+- AiOwares (https://www.aiowares.com)
+-- Forum: Cyber & Forensics (https://www.aiowares.com/forumdisplay.php?fid=65)
+--- Forum: Digital Forensic Analysis (https://www.aiowares.com/forumdisplay.php?fid=68)
+--- Thread: Image's metadata and exif (/showthread.php?tid=1798)
Image's metadata and exif - Bl4ckCyb3rEnigm4 - 07-13-2020
When analyzing a image, you have to check the exif and the metadata, here you can find some useful information. The exif, that stand for Exchangeable image file format, contains some information about the camera or the program that edited the image. Here you can find also where the image was taken or which device took it, but sometimes can happen that these information have been removed by softwares or sites.
But before analyzing the original image make a backup and work on a copy not on the original one!!! Since you are searching these info with the goal to bring them to the court, you have to keep in mind that you have to use trusted softwares or your extracted information will be considered not trustworthy.
A known and used forensic tool is Autopsy, this is a multipurpose software that support different devices and analysis methods. This software also supports the creation of a report, the one that you will have to bring to the court as evidence. Every info can be used to prove that the suspect is guilty of a crime.
The images formats that support by default the exif are TIFF and JPEG. Between these information there are some important information like GPS location, camera model(or phone model depending on the device used to shoot it). Some social networks remove them to protect the users privacy. Keep in mind that there are some anti-forensics method that can alter or remove the exif data of an image, the only way to know if the exif have been altered is by using your common sense. For example if you know the suspect is a tech expert you should be cautious to consider the exif metadata as truthful. The goal of the suspect is to make you waste time with false information obtained from the exif(GPS, device name etc.).
Here you can find all the features of autopsy:
Code:
https://sleuthkit.org/autopsy/features.phpCode:
https://www.autopsy.com/download/RE: Image's metadata and exif - Fractal Giant - 03-13-2021
I'm not a forensics person but I am interested in how an image is created and how watermarks work. While futzing with GIMP one day I came across fourier analysis and found that the images on the giant aggregator sites like getty and/or alamy put (what I believe) are spectral watermarks in their images.
These spectral watermarks are not visible and are pretty durable to manipulation.
Fascinating stuff!