Well, yes if they did a very bad job of it, like saving the photo with all the additional layers intact.

How can I identify (using gimp) if a photograph has been faked?

[]'s _______________________________________________ Gimp-user mailing list
Gimp-user@lists.XCF.Berkeley.EDU
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user

Lucas Prado Melo wrote:

How can I identify (using gimp) if a photograph has been faked?

It would depend on how good a job was done in faking the image. The basics involve using a high zoom factor to see the pixels. Look for artifacts created by a poor blend of the added in (faked) part of the image and the original.

Some possible indications of faked images are sudden changes in colour in pixels or pixels with colours that are quite different from those nearby (especially if it appears several pixels along a curve or a line), and differences in lighting direction or intensity.

On 9/18/07, Kevin Cozens wrote:

Lucas Prado Melo wrote:

How can I identify (using gimp) if a photograph has been faked?

It would depend on how good a job was done in faking the image. The basics involve using a high zoom factor to see the pixels. Look for artifacts created by a poor blend of the added in (faked) part of the image and the original.

Some possible indications of faked images are sudden changes in colour in pixels or pixels with colours that are quite different from those nearby (especially if it appears several pixels along a curve or a line), and differences in lighting direction or intensity.

-- Cheers!

I would be interested in learning more about high-level techniques for analysis as well.
If anyone finds a resource.

Anthony Ettinger (anthony@chovy.com) wrote:

Lucas Prado Melo wrote:

How can I identify (using gimp) if a photograph has been faked?

[...]

I would be interested in learning more about high-level techniques for analysis as well.
If anyone finds a resource.

At the last chaos communication congress there was a guy talking about digital image forensics. Some stuff about this talk can be found here (his talk was in german though):
http://events.ccc.de/congress/2006/Fahrplan/events/1605.en.html

an interesting link there is http://www.cs.dartmouth.edu/farid/publications/sp05.html

This stuff actually looks out for artefacts from resampling (happens while scaling, rotating etc.). Interesting stuff.

Hope this helps. Simon

On Sunday 16 September 2007 15:56, Lucas Prado Melo wrote:

How can I identify (using gimp) if a photograph has been faked?

[]'s _______________________________________________ Gimp-user mailing list
Gimp-user@lists.XCF.Berkeley.EDU
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user

It depends on how the image was faked. If it was a original jpeg and one did a half-bad job, a pixel by pixel survey might spot it.
But if the original was a raw image for instance, and the manipulation was done with some care, and the end result is a jpeg with higher compression then it is a lot harder to spot.
There might be some mathematical statistics calculation to see odd differences in the compression, but that i cant say for certain.

On Sun, 16 Sep 2007 10:56:53 -0300, "Lucas Prado Melo" wrote:

How can I identify (using gimp) if a photograph has been faked?

There are different techniques that can be applied. Some of the focus on detecting if the image has been modified (detecting suspicious patterns in the pixels after loading the image) and some others focus on analyzing the file, not the pixels. You already got several replies mentioning the first part (changes in the image), so let me give you a few hints about the second part (changes in the file).

For example, if you have a JPEG image to analyze, then the first thing you can do is to see if the image has been saved directly by a digital camera or if it came from GIMP, Photoshop or any other image editing software. If the EXIF metadata tells you that the image was saved by Photoshop, then you can already be sure that it did not come straight out of the camera. This does not necessarily mean that the contents of the image have been modified, but at least you know that the image may be different from what was taken by the camera.

And even if the JPEG file does not contain any EXIF block or if some clever hacker has replaced the EXIF block by the original one from the camera, then you can look at the JPEG quantization tables and check if these match the tables that are used by some cameras, or if these are the tables used by Photoshop or any other program. This is a bit harder to fake and most of those who create fake images and go through the trouble of replacing the EXIF block ignore the fact that the quantization tables in the JPEG file can betray them. Note that I recently added a feature in GIMP that allows you to preserve the quantization tables from the original image, so that could in theory be used to "improve" some forgeries. However, there are other details in the JPEG file layout can can reveal if the file came straight out of the camera or if it was processed by some other software. I do not want to say too much about that because I do not want to give too many ideas to the crooks, but let's say that the way some things are split or ordered in the JPEG file is usually different between digital cameras and image editing software.

-Raphaël

Raphael Quinet wrote
_" I do not
want to say too much about that because I do not want to give too many ideas to the crooks, but let's say that the way some things are split or ordered in the JPEG file is usually different between digital cameras and image editing software."_

Well i too don't want give ideas to crooks, but i want say that there is no way to demonstrate that a imagine is faked,

You can only demonstrate that is a fake if some mistake were done, if not, simply there is no way,

at soon one new detection mode is discovered, is discovered also how to fake it.

And i don't think to suggest nothing no already crystal clear noting that just a additional passage from the hard disk to a very good good print, and from a good print again to a camera (with some tiny defect in the focus bypass most of the more smart detection measures.

Alchemie Foto\grafiche
---------------------------------

--------------------------------- L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail

On Thu, 20 Sep 2007 05:23:13 +0200 (CEST), "Alchemie foto\\grafiche" wrote:

Raphael Quinet wrote
_" I do not
want to say too much about that because I do not want to give too many ideas to the crooks, but let's say that the way some things are split or ordered in the JPEG file is usually different between digital cameras and image editing software."_

Well i too don't want give ideas to crooks, but i want say that there is no way to demonstrate that a imagine is faked,

You can only demonstrate that is a fake if some mistake were done, if not, simply there is no way,

Well, the point is that most people do make mistakes.

We can even play a little game if you want: give me the URL of some JPEG image that claims to come directly from a digital camera. I bet that I can tell you immediately if it was modified by some other program. And with a bit of luck, I could even tell you which program has modified it even if the EXIF metadata is not included in the file or has been modified. Note that the removal of the EXIF block is already a hint that the image has been modified, since almost all digital cameras include EXIF blocks in all their images.

If you have the latest GIMP from SVN (soon to be 2.4-rc3), you can also try to run the small test program in plug-ins/jpeg/jpegqual and it may tell you some things that you did not expect about some of your JPEG files. Note that this tool is still under development, but you can already do some interesting things with it.

-Raphaël

This is getting off the topic of the Gimp, but you've piqued my interest. I just took a digital photo and modified it very slightly with the Gimp, and used exiftool to print out the exif data for the original and the modification, and diff'd the two exif outputs. The only things I saw that might have made a difference were fields called "Y Cb Cr Sub Sampling" and "JFIF Version". I don't know what these are, but neither one screamed Gimp!, at least to me. Is there an exif field I am missing? Is there another tool for looking at all this data?

We can even play a little game if you want: give me the URL of some JPEG image that claims to come directly from a digital camera. I bet that I can tell you immediately if it was modified by some other program. And with a bit of luck, I could even tell you which program has modified it even if the EXIF metadata is not included in the file or has been modified. Note that the removal of the EXIF block is already a hint that the image has been modified, since almost all digital cameras include EXIF blocks in all their images.

If you have the latest GIMP from SVN (soon to be 2.4-rc3), you can also try to run the small test program in plug-ins/jpeg/jpegqual and it may tell you some things that you did not expect about some of your JPEG files. Note that this tool is still under development, but you can already do some interesting things with it.

-Raphaël _______________________________________________ Gimp-user mailing list
Gimp-user@lists.XCF.Berkeley.EDU
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-user

Rafael i'm almost sure you will win, i was a expert of traditional photo collage and manipulation (as in darkroom ) and at that time, if i wished i could bypass most of detection method

But time pass by...Now i do photo collage with computer but for only artistic purpose and so i never had reason to study how to fake detection techniques

Neverthless i wonder how you can see anything wrong if

1 i do a good collage taking care of shadow , proportion and prospective

2 i print a high quality gigantography of my computer photo-collage

3 In a studio with diffuse light i make with my camera a photo of the Gigantography , taking care to get a very subtle out-focus (or just smearing the lens with a tiny veil of something as vaseline

I don't know much about EXIF data,(i don't even know if they report as default exposition time ,diaframma opening time and focal used, if so could be needed to have them coherent with the kind of image)

but i'm confident you will find Exif data from a real camera

-----------------------------

Will be quite a lot of work and i can't see any reason to do it (well at least if nobody is going to pay few thousands Euro in cash to get a image of Hilary Clinton having fun with a almost naked young black guy, or something alike)

So my curiosity is only academic...still i'm a bit curious

Alchemie Foto\grafiche
---------------------------------

--------------------------------- L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail

On Thu, 20 Sep 2007 06:22:14 -0600, Alex Feldman wrote:

This is getting off the topic of the Gimp, but you've piqued my interest. I just took a digital photo and modified it very slightly with the Gimp, and used exiftool to print out the exif data for the original and the modification, and diff'd the two exif outputs. The only things I saw that might have made a difference were fields called "Y Cb Cr Sub Sampling" and "JFIF Version". I don't know what these are, but neither one screamed Gimp!, at least to me. Is there an exif field I am missing? Is there another tool for looking at all this data?

Using exiftool will only give you a part of the EXIF information, and EXIF is only a part of the metadata available in the JPEG file. You will get a lot more information about the layout of the various blocks contained in the file by using exifprobe instead of exiftool.

Although exifprobe shows much more than the EXIF metadata, it does not show you an additional bit of info that can be useful when trying to identify forgeries: what software has created the JPEG quantization tables used in that file. In case you are not familiar with JPEG compression, these tables define how the luminance and chrominance components of the image are compressed. Most cameras use their own tables, Adobe uses their own tables in Photoshop and other products, GIMP uses the IJG tables, etc.

That's why I suggested using the jpegqual test tool that I included in the GIMP source tree (only in SVN for the moment). That program allows you to check the quantization tables used in a JPEG file and guess what program or device could have created them. This program is very incomplete and not intended for general distribution (I wrote it to validate some algorithms used in the jpeg save plug-in), but you can already have some fun with it.

-Raphaël