Featured Post

Welcome to the Forensic Multimedia Analysis blog (formerly the Forensic Photoshop blog). With the latest developments in the analysis of m...

Wednesday, January 22, 2014

Image Authentication Assumptions

I recently received an e-mail from a reader with a single image attached. The question, has this image been altered? Simple question? Not really, it seems.

As a favor, I loaded it into Amped's Authenticate. Sure enough, the image has been through Photoshop as indicated by the various File Analysis filters. So, the image has been "altered."

It could be contextually accurate, even though it's been through Photoshop. Does a curves adjustment invalidate an image from use? The EXIF info shows a size change and a few other problems. But EXIF information can be spoofed. Other things about an image can be fabricated in an attempt to fool authentication software. So, if this was a trial, what would you do? How would you structure your enquiry?

Should I stake my name and reputation on a software's test against a single image without a reference? No way. Not a chance. Have you ever seen a Black Swan?

Thus, I would want a reference image. If the submission is purported to be a "camera original," then I should be able to test against a reference image from the same camera. In other words, I want your camera in my lab to conduct my authentication experiments.

Here's an example that I use in my Image Authentication classes. A person turns in a cell phone picture to the police as proof that a certain ticket and tow was unjustified. In my example, a person received a parking ticket for parking in front of a fire hydrant. The person is seeking not only to have the ticket voided, but is also seeking a refund on towing and impound fees. On the face of it, there is no hydrant in the image. Case closed? No.

To do a proper test, I need a reference image. I need the camera in my lab - in this case, the person's cell phone. I take the necessary reference pictures and find that the image submitted as evidence in traffic court to be a forgery. Oops! Submitting false evidence to the court is a big, big no-no.



The plot on the top is the DCT Plot of the evidence Image. If I have the phone, and I get the actual "original" image off the storage device, these plots should look the same. Obviously, they don't. There are other mismatches as I go through the process, but you get the idea.

The idea, and the point, is that it may be relatively easy to fool an authentication test without a valid reference. It is, however, very hard (Black Swan notwithstanding) to fool a test when you have a valid reference to test against.

The obvious message here is to not even try to submit forgeries into the court system.

But, the thing that scares me about as much as the above scenario is when law enforcement use their personal cell phones to document crime scenes. Here is one instance where "just trying to get something done" can get you into a bit of a bind. If there's a challenge to the authenticity of the images you've generated, we'll need your phone. Will you like what we find? Will you like us rooting around your phone's contents? Remember, if you receive a lawful order from your command to give up the phone to the investigation, it's a lawful order. Eliminate the potential problem and just use a separate point and shoot camera of decent quality, or engage your agency's official resources for photographing evidence.

Finally, and this one ties the whole thing together with the "screen capture rant" that I've been on. You use your personal cell phone to make a video of the monitor of a DVR at a crime scene. You use the video to make the images that lead to an arrest. All's well that ends well? No, hardly. If it turns out that the DVR had usable digital out options (like USB), and you didn't use it to secure the actual evidence, you've' just recorded yourself not properly securing the actual evidence. Oops. In that case, you may lose more than the use of your phone.

To wrap it all up, authentication is a powerful tool when done properly. It's a complex process that involves many moving pieces - the evidence file, the reference file, the reference source, procedures, chain of command, interviews, and so forth. If you're not able to account for the pieces of the puzzle, you may get an incomplete (wrong) picture.

No comments: