Ghiro Image Forensics Tool

Fakeologist.com Forums Sandbox Ghiro Image Forensics Tool

  • This topic has 8 replies, 2 voices, and was last updated 10 years ago by Avatar photocj.
Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #7487
    Avatar photocj
    Member

    The recent story about fotoforensics being DDOSed prompted me to look and see what are the options for performing ELA (error level analysis) and metadata extraction.

    Fotoforensics does not open-source the code that runs their site, so you cannot run a private clone of it. Not the biggest deal but I suppose if you were “the man” and wanted to keep tabs on photos that people are suspicious of, you’d want to work at fotoforensics. Just sayin.

    I personally don’t care for ELA, not sure how to interpret it and I’ve noticed that unedited pictures can have significant colored areas in the ELA version. Any area that has highly contrasting edges in an original photo usually shows up with colors on the ELA version. Stuff like striped shirts or a person with a bright green shirt standing in front of a vehicle of another color that edge will usually end up highlighted in the ELA.

    Either way, a lot of people DO like ELA so I wanted to show what’s out there.

    —————-
    Jpegsnoop
    —————-
    http://sourceforge.net/projects/jpegsnoop/

    This program does a great job at extracting metadata, and takes a guess as to if the image is edited. I don’t think it provides an ELA image but it has some kind of error analysis built in. In my experience it is best for getting the metadata because it seems to detect nearly every picture as “edited”, even if it was just say a cropped but otherwise unedited photo. I think for a photo to be detected as original it would have to be directly from the camera without being cropped or uploaded to any news sites (they all have automatic processes for scrubbing metadata and other things that could get them in trouble)

    ———————
    Gimp + Elsamuko’s ELA
    ———————
    http://www.gimp.org/

    https://sites.google.com/site/elsamuko/forensics/ela/elsamuko-error-level-analysis.scm?attredirects=0

    Free image-editor GIMP has a script available that allows you to open an image, choose the script, and it will create an ELA image. This has some settings allowing you to fine-tune the results, as compared to sites like Fotoforensics which just do it all automagically.

    —————————–
    Ghiro Digital Image Forensics
    —————————–

    This is the one I really wanted to write about. Last time I checked for something like this there wasn’t anything out there. Basically, it’s like Fotoforensics, but it has been open-sourced and is available to run on your own server. It also has project-management features, so that you can upload images to specific projects, and revisit them later. Or create a project and share it with other users to collaborate.

    Here’s where you get it from: http://www.getghiro.org/

    Essentially this is made to be ran on a Linux webserver, producing a website that can be visited in-browser. I wanted to see how hard this was to set up, so I spun a Ubuntu server and installed it as per the directions here

    http://www.getghiro.org/docs/0.1/setup/index.html

    There were a few minor hang-ups or departures from the directions but nothing too major. You can find and test it at: http://www.panopticron.pw

    user: testuser
    pw: fakeologist$6

    I made a few test projects and uploaded some images to see how it works, but feel free to test it if you want, add or delete anything, I don’t care. I’ll leave it up for a week or two for testing

    Here’s a simple (non-project oriented) version that the Ghiro team is hosting themselves. http://www.imageforensic.org/

    I think I’ll be setting up a permanent personal install of Ghiro just to keep track of photos that I’m looking at, and organize them. I could see this being very useful for a site like CluesForum to have their own install of Ghiro so they are not dependent on somebody else, and not tipping off god-knows-who as to what you’re looking at before you’re done

    #7489
    Avatar photocj
    Member

    Here’s some examples of Ghiro

    IPTC Metadata screen

    ELA screen

    #7493
    Avatar photocj
    Member

    A discussion on the utility of ELA is probably in order at some point.

    I’ve tested it so many time with known fake (faked myself) and known real photos and I just don’t think ELA adds much.

    I’m not even sure ELA could do ANYTHING if the photographer took a photo in RAW, then edited, then exported to jpg. I think it only works when somebody started with a compressed jpg, then edited, then saved again as a jpg. Most news agencies, if interested in editing photos without being caught, would simply start with the RAW uncompressed photo and edit from there. I’m not 100% sure but most of the time when I see ELA being used to prove something I don’t think the user really understands what it is (and neither do I). ELA has limited usefulness but metadata and other aspects of image forensics can of course be very useful

    #7495
    Avatar photocj
    Member

    Firefox also has a useful addon for viewing image metadata. You can right click on most images right on the news website and view metadata (assuming it wasn’t scrubbed)

    https://addons.mozilla.org/en-US/firefox/addon/exif-viewer/

    #7496
    Avatar photocj
    Member

    Some of the other features of Ghiro look neat too, like thumbnail consistency, but I haven’t found an image that triggers that functionality yet. Not sure if it only works with embedded thumbnails or if you can upload seperate full size and thumb to the same case and it detects it’s a thumb and looks for consistency.

    #7501
    Avatar photocj
    Member

    Comparison of metadata analysis for a specific image between the Ghiro version running on my own server (most recent stable GIT) to imageforensic.com publicly available service

    Version I ran on my own server:

    Public service from imageforensic.com based on same software:

    It looks like some numbers were translated to more easily understandable text on the public site version. So the take-home version gives you a more raw data. Might be able to make it more easily understandable though like the imageforensic.com site, will have to look into that

    #7504
    Avatar photocj
    Member

    Stuff in the IPTC tag and signatures is relevant to the NewsML-G2 standard which is used to distribute news from wire services to local orgs. The standard allows for containers for new items and for planning based on time schedules and I think it explains a lot about the tech they use every day to distribute psyops in a controlled manner. I’ll made a thread about that soon. It’s all technical and don’t expect it to be some easy way to prove planning of news fakery, but I think it’s essential to understanding what’s in media metadata.

    #7567
    Avatar photokhammad
    Participant

    Columjaddica, Great topic. What a great resource!!!

    I had been thinking how perps can totally avoid detection in faking photos.

    If a perp wanted to, one could not only manipulate a photo, but manipulate the EXIF data as to the time, place, etc that an electronic picture was taken. But I think that the sheer number of images being used in fake media prohibits such detailed manipulations from taking place.

    Here is why analyzing images is troublesome:

    1) The perps only need to fool the masses, not the individual. We may wrongly conclude intention of the perps by ‘sloppiness’ in attention to detail.

    2) Analyzing images without knowledge of ownership can not get us any closer to the truth. One could spends hours analyzing lies.

    3) We CAN compare images with reality, though. We CAN determine if an image is a fake. We CANNOT tell if an image is real.

    Through identifying fakery, we get a little closer to truth.

    Attachments:
    You must be logged in to view attached files.

    K Ham

    #7905
    Avatar photocj
    Member

    Thanks Khammad. If anybody wants any help setting up such a thing for their own use I could provide pointers/support. Pretty nifty software and I bet it gets an expanded feature list eventually. Neat to be able to run your own, on your own server, and make your own custom changes to the code if you want. It could be useful for those who go through large numbers of images.

    I took it down at panopticron.pw, that was just for testing

Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.