Top 3 clues to help determine if Jpeg files are original captured files.

Started by AL10, October 08, 2017, 04:28:38 PM

Previous topic - Next topic

AL10

My main purpose for using the exifTool is to help me analyze if I'm receiving true copies of original files from photographers. I need to make sure that the files they submit to me are in fact copies of the original shot jpeg files, and not jpeg files that were opened and saved over in other software. So, in one instance I know I can look if "Creator Tool" reads a software name which would indicate the file was opened and saved over. However, in the script I've attached there is no "Creator Tool" attribute returned by the exifTool. So, does this mean this is in fact an original? However, I ran this photo through Izitru's API software and it returned saying it matched software compression to the following software 'ACDSee Pro, Gimp, ''iPhoto, Matlab, Photo ' 'Mechanic, Picasa, ' 'Pixelmator'.

The photographer has told me that he shoots raw with copies of jpegs in B/W and this file is the B/W jpeg file that accompanied the raw file.  I would like to know what attributes returned by the exifTool can help me determine if this and other jpeg files I receive are in fact copies of what came from the camera and not files that were saved over and potentially edited in other software.

*Please note for privacy purposes ive deleted the file directory and artist name.

StarGeek

This... is complicated.

The fact that the camera is saving them in black & white means that additional processing is going on inside the camera.  All cameras do some processing on the raw data to make them pop more, but special effects and filters may call upon something different in the camera which may change the metadata that is output.  You couldn't know without checking the camera model and this isn't info that someone's likely to compile a list of.

But as for your output, two things jump out at me.  First is the Software tag.  This is set to Digital Photo Professional, which appears to be Canon's image processing software which is probably included in every box.  If Digital Photo Professional has the ability to transfer images from the camera to the computer, then it could be changing the metadata as it does so.  I know Nikon software does this (and can really mess up the metadata as it does).  But I can't find any evidence that Digital Photo Professional has this ability.

There is also the possibility that the process of converting the raw image data to B/W inside the camera uses some routines imported from Digital Photo Professional and this changes the metadata output.  I can't verify this possibility because I can't find any examples B/W images online to check.

But more importantly, this image contains an ICC_Profile.  This is something that good image processing software will add and not something an DSLR camera will add.  Additionally, none of the two sample images for the Canon EOS-1D X Mark II from Canon's website include an ICC_Profile in them.  IMO, this is a pretty strong indication that this image has been through an image processing program, most likely the Digital Photo Professional program.

One thing to note, though.  This file hasn't necessarily been "opened and saved over."  This could be an image that was loaded from the raw into Digital Photo Professional and then saved as a jpg.
"It didn't work" isn't helpful. What was the exact command used and the output.
Read FAQ #3 and use that cmd
Please use the Code button for exiftool output

Please include your OS/Exiftool version/filetype

Stephen Marsh

From my understanding of the capabilities of ExifTool, this is not standard or easy...

You would likely need a tool used for digital forensics. From my basic understanding of one of the possibilities, you can use the JPEG quantization tables/discrete cosine transform (DCT) info in the file to compare to the known source. For example, Photoshop uses a different method of saving a JPEG than say the Camera or manufacturer raw conversion tool. So if a file was meant to be "straight out of the camera" the DCT or other info should match the camera, not Photoshop.

http://129.170.212.26/reports/TR2006-583.pdf

https://dfrws.org/sites/default/files/session-files/pres-using_jpeg_quantization_tables_to_identify_imagery_processed_by_software.pdf

This sounds like what you are doing with "Izitru's API". I would not rely on metadata alone.

Good luck!

Phil Harvey

Unless someone is very good at metadata manipulation, there are almost always traces in the metadata if an image has been edited.  But to conclusively say an image file was manipulated, you need to compare with an original sample from the same camera model.  Comparing the ExifTool -a -G1 outputs and looking at the -htmlDump structure will usually turn up differences if the image has been edited.  Some of the possible differences were mentioned in previous posts, but there are a lot of other things to look for as well (too many to mention here).

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

Alan Clifford

What happens if you get a photo from someone like me?  There is no "original" jpeg as I shoot raw only.   I could send you a jpeg generated from the raw using the in-camera software I think. But that wouldn't be "original".  Or I could send you a jpeg generated from the raw in software on my computer.  That wouldn't be "original either.

It is possible to human edit jpegs using in-camera software.  Would such a jpeg be considered original?  I'm not sure that you could distinguish such a jpeg from one generated from a raw file that hadn't had human manipulation but had algorithmic manipulation used by the camera software to generate the jpeg.

AL10

Here is the verdict:

After digging around in Digital Photo Professional (DPP) I found that there is a very modest clone tool and no warping tools. To add to this, there is no way of doing any composite work in DPP which tells me there is very little editing that can be done to an image. What I did, was used the clone tool and saved over the image. I opened that image again with the clone adjustments and hit the"revert to originial" button which does in fact revert it to its original state BECAUSE the edits were done in DPP. Whats great (in my case) with DPP is that ANY changes made in DPP can be reverted, as I just did. So the fact that exiftool showed me that the image was only opened in DPP does in fact tell me that any edits made in DPP can be reverted.

Just to be extra sure I sent this DPP edited image to another computer with DPP installed and was able to revert to original on that computer.

Phil Harvey

If you do something like export the edited image from DPP then you won't be able to revert to the original.

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).