Contents
Sanitising a recording to protect a source degrades what an examiner can recover, but it does not defeat a resourced one, so the goal is reduction paired with knowing exactly what survives. Publishing a leaked recording safely is not about producing a perfectly clean file; it is about understanding which traces you removed and which you could not.
What sanitising actually clears
Start with the metadata, because it is the part that strips completely and is worth doing first. An audio file carries a container of tags: ID3 frames on an MP3, Broadcast Wave (BWF) chunks on a WAV, timestamps, device strings, and sometimes location. Public tools such as ffmpeg or mutagen clear that container cleanly. If your source recorded on a phone, the file may name the device, the app and the moment; removing it is the first and easiest win, and remove metadata from audio covers this layer.
That part is closer to document hygiene than to audio forensics. But the tags are the label, not the recording. Clearing them tells you nothing about what the audio signal itself still carries, and the signal is the durable half.
What an examiner still sees
The signal holds a device fingerprint that no tag strip removes. Qamhan and colleagues identified the source microphone from the audio alone at between 97.6 percent and 99.98 percent accuracy, reading the samples rather than any header. Hanilci and colleagues identified the brand and model of fourteen cell phones from recorded speech at 92.56 percent and 96.42 percent, because each device leaves what they called “tell-tale footprints” in the sound.
The instinct to clean up the audio can make this worse, not better. Cuccovillo and colleagues found that denoising a file before analysis produced “an average accuracy increase of about 25%” for microphone classification. Running a noise reducer to tidy a recording can sharpen the very fingerprint you were trying to bury; the denoiser helps the examiner, not the source. Anything that makes the speech cleaner tends to make the device signature cleaner too.
For a source this reframes the whole task. The instinct is to process the audio until it sounds anonymous, but the traces that identify a device are not the ones a listener notices, so a recording can sound thoroughly scrubbed and still classify cleanly to its microphone.
The seam problem
Suppose you scrub each trace you can find. The signals that remain still have to be internally consistent, and an examiner cross-checks them against one another. Chuang, Garg and Wu studied this contest directly in the context of electrical network frequency analysis, framing it as “the dynamic interplay between forensic analysts and adversaries.” Their conclusion is the one that matters for a source: concealment is not free. As they put it, “Concealment techniques that can circumvent detection are also discussed and their corresponding trade-offs are examined.” Every trace you alter can leave a seam, and a court-grade verdict of “this recording was scrubbed” is itself a finding, not a clean pass.
The electrical hum is a worked example
The clearest case is the electrical network frequency, the faint 50 hertz or 60 hertz hum a mains-powered or nearby recording picks up from the grid. It behaves like a timestamp. But removing it is not a silent erase: Chuang and colleagues showed that anti-forensic operations on the ENF signal are themselves detectable, and the examiner can adapt to them. Take the hum out and you may have swapped a timestamp for evidence that a timestamp was removed, which for a cautious source is a worse position, not a better one.
The only clean file is a regenerated one
Per-trace scrubbing hits a wall because the survivors have to agree with each other. The one operation that yields a natively consistent file is full regeneration or re-recording. Müller and colleagues showed that re-recording audio through real speakers and microphones can make a synthetic sample read as authentic, “removing subtle artifacts that detection models rely on for identification,” but it captures the room and the hardware in exchange. That route, and its own cost, is covered in make audio untraceable. If your concern is whether an edit or splice can be spotted, see audio tampering detection.
For a source, the safe posture is a plain one: remove what you can, publish knowing the microphone fingerprint and the room survive, and never promise a source more than reduction. Often the safest published form is not the most heavily processed file but the least exposed one: a transcript instead of audio, a short excerpt rather than the whole recording, or withholding the file until editorial, legal and safety review are done. Sanitising lowers the resolution of the trace; it is not anonymity. The tag is the label; the signal is the evidence.
Sources
- Chuang, Garg, Wu (2013). Anti-Forensics and Countermeasures of Electrical Network Frequency Analysis. IEEE Transactions on Information Forensics and Security.
- Cuccovillo, Giganti, Bestagini (2022). Spectral Denoising for Microphone Classification. ACM International Conference on Multimedia Retrieval.
- Hanilci, Ertas, Ertas, Eskidere (2012). Recognition of Brand and Models of Cell-Phones From Recorded Speech Signals. IEEE Transactions on Information Forensics and Security.
- Müller, Kawa, Choong, Stan, Bukkapatnam, Pizzi, Wagner, Sperl (2025). Replay Attacks Against Audio Deepfake Detection.
- Qamhan, Alotaibi, Selouani (2023). Source Microphone Identification Using Swin Transformer. Applied Sciences.