properly.
memory (RAM) should examine for forensic data analysis [13]. ● It is required to be noted the crime scene details, photographs, and
● Mobile Device Forensics: Mobile forensics is useful for retrieving available information related to the job assigned [20].
information from a mobile device for cybercrime investigation pur­ ● Identification of the devices, and collection of data using suitable
poses [14]. tools and devices.
● Audio Forensics: The study of audio files for legal purposes is ● Initially, check the Metadata, check the hash values and save it
known as audio forensics. In a forensics lab, audio forensic pro­ before processing the data file.
fessionals examine the recording to assess its legitimacy. Checking ● Based on the type of case suitable Hash tool need to be selected and
for integrity, increasing speech clarity, transcribing dialogue, hash values are noted properly to prove the integrity and prove the
comparing voices, and reconstructing event timelines are all com­ case.
mon aspects of the assessment.
● Video Forensics: The scientific inspection and evaluation of video Select the required files for investigation and adopt the systematic
evidence in legal proceedings is known as video forensics. Video operation to gain the access of the digital device and analyze the data.
forensics plays a major role in understanding the crime situation and
investigations [15]. (1) Obtaining media information for Document file forensics:

Multimedia Forensics is used for the analysis of information like By using the media info tool, the results can be obtained in various
image files, audio, and video files for finding evidence [16]. The main formats based on the tool selected. Example like XML formatted infor­
idea is to reveal the history of digital content in multimedia systems. mation and HTML format based information is obtained and this media
Procedures for Multimedia forensics are discussed here with some information can be obtained for analyzing files like the document file
typical examples. (docx) information.

● It is necessary to store the collected Original Source files need (2) Obtaining Media information for Audio files forensics:
keeping safely. The investigator needs to work on a copy of the
source file [17]. Forensic backups are achieved by capturing all data By utilizing the media info tool for examining the audio files is one of
from electronic media systematically in an unaltered state. Some­ the approaches. The output of the media info tool is available different
times Forensic data need to be recovered. Extracting data from formats like XML, HTML along with various formats based on the
damaged evidence sources is also a part of these forensics processes. selected audio file which is helpful in audio file analysis. During the
This method of recovering should be acceptable in a court of law as investigation, one can view the file information, format particulars,
evidence. track details, file extension details, file size, duration of the audio file, Bit
● Hashing is a cryptographic technique and is widely used in authen­ rate details, performer details, file creation details, sampling rate,
tication systems to avoid storing password mechanism is used to sampling count, compression details, streaming details etc.
validate files, documents and other types of data, including audio
video files [18]. (3) Obtaining Media information for Video Files Forensics:
● The hash value of each file needs to be taken first and should submit
along with reports. During the video, file, forensics can be done using different tools. The
● It is advisable to take both MD5 and SHA-1. file outputs can be like XML, HTML based on the requirement one can
select the type of file. During video file analysis, one can observe the
6. Audio and video forensics methodology details like file information, format particulars, track details, file
extension details, file size, duration of the audio file, Bit rate details,
Generally, audio and video recordings can provide evidences of performer details, file creation details, sampling rate, sampling count,
crime scene which assist the digital investigators to view or hear real compression details, streaming details, pixel aspect ratio, bit rate mode,
time like situation [19]. Audio and Video evidence can be analyzed channel positions, frame rate and count, encoded and tagged details,
based on the types of examination associated with crime. Similarly, codec configuration details etc. This data can be viewed in various for­
Video Authentication, Video Enhancement, Audio Authentication, mats like HTML, text etc. By utilizing this type of data, the investigator
Audio Enhancement, Audio Recordings and Speaker Identification are can draw good conclusions based on the reliable data collected from the
part the forensics. The following figure shows the basic procedure for crime scene. Audio video forensics and its data analysis during cyber­
handling the Audio-Video Forensic Analysis: crime Investigations provide better results to present before the law
enforcement.

(4) Audio file forensics:

4
S.M. Pedapudi and N. Vadlamani Measurement: Sensors 29 (2023) 100860

There are various tools available for audio file forensic analysis. One content, Approval of the version of the manuscript to be published.
of them is Sonic Visualizer [21,22]. This is an application for viewing
and analyzing the contents of audio files. Declaration of competing interest
The spectrum can be used for frequency analysis of a particular
audio. Investigators can observe the spectrum to find any abnormality in The authors declare that they have no known competing financial
the audio flow, sound etc. There are various types of spectrum analysis interests or personal relationships that could have appeared to influence
features based on the tool selected. Investigators must select suitable the work reported in this paper.
tools based on the requirement and type of analysis.
The waveform layer of the tool provides audio data in a traditional Data availability
waveform peak display. Activity log of audio-video files provides good
information for analysis. No data was used for the research described in the article.
Investigator can observe the spectrum to find any abnormality in the
audio flow, sound etc. The spectrogram layer shows audio data in the References
frequency domain, with the Y axis corresponding to frequency and the
power (or phase) of each frequency within a given time frame shows by [1] G. Horsman, Unmanned aerial vehicles: a preliminary analysis of forensic
the brightness or colour of the pixels corresponding to that frequency. challenges, Digit. Invest. 16 (2016) 1–11.
[2] B.E. Koenig, Authentication of forensic audio recordings, J. Audio Eng. Soc. 38 (1/
2) (1990) 3–33.
(5) Video file forensics: [3] E.B. Brixen, Techniques for the authentication of digital audio recordings, in: Audio
Engineering Society Convention 122, Audio Engineering Society, 2007, May.
[4] T. Owen, AES recommended practice for forensic purposes-managing recorded
For video file forensics, it is necessary to backup and note hash values audio materials intended for examination, J. Audio Eng. Soc. 44 (4) (1996) 275.
and then the video is converted into multiple jpg files (or any picture [5] J.L. Barron, D.J. Fleet, S.S. Beauchemin, Performance of optical flow techniques,
format). Tool like video to jpg converter for splitting the video file into Int. J. Comput. Vis. 12 (1) (1994) 43–77.
[6] A.J. Fridrich, B.D. Soukal, A.J. Lukáš, Detection of copy-move forgery in digital
number of jpg format pictures for video file analysis and digital forensics
images, in: Proceedings of Digital Forensic Research Workshop, 2003.
investigation. Which is useful to view each frame in depth for detailed [7] S. Rani, Digital forensic models: a comparative analysis, Int. J. Manag. IT Eng.
analysis. A typical output of a video capture is shown in figure-2 which is (IJMIE) 8 (6) (2018) 432–443.
[8] S. Agarwal, H. Farid, Photo forensics from rounding artifacts, in: Proceedings of the
a thumb view of the converted video files into multiple-jpg file. Each jpg
2020 ACM Workshop on Information Hiding and Multimedia Security, 2020, June,
file is name based on the file name selected. pp. 103–114.
The tool, Fast Stone Image Viewer, is type of image browser, con­ [9] K. Ghazinour, D.M. Vakharia, K.C. Kannaji, R. Satyakumar, A study on digital
verter and editor. This tool contains various features like image man­ forensic tools, in: 2017 IEEE International Conference on Power, Control, Signals
and Instrumentation Engineering (ICPCSI), IEEE, 2017, September,
agement, image-viewing, Image-comparison, red-eye removal, image- pp. 3136–3142.
resizing, image-cropping etc. [23] Based on the requirement can be [10] S. Senthivel, I. Ahmed, V. Roussev, SCADA network forensics of the PCCC protocol,
utilized. Any other suitable tools can be used on the requirement basis Digit. Invest. 22 (2017) S57–S65.
[11] J. Stüttgen, S. Vömel, M. Denzel, Acquisition and analysis of compromised
[24]. Here is a typical general example, this was utilized. Screen shot is a firmware using memory forensics, Digit. Invest. 12 (2015) S50–S60.
typical outputs screens were shown in figure-3 Histogram of jpg file [12] J. Kong, Data extraction on mtk-based android mobile phone forensics, J. Digital
useful for viewing different angle of the investigation scene. Forens. Security Law 10 (4) (2015) 3.
[13] M. Petraityte, A. Dehghantanha, G. Epiphaniou, Mobile phone forensics: an
During the analysis, the investigator can observe sudden changes in investigative framework based on user impulsivity and secure collaboration errors,
the video by two side-by-side jpg files. Similarly, Lighting changes in in: Contemporary Digital Forensic Investigations of Cloud and Mobile Applications,
different frames. Investigators need to observe deeply by splitting the 2017, pp. 79–89 (Syngress).
[14] S.C. Sathe, N.M. Dongre, Data acquisition techniques in mobile forensics, in: 2018
same video into more jpg files and detailed analysis, if required, based 2nd International Conference on Inventive Systems and Control (Icisc), IEEE, 2018,
on such tools. An investigator can normally observe and draw a January, pp. 280–286.
conclusion from the selected file by the understanding and usage of the [15] Preeti Mahesh Kulkarni, Bhaskar Nautiyal, Sanjay Kumar, Rani Medidha,
RajeshKumar Rameshbhai Savaliya, Mundhe Eknath, IOT data Fusion framework
tools and procedures. The results and be utilized for analyzing data for
for e-commerce, Measurement: Sensors 24 (2022), 100507, https://doi.org/
Video Forensic Analysis. 10.1016/j.measen.2022.100507. ISSN 2665-9174.
[16] Ram Avtar Jaswal, Sunil Dhingra, Empirical analysis of multiple modalities for
8. Conclusions emotion recognition using convolutional neural network, Measurement: Sensors 26
(2023), 100716, https://doi.org/10.1016/j.measen.2023.100716. ISSN 2665-
9174.
This paper gives a brief overview of the digital forensic approach for [17] R. Chopade, V.K. Pachghare, Ten years of critical review on database forensics
handling audio-video file analysis. This approach helps the investigator research, Digit. Invest. 29 (2019) 180–197.
[18] S. Widup, Computer Forensics and Digital Investigation with EnCase Forensic V7,
for handling audio and video forensics which are useful for identifying McGraw-Hill Education Group, 2014.
the evidence and also helps in preparing the investigator reports. [19] A. Đuranec, D. Topolčić, K. Hausknecht, D. Delija, Investigating file use and
knowledge with Windows 10 artifacts, in: 2019 42nd International Convention on
Information and Communication Technology, Electronics and Microelectronics
Funding (MIPRO), IEEE, 2019, May, pp. 1213–1218.
[20] B. Zawali, R.A. Ikuesan, V.R. Kebande, S. Furnell, A. A-Dhaqm, Realising a push
The authors did not receive any funding. button modality for video-based forensics, Infrastructures 6 (4) (2021) 54.
[21] A. Case, G.G. Richard III, Memory forensics: the path forward, Digit. Invest. 20
(2017) 23–33.
CRediT authorship contribution statement [22] T. Prem, V.P. Selwin, A.K. Mohan, Disk memory forensics: analysis of memory
forensics frameworks flow, in: 2017 Innovations in Power and Advanced
Computing Technologies (I-PACT), IEEE, 2017, April, pp. 1–7.
Srinivasa Murthy Pedapudi: Conception and design of study, Formal
[23] Mohammed Fakhrulddin Abdulqader, Adnan Yousif Dawod, Ann Zeki Ablahd,
analysis, and/or interpretation of data, revising the manuscript, criti­ Detection of tamper forgery image in security digital mage, Measurement: Sensors
cally for important intellectual content, Approval of the version of the 27 (2023), 100746, https://doi.org/10.1016/j.measen.2023.100746. ISSN 2665-
manuscript to be published. Nagalakshmi Vadlamani: acquisition of 9174.
[24] Shahad Lateef abdulwahid, The detection of copy move forgery image
data, Formal analysis, and/or interpretation of data, Drafting the methodologies, Measurement: Sensors 26 (2023), 100683, https://doi.org/
manuscript, revising the manuscript, critically for important intellectual 10.1016/j.measen.2023.100683. ISSN 2665-9174.