Presentation is loading. Please wait.

Presentation is loading. Please wait.

EXIF Data and Imagery Forensics

Published byAlexander Alexander Modified over 5 years ago

Similar presentations

Presentation on theme: "EXIF Data and Imagery Forensics"— Presentation transcript:

1 EXIF Data and Imagery Forensics

2 Overview Why are images important? What is EXIF Data?
What does EXIF data tell us? The reliability of EXIF Data Are images reliable? Hiding stuff Steganography Lies, damn lies, and images

3 Why are images Important?

4 Why are images Important?
/

5 Why are images Important?
Abraham Lincoln on John Calhoun’s body

6 Why are images Important?
Shahab-3 with enough range to hit Israel

7 Why are images Important?

8 Why are images Important?

9 Why are images Important?

10 What is EXIF Data? Created in 1998…good God I am old
Meta-data…data about data…so in this case data about the picture Latest version as of April 2010 When employed in a JPEG uses APP1 (segment 0xFFE1), which can hold an entire tiff inside…EXIF data storage depends on the file format EXIF data are embedded within the image file.

11 What is EXIF Data? Aperture Value 2.8 Color Space sRGB
Create Date 2010:01:11 18:05:47 5 hours, 8 minutes, 12 seconds ago Date/Time Original 2010:01:11 18:05:47 Exif Image Size 600 × 800 Exif Version 0221 Exposure Mode Auto Exposure Program Program AE Exposure Time 1/10 F Number 2.8 Flash No flash function Flashpix Version 0100 Focal Length 3.9 mm GPS Altitude 49 m GPS Altitude Ref Above Sea Level GPS Dilution Of Precision 5 GPS Img Direction GPS Img Direction Ref True North GPS Latitude degrees GPS Latitude Ref North GPS Longitude degrees GPS Longitude Ref West GPS Time Stamp 18:05:47 ISO 1,016 Make Apple Metering Mode Spot Camera Model Name iPhone 3GS Modify Date 2010:01:11 18:05:47 Resolution 72 pixels/inch Sensing Method One-chip color area Sharpness Normal Shutter Speed Value 1/10 Software 3.1.2 White Balance Auto Y Cb Cr Positioning Centered JFIF

12 Weird photo to post

13 EXIF data location Shown taken with an iphone 3s, and had location settings on…

14 What is EXIF Data? A little bit better view…divided by tags and neatly organized

15 What is EXIF Data? Have we thought about what all we can store in this? Is this like slack space? Exif stomper…if you use an old program to resave the files, one that doesn’t support exif data, then the exif information is stripped. What if you scan a picture? What if you copy and paste, save as, etc?

16 What does EXIF data tell us?
EXIF data generally gives us information about a picture.

17 ExifTool by Phil Harvey
Christopher-Perrs-MacBook-Pro:bin cwperr$ exiftool -a -u -g1 /Users/cwperr/Desktop/photo.JPG Christopher-Perrs-MacBook-Pro:bin cwperr$ exiftool -a -u -g1 /Users/cwperr/Desktop/photo.JPG ---- ExifTool ---- ExifTool Version Number : 8.85 ---- System ---- File Name : photo.JPG Directory : /Users/cwperr/Desktop File Size : 1703 kB File Modification Date/Time : 2012:03:27 15:22:17-05:00 File Permissions : rw-r--r-- ---- File ---- File Type : JPEG MIME Type : image/jpeg Exif Byte Order : Big-endian (Motorola, MM) Image Width : 3264 Image Height : 2448 Encoding Process : Baseline DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2) ---- IFD0 ---- Make : Apple Camera Model Name : iPhone 4S Orientation : Horizontal (normal) X Resolution : 72 Y Resolution : 72 Resolution Unit : inches Software : 5.0.1 Modify Date : 2012:03:26 12:57:32 Y Cb Cr Positioning : Centered ---- ExifIFD ---- Exposure Time : 1/20 F Number : 2.4 Exposure Program : Program AE ISO : 80 Exif Version : 0221 Date/Time Original : 2012:03:26 12:57:32 Create Date : 2012:03:26 12:57:32 Components Configuration : Y, Cb, Cr, - Shutter Speed Value : 1/20 Aperture Value : 2.4 Brightness Value : Metering Mode : Spot Flash : Auto, Did not fire Focal Length : 4.3 mm Subject Area : Flashpix Version : 0100 Color Space : sRGB Exif Image Width : 3264 Exif Image Height : 2448 Sensing Method : One-chip color area Exposure Mode : Auto White Balance : Auto Focal Length In 35mm Format : 35 mm Scene Capture Type : Standard Sharpness : Normal ---- GPS ---- GPS Latitude Ref : North GPS Latitude : 32 deg 36' 24.60" GPS Longitude Ref : West GPS Longitude : 85 deg 28' 36.60" GPS Time Stamp : 18:32:42 GPS Img Direction Ref : True North GPS Img Direction : ---- IFD1 ---- Compression : JPEG (old-style) Thumbnail Offset : 882 Thumbnail Length : 9755 ---- Composite ---- Aperture : 2.4 GPS Latitude : 32 deg 36' 24.60" N GPS Longitude : 85 deg 28' 36.60" W GPS Position : 32 deg 36' 24.60" N, 85 deg 28' 36.60" W Image Size : 3264x2448 Scale Factor To 35 mm Equivalent: 8.2 Shutter Speed : 1/20 Thumbnail Image : (Binary data 9755 bytes, use -b option to extract) Circle Of Confusion : mm Field Of View : 54.4 deg Focal Length : 4.3 mm (35 mm equivalent: 35.0 mm) Hyperfocal Distance : 2.08 m Light Value : 7.2 Christopher-Perrs-MacBook-Pro:bin cwperr$ exiftool -a -u -g1 /Users/cwperr/Desktop/photo.JPG ---- ExifTool ---- ExifTool Version Number : 8.85 ---- System ---- File Name : photo.JPG Directory : /Users/cwperr/Desktop File Size : 1703 kB File Modification Date/Time : 2012:03:27 15:22:17-05:00 File Permissions : rw-r--r-- ---- File ---- File Type : JPEG MIME Type : image/jpeg Exif Byte Order : Big-endian (Motorola, MM) Image Width : 3264 Image Height : 2448 Encoding Process : Baseline DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2) ---- IFD0 ---- Make : Apple Camera Model Name : iPhone 4S Orientation : Horizontal (normal) X Resolution : 72 Y Resolution : 72 Resolution Unit : inches Software : 5.0.1 Modify Date : 2012:03:26 12:57:32 Y Cb Cr Positioning : Centered ---- ExifIFD ---- Exposure Time : 1/20 F Number : 2.4 Exposure Program : Program AE ISO : 80 Exif Version : 0221 Date/Time Original : 2012:03:26 12:57:32 Create Date : 2012:03:26 12:57:32 Components Configuration : Y, Cb, Cr, - Shutter Speed Value : 1/20 Aperture Value : 2.4 Brightness Value : Metering Mode : Spot Flash : Auto, Did not fire Focal Length : 4.3 mm Subject Area : Flashpix Version : 0100 Color Space : sRGB Exif Image Width : 3264 Exif Image Height : 2448 Sensing Method : One-chip color area Exposure Mode : Auto White Balance : Auto Focal Length In 35mm Format : 35 mm Scene Capture Type : Standard Sharpness : Normal ---- GPS ---- GPS Latitude Ref : North GPS Latitude : 32 deg 36' 24.60" GPS Longitude Ref : West GPS Longitude : 85 deg 28' 36.60" GPS Time Stamp : 18:32:42 GPS Img Direction Ref : True North GPS Img Direction : ---- IFD1 ---- Compression : JPEG (old-style) Thumbnail Offset : 882 Thumbnail Length : 9755 ---- Composite ---- Aperture : 2.4 GPS Latitude : 32 deg 36' 24.60" N GPS Longitude : 85 deg 28' 36.60" W GPS Position : 32 deg 36' 24.60" N, 85 deg 28' 36.60" W Image Size : 3264x2448 Scale Factor To 35 mm Equivalent: 8.2 Shutter Speed : 1/20 Thumbnail Image : (Binary data 9755 bytes, use -b option to extract) Circle Of Confusion : mm Field Of View : 54.4 deg Focal Length : 4.3 mm (35 mm equivalent: 35.0 mm) Hyperfocal Distance : 2.08 m Light Value : 7.2

18 Reading Commands

19 Writing Commands Write new information? Delete all? Find keywords
Adjust date and time…forensics investigators don’t like when their timestamped gets messed with…messes the timeline all up.

20 The reliability of EXIF data
So how reliable is this? Let’s discuss… What are some ways to verify?

21 Cool stuff found in exif data

22 Clearing and Hiding Information
You can tell…all the previous information is gone…there is a message hidden as a comment…I did this yesterday after school….file size information? Etc?

23 Changing GPS information
Use a track.log file

24 Location

25 Just need a new GPS .log file…

26 Change that up a bit…

27 Now the picture says it is here…

28 Just to Verify

29 Tools iSteg - http://www.hanynet.com/isteg/index.html
Hide in Picture – Pict Encrypt Just cat the files? cat somefile.zip >> somefile.gif

30 Possible detection? Outguess, StegDetect Try to open all the pictures?
Problem is usually password protected George Traywick’s PhD Dissertation Looking for traces of Steganography, something which narrow down the pool of possibilities

31 Are images reliable?

32 Are images reliable?

33 Questions?

34 Links to Tools Geosetter Exiftool FTK GPS Photo Linker ExpertGPS
Exiftool FTK GPS Photo Linker ExpertGPS

35 References http://www.errorlevelanalysis.com/

36 Cool Video to Watch

Download ppt "EXIF Data and Imagery Forensics"

Similar presentations

Chapter Six Digital Photography Foundations (How to use the various settings on your digital camera)

Chapter Six Digital Photography Foundations (How to use the various settings on your digital camera)
Camera Basics What is a photograph and why do we take pictures? What is a camera?

Camera Basics What is a photograph and why do we take pictures? What is a camera?
Set the Camera Options  Resolution  Focus  Exposure  Zoom  Flash  Self-Timer/Remote Control.

Set the Camera Options  Resolution  Focus  Exposure  Zoom  Flash  Self-Timer/Remote Control.
Manual Camera Settings

Manual Camera Settings
Introduction to Digital Photography Key West Naval Air Station Earl D. Gates.

Introduction to Digital Photography Key West Naval Air Station Earl D. Gates.
CASTLEFORD CAMERA CLUB DSLR Introduction- Session 2 Auto and Manual Modes.

CASTLEFORD CAMERA CLUB DSLR Introduction- Session 2 Auto and Manual Modes.
Exposure & Settings: P-2202 1 Exposure & Settings.

Exposure & Settings: P Exposure & Settings.
Camera Functions Shooting Mode ISO White Balance Meter Image Quality Drive Mode.

Camera Functions Shooting Mode ISO White Balance Meter Image Quality Drive Mode.
Module 1 Digital Cameras. Image Capture Instead of film, a digital camera uses a device called a CCD (charge coupled device).

Module 1 Digital Cameras. Image Capture Instead of film, a digital camera uses a device called a CCD (charge coupled device).
Graphics and Still Images John H. Krantz Hanover College.

Graphics and Still Images John H. Krantz Hanover College.
Physical, Logical, Conceptual DSA Lecture 2 2006-7.

Physical, Logical, Conceptual DSA Lecture
Managing and Editing Your Photos

Managing and Editing Your Photos
Modern Remote Control Copyright

Modern Remote Control Copyright
© Tracey Garvey Photography www.tgarveyphotography.com.

© Tracey Garvey Photography
Photography Basics. The Process The Exposure - Camera and Lens Developing - Dark Room or PS… Printing – Darkroom or InkJet.

Photography Basics. The Process The Exposure - Camera and Lens Developing - Dark Room or PS… Printing – Darkroom or InkJet.
Lesson Objectives Explain the representation of an image as a series of pixels represented in binary Explain the need for meta data to be included in the.

Lesson Objectives Explain the representation of an image as a series of pixels represented in binary Explain the need for meta data to be included in the.
Making the best pictures You could possibly make.

Making the best pictures You could possibly make.
Digital Photography Vocabulary www.youtube.com/watch?v=#109B1C.

Digital Photography Vocabulary
Communication Technology How do we communicate and store information in the modern world? How can our communications and data be interrupted, changed,

Communication Technology How do we communicate and store information in the modern world? How can our communications and data be interrupted, changed,
Shooting. Initial Camera Settings Cameras have default settings for picture quality. The school’s cameras are no exception. Camera resets to default settings.

Shooting. Initial Camera Settings Cameras have default settings for picture quality. The school’s cameras are no exception. Camera resets to default settings.

Similar presentations

Ads by Google