+7 (812) 926 64 74

Photo Manipulation (Forgery) Detection

Are digital images submitted as court evidence genuine, or have the pictures been altered or modified? Belkasoft developed a solution that helps you find out. Belkasoft Forgery Detection Plugin automates authenticity analysis of JPEG images. The tool produces a concise estimate of the image's authenticity, and clearly displays the probability of the image being forged on a scale of 1-100.

The Forgery Detection plugin can reliably detect forged and tampered photos among the thousands of files available on a computer. A unique feature of this plugin is the ability to detect manipulated images based on analysis of JPEG compression and quantization artifacts. The plugin offers reliable detection of images and videos that were edited, modified or manipulated on a PC after they've been taken with still or video camera.

Why Using Belkasoft Forgery Detection Plugin

  • Detects fake evidence automatically
    Automates the detection of altered, modified and forged images taken with the widest range of digital cameras.  
  • Concise reporting
    The probability of an image being forged or genuine is reported on a numeric scale of 1 to 100.   
  • Based on comprehensive scientific research
    The tool is based on a scientific research performed and published by the tool's developers.   
  • Robust digital analysis
    Analyzing the images in digital domain results in repeatable performance and reliable results.   
  • Makes expert work easier
    Many signs of a forged image will escape the human eye completely. Performing a bit-level analysis is a great addition to what can be seen by the human eye.   
  • Fast batch processing
    Allows processing hundreds of images in a matter of minutes.   
  • Eliminates false positives
    Altered, modified and re-saved images are detected with extreme reliability.   
  • Supports about 3,000+ camera models
    At least 100 images were taken with each camera and carefully analyzed before adding it to a database of supported models.

The Technology

At a glance, the plugin employs innovative heuristic algorithms to calculate the probability of the forgery for each particular image. The algorithms assign files numeric values corresponding to the probability that the file has been manipulated. The plugin detects double compression artifacts that are typical for JPEG images lossy compression algorithms. The presence of such artifacts in an image is a reliable sign of the image being edited and saved.

In addition, the plugin checks for various bits and pieces of information that should be present in images when they come off a particular camera such as camera-specific tags and EXIF data. These bits and pieces are often dropped by image editing software. The Forgery Detection plugin comes with a comprehensive camera database containing information about more than a thousand popular camera models. By comparing the features present in a particular photo or video file with ones expected from camera, the Forgery Detection plugin can detect manipulation attempts.

Photos with Forged Digital Signatures

Today's high-end digital cameras such as those produced by Canon or Nikon can digitally sign images to ensure their authenticity. In theory, when such images are altered, the embedded digital signature will no longer validate. Unfortunately, the technology is inherently flawed. There are tools allowing to put a valid digital signature on obviously fake images. It only takes minutes to produce a set of forged images that successfully pass validation with Nikon Image Authentication Software or Canon Original Data Security Kit (OSK-E3).

Therefore, digital signatures cannot be trusted, and should be disregarded completely as a positive proof of authenticity.

The Forgery Detection plugin looks elsewhere in the image to find signs that the image has been forged or altered.

How It Works

Error Level Analysis

Manipulation attempts are detected by comparing compression quality between different areas of the image.

Clone Detection

Cloning, copying and pasting of certain objects or areas in the image is detected with scaling and rotation support.

Quantization Table Analysis

Digital cameras and PC-based image editing tools use different quantization tables when saving encoding images into JPEG format. Quantization tables can be extracted and analyzed. If the tables are different from those used by the camera model as specified in the image's EXIF information, then a manipulation attempt is present.

Double Compression Artifacts

JPEG is a lossy compression format, meaning that certain artifacts are introduced every time an image is saved. By opening, editing and saving a JPEG picture, one inevitably introduces compression artifacts that were not present in the original JPEG. As certain correlation of neighboring pixels is only present in JPEG images when they are opened and compressed again, it becomes possible to detect these artifacts and bring investigator's attention to the altered image.

Double Quantization Effect

This algorithm is based on certain quantization artifacts appearing when applying JPEG compression more than once. If a JPEG file was opened, edited, then saved, certain compression artifacts will inevitably appear.

In order to determine the double quantization effect, the algorithm creates 192 histograms containing discrete cosine transform values. Certain quantization effects will only appear on these histograms if an image was saved in JPEG format more than once. If the effect is discovered, we can definitely tell the image was edited (or at least saved by a graphic editor) at least once. However, if this effect is not discovered, we cannot make any definite conclusions about the image as it could, for example, be developed from a RAW file, edited in a graphic editor and saved to a JPEG file just once.

Foreign Artifacts and Pasted Image Detection

An image saved by a certain camera model features a characteristic camera response function. The function describes the dependency of pixel's color on the amount of light falling to that pixel. A camera response function is computed for each camera model, and compared to the same function applicable to different areas in the image. If the two functions diverge, the Forgery Detection plugin assumes that the region has possibly been altered.

Supported Camera Models

We proudly support about 3,000+ camera models from a wide range of manufacturers. For supported cameras, Belkasoft Forgery Detection Plugin keeps a record of all standard EXIF tags, and recognizes the specific nuances of each camera's JPEG output, like standard quantization table and quality parameters. If a camera model is available in our database, any alterations to images captured with that model are spotted much easier.

Click here for the complete list of supported camera models.

How to Download and Test

Starting with Belkasoft Evidence Center 5.4, the Forgery Detection Plugin is included with every installation. No separate download is required. You can request a demo version of Belkasoft Evidence Center to see how forgery detection works.

Please also refer to the Forgery detection help page. See also our article on forgery detection.

Purchase Forgery Detection Plugin

You can purchase Belkasoft Forgery Detection Plugin here. Please note that you must have purchased Belkasoft Evidence Center (Ultimate edition) in order to run the plugin.

О компании