Magnet Axiom Result Support

Understanding Medex Results within Magnet Axiom

Learn more below about how to interpret the results you found when analyzing video evidence using the Medex Forensics option found in the Analyze Media feature within your Magnet Axiom product.

Below is a data dictionary to help you understand the data that can be reported from Medex Forensics’ API to Magnet Axiom.

If you see a data point in your result set, please find the label below and read the explanation of that value:

INSIGHTS

This is an array of data points that Medex generates dynamically based on the presence or absence of certain indicators within a given file’s binary structure. Indicators that may appear in this array include (and are exported as narrative strings):

Camera Original Indicator – A narrative string value that reads out the Medex summary opinion of whether a file is consistent with a camera original file or not. In cases where the answer is that the file is not consistent with a camera original file, then a second sentence will note why it is not.

Last Generation Indicator – A narrative string value that reports on any internal structures within the examined file that are known to be unique to a specific software or hardware encoder.

Brand Indicator – A narrative string value that reports on any internal structures within the examined file that are known to be unique to a specific brand of camera.

Device Indicator – A narrative string value that reports on any internal structures within the examined file that are known to be unique to a specific device (or model) of camera.

SIGNATURE MATCH

If Medex makes a full structural signature match between the examined file and the known structural signatures in the Medex Reference Library, then Medex will report the internal Medex identifier for that known structural signature, e.g., rl.1193. If Medex makes a match the identifier will always begin with “rl”. If Medex does not make a match, then an identifier that begins with “pf” will be reported, e.g., “pf.432”. These identifiers will allow Axiom and/or Axiom users to communicate with Medex if needed about the actual internal signature found in the examined file.

LAST GENERATION

This is a string list of distinct last generations that Medex identified as possibilities for this file based on the structural match Medex made. If Medex finds a full structural match of the examined file’s structure within the Medex Reference Library, then Medex will list here the distinct last generations for all of the files that Medex has seen with the same internal file structure.

BRAND

This is a single string of a distinct brand that Medex identified as a possibility for the camera that originally created this file based on the structural match Medex made. If Medex finds a full structural match of the examined file’s structure within the Medex Reference Library, and if only one Brand is known to create files with the same internal file structure as the examined file, then that Brand will be reported. If more than one Brand is found, then Medex will report “Multiple” here.

MODEL

This is a single string of a distinct device (model) that Medex identified as a possibility for the device model that originally created this file based on the structural match Medex made. If Medex finds a full structural match of the examined file’s structure within the Medex Reference Library, and if only one device (model) is known to create files with the same internal file structure as the examined file, then that device (model) will be reported. If more than one device (model) is found, then Medex will report “Multiple” here.

PROPRIETARY STRUCTURES

This is a boolean (i.e., true or false) value that Medex will report based on whether or not the examined file has internal data structures that ARE NOT typically parsed by standard metadata extraction tools. Medex will report an array of “ProprietaryStructuralData” if any are present in a file. Each entry in the array will include “Name” of the structure, “Start” (starting offset in the file in decimal relative to the beginning of the file), “End” (ending offset in the file in decimal relative to the beginning of the file). This would allow Axiom to allow users to click into the actual location of the file via Axiom’s hex editor if they had interest to see what data is present in the identified proprietary structure.

CONTENT CREDENTIALS

Medex supports the identification of the presence of any C2PA (https://c2pa.org/) manifests stored within a video file. If present, Medex will also attempt to assess the cryptographic validity of the manifest. Medex will report one of the following: Not found; Valid; Invalid. This is not a high priority for LE, but it is an emerging schema sponsored by Microsoft Intel, and Adobe for media files. Since we support it, we thought it might be of value to report it to Axiom via our API.

If you need more information or would like advanced support in your analysis, please contact [email protected], or fill out the contact form on this website.

The Medex Forensics team will be with you as soon as possible to help!