Hacker 10 – Security Hacker

Tag: digital image forensics

  • Digital image forensics with Ghiro

    Digital image forensics with Ghiro

    Ghiro is an open source tool for image analysis and metadata extraction.  You can install it in a dedicated server or download the .ova appliance for Virtualbox or VMware. Either way you get a web interface to upload images and observe a deep overview of the embedded metadata, like EXIF, IPTC , XMP, GPS coordinates, etc.

    The default web interface username is ghiro and the password ghiromanager they should be changed straight away, specially as the appliance can be remotely accessed with SSH if you uploaded it to a server.

    You can use this tool to compare two images that look the same to the human eye and find out if one of them has been modified by comparing digital signatures, the hashes tab shows the image MD5, SHA1, CRC32, SHA256, and SHA512 hashes. The Error Level Analysis will let you know if the image was edited and MIME information shows extended data about the file you are dealing with, for example, if a jpeg or png.

    Ghiro image forensics appliance
    Ghiro image forensics appliance

    You can extract metadata to find out what device was used to take the photo and if any GPS coordinates were automatically added, like many digital cameras do, in which case an embedded map in Ghiro shows you the exact location of where the picture was taken.

    Other metadata that Ghiro can extract is photo resolution,  focal length and name of the software used to edit the photo if any. A case management tab lets you group images and assign users and permissions to cases.

    This is a scalable professional image forensics tool of benefit for amateurs and professionals alike, it can  detect fake photos, and allows a team of people to work in complex cases with a multiple user dashboard, saving projects, searching for specific image hashes and displaying understandable reports.

    Visit Ghiro homepage

  • Free online image forensic analysis at Fotoforensics

    Free online image forensic analysis at Fotoforensics

    Fotoforensics is a website for advance photo analysis, you can check whether a photo has been modified or not and see embedded metadata that could contain private details, the photos can be uploaded from your PC or directly linked from a URL, there is an optional Firefox browser plugin to make image forensic analysis easier, any image that can be displayed on your browser can be analysed, the plugin gets around sites like Facebook requiring login to view a photograph.

    The service supports .jpeg and .png image formats, the most common image file extensions found on the Internet, the metadata analysis can find out if a graphics editor has been used to modify the image, ACD See for example will embed the program name on the photos it saves, metadata also shows how many times the image has been edited, identity attributes and how the image was managed.

    Image computer forensics Fotoforensics
    Image computer forensics Fotoforensics

    To determine if a photograph has been forged Fotoforensics will use Error Level Analysis to see the image modification percentage, the image will be saved at different compression levels and then compared with a computational algorithm to see the amount of change, this is not an 100% accurate method to detect fake photos, it is possible to defeat image computer forensics algorithms looking at high frequency decomposition by reducing colour, brightness or contrast but there are other photo attributes that can be analysed.

    The website has a very detailed tutorial and FAQ explaining what results you can expect and how to interpret them, you should read it to understand what you are seeing, this is not a tool that will tell you a “Yes” or “No” answer, it is up to you to interpret the results which could turn up to be inconclusive.

    You could use this tool to check that your EXIF image cleaner is working properly but do not upload anything private because the results are saved in a public URL on the server, uploading pornography is not allowed,  to check if an X-rated celebrity photo is real or not you will need to find another place or they will ban your computer IP.

    Visit Fotoforensics homepage

  • Use JPEGSnoop to discover if a digital photo is real or fake

    Use JPEGSnoop to discover if a digital photo is real or fake

    It is very hard to know by just looking if a digital picture has been altered with a graphical editor or it is being presented on its original and raw format. Digital cameras embed all kind of metadata in the pictures they take, data about data found in the digital photographs inside EXIF (Exchangeable image file format).

    JPEGSnoop is a tiny portable open source program that goes beyond extracting EXIF metadata, this free application can indicate the quality of the JPEG image compression used by the camera saving the file, JPEGSnoop uses the fact that each digital camera has different and specific compression quality levels when taking a picture and it compares that unique pattern against its large database of compression signatures reporting what digital camera or graphical editor was used to generate the image, being able to determine if a photograph is truly original or it has been edited with a graphics editor like Photoshop, software graphical editors unique compression signatures are included too in JPEGSnoop database.

    JPEGsnoop reports countless of other details, EXIF / IPTC metadata, Huffman table decode, quantization table matrix (chrominance and luminance), chroma subsampling, JPEG saving settings, JPEG resolution settings, RGB histograms, etc. People who do not need that technical wealth of information about a digital picture can just skip it and look at the EXIF data instead, which normally includes basics like location, model of camera used and date and time.

     

    JPEGSnoop digital photo forensics
    JPEGSnoop digital photo forensics

    JPEGSnoop can open .jpg, .thm (thumbnail), .avi, .dng (digital negatives), .pdf, .mov and extract embedded JPEG files from within them. If the photograph is corrupted and can no longer be viewed JPEGSnoop will try to recover the photograph thumbnail if there is one. This application can be of great use for home users wondering if that famous celebrity in the digital picture is a fake or real photo and it will also be of use for digital image forensic experts and amateur photographers alike.

    There is other software capable of retrieving photographs metadata but JPEGSnoop stands out from the crowd by being the only one I know of able to tell you if the picture was edited with a graphical editor.

    Visit JpegSnoop homepage