Is ExifTool forensic enough?

Johan7777 · April 01, 2017, 12:16:00 PM

Hi folks,

I want to find out if ExifTool can distinguish between original raw video file and a file that has been manipulated on a computer.
For example if somebody has shot a UFO - can I find out with ExifTool if that is a genuine raw video material or simply a CGI video?
If ExifTool can't see a difference, can anyone please suggest a better and more forensic video software that could do just that? Thank you very much.

Janez

Phil Harvey · April 01, 2017, 02:17:16 PM

ExifTool can not be used to prove that something is authentic.

It can however often be used to demonstrate that a file has been manipulated.

- Phil

Johan7777 · April 02, 2017, 06:54:37 AM

Thanks Phil, but I am getting lost here.

You said to me in a private message you could manipulate any metadata without leaving any traces. But now you say ExifTool can be used to demonstrate that a video file has been manipulated.

The question I have is simple: can I place a bet of 10.000 euros on my site (https://www.facebook.com/Cropcirclechallenge) to challenge anybody who says they can manipulate the video (eg. UFO video) without me - or you, for that matter - finding out?

I really need to get to the bottom of this. I appreciate your help very much.

Best,
Janez

Phil Harvey · April 02, 2017, 09:00:00 AM

Hi Janez.

It isn't that complicated. Given a modified file you can often tell if it was modified using ExifTool. But if you can't tell that it was modified then you can never say for sure it is authentic -- it just means that you can't tell.

- Phil

Johan7777 · April 02, 2017, 09:56:42 AM

Dear Phil,

I understand that of course, .. I think...

But the main question is not if somebody can modify metadata with ExifTool.

The main question is this: can a video that was done on a computer with eg Premiere or Final Cut or After Effects(showing beautiful lights, UFOs, whatever) be manipulated to the way that its metadata looks like it is a raw video file shot by a Sony camcorder for example?

Also, it would be interesting to see if there is eg. a Sony camcorder emulator software that could upload the video with special effects and re-render the whole video and save it as raw file.

Thanks

Janez

Phil Harvey · April 02, 2017, 10:12:56 AM

Sorry, my sentence wasn't clear:

"Given a modified file you can often tell if it was modified using ExifTool."

I meant this:

"Given a modified file you can often tell using ExifTool if it was modified."

I can't answer your questions about video editing software.

Hayo Baan · April 02, 2017, 01:28:33 PM

Nikon has special image authentication software, but this requires the camera to be set to enter authenticity data into the image (I think you need a Nikon pro body for that) and only works for images, not video (as far as I know).

Phil Harvey · April 02, 2017, 04:42:36 PM

Canon had the same thing, but someone has demonstrated how fakes could be produced that passed their authentication. I haven't heard about the Nikon authentication.

- Phil

Johan7777 · April 03, 2017, 03:13:46 PM

Dear Phil,

so after reading through your last answers a couple of times, what you're saying is, ExifTool cannot be used to prove 100% a certain video is not authentic but at the same time ExifToll can pretty much show in most cases if a certain video is authentic or not.
Does it mean it is just a small margin you want to leave out in case something goes haywire or am I still missing something here?

Many thanks,
Janez

Phil Harvey · April 03, 2017, 03:58:36 PM

What it means is that it is possible to modify a video without leaving traces that you can detect with ExifTool.

- Phil

Johan7777 · April 07, 2017, 03:59:43 AM

Thanks Phil.

The two statements somehow still contradict each other:

"What it means is that it is possible to modify a video without leaving traces that you can detect with ExifTool."
and/or
"Given a modified file you can often tell using ExifTool if it was modified."

Or does it mean ExifTool can see most of modifies, but not necessary all of them?
Or maybe as my friend, IT engineer, put it: Metadata cannot be considered a tool to prove the authenticity of a video file, although it can show the file was modified.

Cheers,
Janez

Hayo Baan · April 07, 2017, 06:17:04 AM

I would phrase this as

Quoteexiftool can see many of the modifications, but certainly not all

To really guarantee no tampering you'd need e.g. a checksum of the original file data and compare it with the current.

Phil Harvey · April 07, 2017, 07:35:49 AM

Quote from: Johan7777 on April 07, 2017, 03:59:43 AM
Metadata cannot be considered a tool to prove the authenticity of a video file, although it can show the file was modified.

This is exactly the same as what I said earlier:

"Given a modified file you can often tell if it was modified using ExifTool. But if you can't tell that it was modified then you can never say for sure it is authentic"

The only difference is that I said "often".

- Phil

News:

Is ExifTool forensic enough?