Contents
Potentially a great deal. A recording straight off a phone or a dedicated recorder can name the encoder and its exact preset, the app that made it, the container muxer, the sample rate and bitrate written into the header, and the timestamps for when the file was created and last changed. Audio metadata is the fastest, richest read an examiner has, and most people never touch it. The catch is that it only reveals any of this if it survived the trip to you, and none of it is proof on its own. This is the audio counterpart to what does EXIF data reveal.
What audio metadata records
An audio file wraps its samples in a container, and the container carries descriptive tags alongside the sound. MP3 files hold LAME or Xing encoder frames and an ID3 tag block that name the encoder, its preset, and often the software that wrote them. MP4 and M4A files carry an encoder atom and a muxer-distinctive ordering of their internal atoms. Ogg, Opus and FLAC files carry vendor strings that identify the encoding library. Above the format layer sits the recording app’s own signature, and beneath the tags the audio stream’s real sample rate, bitrate and channel layout, which can be compared against what the tags claim. Read together, these fields sketch a surprisingly complete account of how a file was made.
What each field can tell an investigator
| Field | What it can reveal |
|---|---|
| Encoder tag (LAME or Xing frame, MP4 encoder atom, vendor string) | the exact encoder and preset that wrote the file |
| Atom or block ordering | the muxer or app that assembled the container |
| Creation and modification timestamps | when the file was written and last changed |
| Sample rate, bitrate, channel layout | the stream’s real parameters, to check against the tags |
| App signature or device profile | which recording app or phone produced it |
| Editor signature | whether an editing tool touched the file after capture |
The power is in the combination, exactly as it is for a photo’s EXIF. A timestamp and an app signature together place a device and a moment; the encoder tag and atom ordering corroborate which app assembled the file; an editor’s signature shows the recording has been through a workstation since capture.
Structure reveals editing better than labels do
The strongest metadata reads are structural rather than semantic. Instead of trusting a field that reads “Voice Recorder,” an examiner asks where the media-data atom sits, whether metadata lives in the header or the footer, whether a free atom has appeared, and whether an edited file departs from the layout of an untouched capture. DeAngelis (2020) profiled the default voice recorders on four Android phones and found that “all phones investigated had unique audio encoding and container properties,” with one phone holding metadata in the header on an original recording but moving it to the footer, shifting the media-data offset and adding a free atom once the file had been edited or overwritten. The tell is even blunter when an editor is involved: a recording edited in Adobe Audition and copied back onto the phone looked identical in the app, yet the hex footer named Adobe Audition directly, so the file could not be original to the device. Reading container structure to test a claimed origin is established practice, not a research novelty (Koenig and Lacey, 2009).
Metadata as a forensic signal in its own right
Researchers treat the file’s structure as evidence, not convenience. Zeng, Lian and Shi (2019) mapped the iPhone’s Voice Memos app across five handsets and iOS versions and concluded that original recordings show consistent patterns in “file structure, time related file attribute information, application database data.” That last phrase matters: on iOS the file alone may not settle the question, because an original memo should also appear consistently across the app’s own recordings database. They frame the discipline plainly: “Audio authentication examination mainly refers to the professional judgment on whether the recordings are post-processed. Its examination methods include auditory testing, sound spectrum analysis, meta-data analysis, statistical analysis of digital data.” The forensic standard agrees on where structure sits in the workflow: “Analysis of the file structure and metadata of audio files is usually a key component of any digital audio authenticity analysis” (ENFSI, 2022).
What each field is actually worth
Two things do the heaviest lifting. The encoder tag names the exact tool and preset behind the file, so a recording that claims to come straight off a named phone should carry that phone’s known encoder and atom ordering, and a mismatch is diagnostic. The timestamps anchor the file to a moment and can be cross-checked against the story and against each other. But every one of these is a claim, because none of it is signed, and the one trace that does not sit in an editable text field is the codec fingerprint the encoder leaves in the samples themselves: whether a file was ever lossily compressed is recoverable from the signal at about 98.6 percent, independent of the codec (Hennequin, Royo-Letelier and Moussallam, 2017). A tag can say anything; the signal is harder to argue with.
So what is surviving metadata worth?
It is the best lead in the toolkit and the weakest proof. When it is present and untouched, audio metadata names the device family, the app, the encoder and the time in seconds, and casual fakes almost never clean it up. What it cannot do is settle a question by itself, because every byte of it can be rewritten or stripped, which is the subject of can audio metadata be faked. Whether any of it even reaches you is a separate question, since upload and transit routinely remove it, covered in does uploading audio strip its metadata. Read the metadata first, then confirm it against the signal and the wider recording picture in what forensics can learn from a recording. A surviving field is where an examination starts, not where it ends.
Sources
- DeAngelis, G. A. (2020). Analysis of Audio Recordings Made Using Voice Recorder on Android Phones. University of Colorado Denver, National Center for Media Forensics, MS thesis.
- Zeng, Lian, Shi (2019). Forensic Originality Identification of iPhone’s Voice Memos. Journal of Physics: Conference Series 1345:052053. DOI: 10.1088/1742-6596/1345/5/052053
- Koenig, Lacey (2009). Forensic Authentication of Digital Audio Recordings. Journal of the Audio Engineering Society 57(9):662-695.
- Hennequin, Royo-Letelier, Moussallam (2017). Codec Independent Lossy Audio Compression Detection. IEEE ICASSP 2017.
- European Network of Forensic Science Institutes (2022). Best Practice Manual for Digital Audio Authenticity Analysis, ENFSI-FSA-BPM-002.