A practical guide to investigating deepfakes and synthetic media: why detection is unreliable, building a provenance case with C2PA and SynthID, a verification and chain-of-custody workflow, the scale of the threat, and the India, US, UK and EU legal framework compared.
When the key exhibit in a case is a video, an audio recording, or an image, synthetic-media technology has introduced a question every investigator must answer before that material advances: was this captured, or was it generated?
- Human observers distinguish deepfake video from real footage at barely better than chance. Even the best automated detectors are not decisive on real-world media, so investigators must build a provenance case rather than rely on a detection score.
- C2PA Content Credentials (version 2.3, January 2026) and Google SynthID embed provenance at the point of creation. Both are tools for source tracing, not for retroactive authenticity rulings.
- In January 2024 (disclosed by Hong Kong police that February), engineering firm Arup lost about USD 25 million when a worker, convinced by a deepfaked video call impersonating the CFO and colleagues, made 15 transfers.
- India's IT Rules Amendment 2026, notified 10 February 2026, mandates a visible watermark on AI-generated video, a spoken disclaimer on AI audio, provenance metadata, and a 3-hour removal window for flagged synthetic content.
- For courts, the authenticating question is not whether a classifier says the file is synthetic; it is whether the file has an unbroken, hash-verified history from alleged creation to the exhibit bundle.
Categories of synthetic media
Five technical categories appear in investigations, each with different forensic signatures and different legal implications.
| Category | What it is | Investigative relevance |
|---|---|---|
| Face-swap video | A genuine recording with one person's face replaced by a generative model's output; body, background, and most audio are original | Metadata may reflect the original capture device; look for edge artefacts at the face boundary and lighting or specular-highlight mismatches |
| Full reenactment | A real person's movements and speech drive a synthetic avatar; entirely new facial imagery generated frame by frame | No source recording exists to compare against; temporal inconsistencies in expression transitions are primary signals |
| Fully synthetic face | No real person was filmed; both face and scene are generated, common in fraudulent identity documents and fake profile photographs | EXIF data absent or implausible; reverse image search yields no original; frequency-domain generation fingerprints may persist in uncompressed files |
| Voice clone | A real person's voice characteristics reproduced from a short audio sample using text-to-speech or voice-conversion models | Spectral analysis for formant irregularities and unnatural prosody; no original exists unless a reference recording is located |
| Lip-sync manipulation | Audio of a genuine video replaced or altered so that lip movements appear to match new speech | Audio-visual sync irregularities; phoneme-to-lip timing errors are detectable on frame-by-frame analysis |
Why visual detection is unreliable and getting worse
Detection tools work by learning the statistical signatures that generative models leave behind. Those signatures shrink with each new model generation, and adversarial tuning can erase them deliberately. A 2024 systematic review by Diel and colleagues, pooling 56 studies, found that people distinguish deepfake video from genuine footage with an accuracy of only around 57 percent, barely better than chance. Automated detectors fare better but are not decisive: in the DeepfakeEval 2024 benchmark the best-performing system reached 86.7 percent under test conditions, with strong commercial baselines around 82 percent, and measured accuracy drops sharply when models meet real-world, re-compressed media rather than controlled benchmark samples.
Three compounding factors reduce that already-limited reliability in practice. First, any re-upload through a messaging application or social platform strips proprietary noise signatures and recompresses the file, degrading detection signal. Second, an adversary who knows which detection model will be used can tune output to evade it. Third, a detection percentage is a probabilistic classifier output on a population of files; it is not a statement about a specific exhibit. Presenting a detection score as a definitive finding in a charge sheet or court document will face challenge from any competent defence.
Provenance over detection: C2PA, SynthID, and metadata
The more durable investigative approach is to establish what the file's actual history is, rather than running it through a classifier. Three technical frameworks are in active deployment across platforms and devices.
C2PA Content Credentials. The Coalition for Content Provenance and Authenticity specification, at version 2.3 (published January 2026), attaches a cryptographically signed manifest to media files at the moment of creation or editing. The manifest records the device, software, timestamp, and any AI involvement declared by the tool. By early 2026 the initiative reported more than 6,000 members and affiliates, including Google, Meta, OpenAI, Sony, Nikon, and Leica. Samsung's Galaxy S25 became the first mainstream consumer smartphone to embed C2PA Content Credentials, though on that device the credentials are attached to AI-edited images rather than signed at the moment of every capture. C2PA does not automatically detect deepfakes; it records what the signer asserted about AI use. A manipulator who generates content outside a C2PA-enabled workflow will simply have no manifest. Absence of a manifest on content that claims to originate from a C2PA-capable platform is itself a fact worth documenting in the investigation file.
Google SynthID. Developed by Google DeepMind, SynthID embeds an imperceptible watermark across the visual and audio tracks of AI-generated content. Google reports that more than 10 billion pieces of content have been watermarked with SynthID. Watermarks are applied to outputs from Google's Imagen (images), Veo (video), and Lyria (audio) models. In December 2025, Google extended SynthID verification to the Gemini application, letting users check whether a video was created or edited with Google AI. SynthID watermarks survive moderate re-encoding but may degrade under heavy compression. Crucially, SynthID only flags Google-generated content; it will not detect output from other tools, and absence of a SynthID watermark does not indicate authenticity.
File metadata and EXIF. Authentic photographs taken on modern smartphones carry a consistent EXIF block recording device make and model, GPS coordinates, capture timestamp, software, and colour profile. AI-generated images commonly lack EXIF entirely, carry implausible timestamps, or show software identifiers that belong to generative tools. EXIF is trivially editable; its presence does not establish authenticity. Its absence or internal inconsistency, especially where the claimed source would normally produce it, is the investigatively useful signal.
Error Level Analysis (ELA). ELA identifies image regions re-compressed at a different quality level to the surrounding content, which can signal compositing or manipulation. Standalone ELA applied to deepfake images performs only a little better than chance and should never be presented as a standalone finding of manipulation. It remains a useful initial triage step, particularly in combination with other methods.
Practical verification workflow
- Preserve the original file and hash it immediately. Record a cryptographic hash of the file before any analysis, conversion, or screenshot. Document the acquisition date, time, platform URL, and acquiring officer. Any format conversion after this step must happen on a separate working copy. This hash is the foundation of your chain of custody and your first defence against a "planted evidence" argument.
- Capture full contextual metadata. Record the complete URL or platform path, the account or channel identifier, upload timestamp, engagement counts, and any platform-generated content identifiers. Screenshot the post context including caption, sharing history, and any platform moderation labels. Hash-verify those screenshots separately from the media file itself.
- Run reverse search on images and keyframes. Extract keyframes from any video (on a working copy) and run reverse image search across multiple engines. For fully synthetic faces, no source photograph will exist; that absence is itself a finding. A result showing the same image predates the alleged incident is a powerful investigative fact requiring separate documentation.
- Check for provenance credentials. Open the file in a C2PA-compatible viewer and record the full result: manifest contents, issuing certificate, declared AI flags, and timestamp. If the file claims to originate from a SynthID-enabled platform or tool, request watermark verification. Document the result in both directions: whether credentials are present and what they assert, or whether they are absent from a platform where they should exist.
- Examine EXIF and container metadata. Extract metadata using verified forensic tools and record the tool name and version. Flag absent EXIF where the claimed source would normally produce it. Flag timestamps internally inconsistent with platform upload data. Note software fields that identify AI-generation tools.
- Assess physiological and technical artefacts. Unnatural eye-blinking patterns, inconsistent specular highlights in the iris, skin-texture discontinuities at face boundaries, and phoneme-to-lip timing errors are persistent artefacts in current-generation deepfakes. Document what is observed with specific timestamps and frame numbers. Note explicitly that absence of visible artefacts does not establish authenticity in high-quality generations.
- Trace the source account and publication history. Identify the first account to publish the content and that account's creation date and post history. A newly created account, minimal prior activity, and rapid amplification across coordinated secondary accounts are consistent with a synthetic-media campaign. Serve a preservation notice to the platform before initiating formal data requests, since platforms may rotate logs.
- Obtain qualified forensic expert analysis for evidential use. Where the material will be submitted in prosecution or civil proceedings, retain a qualified digital forensic examiner who can testify to methodology. The examiner's report must specify every tool used, its version, the model's known accuracy limits, and the basis for any conclusion. A report that simply states "this is a deepfake" without documented methodology will not survive adversarial challenge.
Scale and financial impact
| Incident | Date | Method | Loss or outcome |
|---|---|---|---|
| Arup engineering firm (Hong Kong) | January 2024 (disclosed February 2024) | Multi-person video conference with a deepfaked CFO and colleagues; a worker authorised 15 wire transfers after the call | About USD 25 million (HKD 200 million) |
| FBI IC3 AI-fraud category | 2025 (reported 2026) | AI-enabled fraud including voice clones, video impersonation, and synthetic identity submissions; first year IC3 broke this out separately | More than 22,000 complaints; losses exceeding USD 893 million |
Where synthetic media appears in investigations
Non-consensual intimate imagery and sextortion. Generative tools allow the creation of sexually explicit material depicting real people using only publicly available photographs. Investigators encounter this in sextortion cases where the synthetic image is used as a coercive threat, and in harassment cases where it is distributed. The victim may never have appeared in any original intimate content, making traditional image-comparison methods inapplicable.
CEO voice-clone and video-call fraud. Attackers clone executive voices from publicly available audio such as earnings calls or conference recordings, then conduct real-time voice or video impersonation targeting finance staff. The Arup case is the highest-profile confirmed example: a single video call featuring deepfaked colleagues produced about USD 25 million in fraudulent transfers. In lower-value cases, audio-only voice clones are more common because they require less compute and exploit the cognitive pressure of a real-time call.
Identity document fraud. Fully synthetic faces appear in fraudulent know-your-customer submissions at financial institutions. Because the face is generated rather than photographed, reverse image search yields no original, which is itself a forensic signal warranting escalation to specialist review.
Political and reputational disinformation. Fabricated statements attributed to public figures are distributed via social platforms. These cases present compounded jurisdiction challenges: the content creator, the hosting platform, and the subject may each be in different countries, requiring mutual legal assistance frameworks from the outset.
Chain of custody for synthetic media evidence
Synthetic media introduces a double chain-of-custody problem. The investigator must establish two separate things: that the collected file is the file as it existed on the platform (the collection chain), and that the file represents a forensic artefact rather than authentic content (the authenticity chain). Both must be documented independently.
For the collection chain, record SHA-256 hashes at each transfer point, use write-blocked media for storage, and log every person who accessed the file and for what purpose. Platform responses to legal-process requests, whether emergency disclosures, standard productions, or MLAT responses, should themselves be preserved as part of the exhibit documentation, because they establish provenance from the platform's servers rather than from investigator collection alone.
For the authenticity chain, document each analytical step taken on working copies, retain all tool outputs with timestamps, and record the version number and configuration of every forensic or detection tool used. Courts have increasingly required this level of specificity as synthetic-media defences become standard practice. The objective is not to prove beyond all possible doubt that a file is synthetic, but to give the tribunal a complete, honest account of what the investigation found, how it found it, and what its stated limitations are.
Legal framework: a comparative overview
| Jurisdiction | Primary instruments | Deepfake-specific provisions | Labelling or disclosure obligations | Key gaps |
|---|---|---|---|---|
| India | IT Act 2000 (Sections 66C, 66E); Bharatiya Nyaya Sanhita 2023; IT Rules Amendment 2026 | Section 66E: up to 3 years imprisonment and a fine of Rs 2 lakh for publishing images of a private area without consent. Section 66C: up to 3 years for identity theft by electronic impersonation. The BNS came into force on 1 July 2024 and supplies the general offences (cheating, forgery, criminal intimidation) under which deepfake fraud is charged. | IT Rules Amendment 2026 (notified 10 February 2026): platforms must apply a visible watermark on AI-generated video and a spoken disclaimer at the start of AI-generated audio, with provenance metadata identifying the AI tool. Flagged synthetic content must be removed within 3 hours of notice; non-compliance risks the loss of Section 79 safe-harbour immunity. | Section 66E refers to "capturing" images; its application to purely synthetic content not derived from any real recording has not been definitively settled by courts. No standalone deepfake criminal offence yet exists; cases are charged under a combination of IT Act and BNS provisions. |
| United States | TAKE IT DOWN Act (signed 19 May 2025); state statutes including Washington HB 1205 and Pennsylvania Act 35 (both 2025) | TAKE IT DOWN Act: federal offence to knowingly publish non-consensual intimate imagery online including deepfakes; platforms must remove flagged content within 48 hours. Washington HB 1205 (effective 27 July 2025) and Pennsylvania Act 35 (signed 7 July 2025) criminalise forged digital likenesses. Around 64 state deepfake statutes were enacted in 2025; 28 states have disclosure laws for AI-manipulated political content. | State election laws require disclosure labelling on AI-manipulated political content in 28 states. No uniform federal labelling mandate for commercial or non-political content. | No single federal criminal statute covering deepfake fraud or non-sexual defamation. An interstate patchwork creates inconsistent enforcement thresholds. |
| United Kingdom | Online Safety Act 2023; Data (Use and Access) Act 2025; Sexual Offences Act 2003 (as amended) | Sharing intimate deepfakes without consent became a criminal offence on 31 January 2024 (Section 66B, Sexual Offences Act 2003). The Data (Use and Access) Act 2025 additionally criminalises the creation, or requesting the creation, of intimate deepfakes without consent. The sharing offence explicitly covers wholly synthetic images, not only manipulations of real footage. | No standalone labelling obligation yet enacted; Ofcom is developing platform-level codes under the Online Safety Act that will address AI-generated content. | No specific offence for non-sexual deepfakes used for fraud, impersonation, or political manipulation; those cases are charged under the Fraud Act 2006, the Communications Act 2003, or the Malicious Communications Act 1988. Cross-border enforcement remains difficult where perpetrators are overseas. |
| European Union | EU AI Act (Regulation 2024/1689), particularly Article 50; GDPR | Article 50: deployers of AI systems used to create deepfakes must disclose that content has been artificially generated or manipulated, subject to limited exceptions for law enforcement and obviously artistic or satirical works. These transparency obligations apply from 2 August 2026. | Providers must embed machine-readable provenance markers in AI-generated content; deployers must clearly label deepfakes in public communications. The EU AI Office published a first draft Code of Practice on AI-content transparency on 17 December 2025. | Article 50 obligations apply from August 2026; national market-surveillance authorities are still establishing enforcement structures. No EU-level criminal deepfake offence exists; member states retain separate frameworks with widely varying penalties. |
Frequently asked questions
Can a deepfake detection tool's output be submitted as evidence in court?
Detection tool output is expert opinion evidence and is subject to the same admissibility requirements as any other expert testimony. The tool's methodology, training data, version number, known error rates, and the testifying expert's qualifications must all be disclosed. A detection percentage presented without a qualified expert who can explain and defend its basis is unlikely to satisfy the foundational requirements for scientific evidence in most jurisdictions. Treat the detection result as one input into a broader forensic narrative.
If a file has no C2PA manifest and no SynthID watermark, does that mean it is authentic?
No. Absence of provenance credentials means only that the content was not produced through a C2PA-signed or SynthID-enabled workflow. Most files in circulation were created before these tools were widely adopted, and many AI-generation pipelines do not integrate either standard. Absence of a credential is a neutral finding, not an authentication. Document it as such.
A suspect claims the genuine evidence against them is itself a deepfake. How should investigators respond?
This defence is increasingly raised. The response is a complete, hash-verified chain of custody from the source device or platform to the court exhibit, supported by expert forensic analysis of the file's technical provenance. Evidence gathered through formal legal process from a platform is particularly strong, because the platform's own production records establish that the content existed on their servers independently of any investigator action. Provenance documentation assembled before the suspect was aware of the investigation is the most effective counter to a fabrication argument.
What data should investigators seek from platforms through legal process in a deepfake fraud case?
Priority data includes: the original server-side upload file and its server metadata, not the recompressed version served to end users; account registration details including IP address history, device fingerprints, and linked phone numbers; payment or monetisation records where applicable; and any provenance or AI-generation flags that the platform's own moderation systems logged against the content. Platforms that have adopted C2PA or SynthID logging may retain provenance assertion records that are not visible to end users and would not appear in a standard content download.