Forensics v. Photoshop

Discussion in 'Photography' started by Alan Browne, Sep 18, 2012.

  1. Alan Browne

    Alan Browne Guest

    Alan Browne, Sep 18, 2012
    #1
    1. Advertisements

  2. Alan Browne

    Martin Brown Guest

    Martin Brown, Sep 18, 2012
    #2
    1. Advertisements

  3. Alan Browne

    Alan Browne Guest

    From the video it's clear to me that it's purpose is mostly to raise
    doubt (or avoid it). _any_ amount of _any_ change will be detected by
    that program because of the way it analyzes. That does not mean to say
    it proves that the content of the image is faked. Just not camera original.

    Even if one were to resize (in PS) and then bring that file to court,
    that program will flag it. That's fine. If the defense want to see the
    camera original then that program can validate it. And that may be
    enough for that purpose.
     
    Alan Browne, Sep 18, 2012
    #3
  4. Alan Browne

    Savageduck Guest

    There is other stuff to consider in the world of criminal forensics &
    digital forensics, and quite a few specialize in both the software,
    hardware and analysis areas of this particular area. I have no doubt
    that most insurance companies suspecting fraud would have little
    trouble outing any tricksters.

    < http://www.forensicmag.com/ >
    < http://www.crime-photo.com/ >
    < http://www.veripic.com/index.php?go=polfiregov >
    < http://www.digitalcop.com/ >
    < https://www.swgde.org/links >
     
    Savageduck, Sep 18, 2012
    #4
  5. Alan Browne

    Savageduck Guest

    Here is another paper from my past.
    < http://www.ssddfj.org/papers/SSDDFJ_V1_1_Cohen.pdf >
     
    Savageduck, Sep 18, 2012
    #5
  6. Alan Browne

    Alan Browne Guest

    Raise doubts. It's claim is to look at how images are made (signature)
    by the camera. If there is a doubt it will be raised. A change to an
    image in PS would not pass that.
    Another thread.

    I stopped taking The Economist. Not enough time to read it and
    everything else.
     
    Alan Browne, Sep 18, 2012
    #6
  7. Alan Browne

    Alan Browne Guest

    Alan Browne, Sep 19, 2012
    #7
  8. Alan Browne

    Paul Ciszek Guest

    It should be possible to build a circuit into the sensor chip that
    digitally "signs" each image. If the production facility could be
    trusted to randomly generate the private keys and delete them after
    burning them into each chip, there should be no way short of chip
    surgery to generate correctly signed digital images that do not
    derive from something "seen" by that sensor. The sensor could be
    considered a sort of "trustworthy witness." Unfortunately,

    1) You could always contrive a way to show the sensor a scene generated
    by other means

    2) A friend who works in the industry assures me that the required level
    of chip surgery does exist. Still, it should out of reach for a
    typical sleazy divorce case. And when it comes to something like
    topless pictures of princess Kate, are people going to insist on
    seeing the digitally signed RAW camera files before they get all
    excited?
     
    Paul Ciszek, Sep 19, 2012
    #8
  9. Alan Browne

    Me Guest

    You don't need to manipulate an image to deliberately not show the "truth".
    We need (untampered) video, then you're safe to believe what your eyes
    show you:
     
    Me, Sep 19, 2012
    #9
  10. Alan Browne

    Alan Browne Guest

    A different issue.
    Such would be out of reach of just about everyone except the CEO, the
    chief production engineer and a couple others. If they need to fake an
    image ...
    I'd rather see her in the raw than the image raws.
     
    Alan Browne, Sep 19, 2012
    #10
  11. Alan Browne

    Alan Browne Guest

    Funnily enough I knew what he was going to do before the fake looking
    water stream began flowing. Neat video though.
     
    Alan Browne, Sep 19, 2012
    #11
  12. Alan Browne

    Guest Guest

    Guest, Sep 19, 2012
    #12
  13. Alan Browne

    Peter Jason Guest


    Surely the truth is that someone has invented an
    anti-gravity screen!
     
    Peter Jason, Sep 19, 2012
    #13
  14. Alan Browne

    Savageduck Guest

    Savageduck, Sep 19, 2012
    #14
  15. Alan Browne

    Martin Brown Guest

    Only a cack handed amateur would do it that way. It really isn't that
    difficult to transplant an arbitrary JPEG stream into a given cameras
    signed envelope. Anyone that relies on this tool is an idiot.

    Anyone that pays nearly $1000 for it is dafter still - there is at least
    one free tool called JPEGsnoop which does much the same thing.

    http://www.impulseadventure.com/photo/jpeg-snoop.html

    (there are probably more - this is the one I could recall)

    It isn't rocket science. Photoshop mods to JPEG are trivial to spot
    because Adobe use a custom quantisation table on the resave.
    Not really. Tools to do this have been around more or less since the
    JPEGLIB codec was completed. CJPEG can compress an image with any
    arbitrary quantisation if you ask it nicely. Splicing in the fake Exif
    data for a given camera signature is a pretty trivial binary edit.
     
    Martin Brown, Sep 19, 2012
    #15
  16. Alan Browne

    Alan Browne Guest

    Turn off your assumptions. By signature they are looking at what are
    essentially artifacts of how various cameras generate their output.

    Perhaps "fingerprint" would be a better term.
    It probably is - but that's not what this sw is detecting. Above.
     
    Alan Browne, Sep 19, 2012
    #16
  17. Alan Browne

    Martin Brown Guest

    Certainly if you are working in their firm's marketing department.

    There are a handful of independent JPEG implementations - most follow
    the original spec closely enough that there is little or no distinction
    between them (apart from in PSPro 8 which contained gross errors). It
    has to be like that or you would see much worse artefacts if some JPEG
    encoders made significant mistakes (as in fact happened with PsP 8).

    The only real variation is the exact choice of quantisation table and
    Photoshop is distinctive there, but most of the rest use a scaled
    version of the canonical JPEG standard Qtables from the original spec.
    That is all that they have claimed. I have already pointed a link at
    freeware that does exactly the same job (and much the same way).

    The file signature is pretty much determined by the miscellaneous dross
    that each vendor adds to the header for the JPEG stream and how many
    implementation ambiguities/mistakes they make in their encoding of Exif
    data. Luckily most decoders can cope with quite badly malformed Exif so
    there is scope for recognising certain brands there.
     
    Martin Brown, Sep 20, 2012
    #17
  18. So there's no variation in noise between camera types, sensor
    technology and pixel sizes? There's no different JPEG denoising
    between cameras?

    -Wolfgang
     
    Wolfgang Weisselberg, Sep 20, 2012
    #18
  19. Alan Browne

    Alan Browne Guest

    These folks seem to have statistical evidence to the contrary which
    trumps your knee jerk assumptions.

    It will be judged in the marketplace of those who are concerned with
    such. If there is value it will be quickly found. Or not.
    Again, as if you didn't read the article or see the video, the signature
    aspect has to do with the content, not the additional data.
     
    Alan Browne, Sep 20, 2012
    #19
  20. Alan Browne

    Martin Brown Guest

    I agree. Snake oil will be fairly quickly smoked out.
    Not an assumption at all - I know that for a fact. I have written
    software that analyses damaged JPEGs. There are only a handful of
    cameras and applications that use custom non-standard Qtables that are
    unrelated to the "examples" given in the original spec. Virtually
    everything apart from Photoshop uses scaled copies of the JPEG example.

    One such was PsPro 8 which included a typo in the Y matrix and various
    faulty chroma downsampling algorithms which distorted the results. Such
    errors are rare and are seldom detected by end users.
    I did read the site and their description matches my interpretation of
    what they are offering. The camera "signature" is in the fluff around
    the JPEG stream and not in the coefficient stream itself.

    http://www.fourandsix.com/fourmatch

    Such "signatures" can be easily forged with the right tools.

    The JPEG coefficient stream has a limited number of encoding
    possibilities and only a few of them are actually seen in practice.
     
    Martin Brown, Sep 20, 2012
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.