In Amped Authenticate Update 12336 we introduced a new and exciting reporting method designed to make it quicker and easier to report relevant filters.
The new Smart Report tool means users can now quickly produce an image authentication report as it automatically selects the most appropriate filters for each evidence image. This new feature allows for a more visual representation of evidence images and will allow you to quickly and effortlessly triage and share Authenticate results.
Check out this video to see the new Smart Report in action!
Hello, Tip Tuesday’s loyal friends! With all the enhancement and restoration tools featured in Amped FIVE, it can easily happen that you are undecided about which filter is better to use in a specific case, or which filter configuration is the best. This week’s Tip will show you how to visually compare the output of different chains and hopefully settle the question quickly.
Hello Amped blog readers! Following last week’s Tip Tuesday idea that “simple things matter”, today we’ll show you how one of the most straightforward filters in Amped Authenticate, that is, the Thumbnail filter, can sometimes reveal interesting information.
First of all, what is the image thumbnail? It is (well… it should be) a much lower resolution version of the image, commonly in the order of 160 x 120 pixels. It is mostly used by file/image manager applications for efficiently creating image galleries: they just need to decode a few thousand instead of millions of pixels during gallery creation and browsing, while the full-size picture will be decoded when the user “opens” it. The Exif standard provides rules for embedding the thumbnail into the image file as a stand-alone JPEG object, allowing to decode it without having to process the full-sized image.
This week is Amped Authenticate‘s turn, and we are going to look at our images from a different perspective than usual, that is… their bytestream! We’ll see how Amped Authenticate’s Hex Viewer and Hex Strings filters can help you spot hidden information in your evidence images.
Hello dear Amped Blog readers, welcome to this week’s Tip Tuesday. Today we’ll be dealing with one of the most sneaky kinds of fakes: recaptured images. A recaptured image is a “picture of a picture”: you display your (possibly forged) image on a screen, or you print it on paper, and then you take a picture of it. This apparently naive approach is much more clever than it seems: the obtained image will be a “camera original” image to all extents, so it will likely pass every test based on metadata/format analysis. Are we left alone against this subtle threat? Of course not, Amped Authenticate is here to help. Let’s find out how.
April Fools’ Day has just passed and we hope you didn’t go through any nasty trick! Alas, for people working with digital evidence, the risk of getting fooled by some ambiguous finding is always around the corner. In the case of digital image forensics, among the most frequent pitfalls, we find false positives produced by forgery localization algorithms (that is, when an algorithm marks as manipulated a region that was not so). Today’s Tuesday Tip deals with them and shows how Amped Authenticate helps you rule out some of them.
Welcome to this week’s Tip Tuesday! Today we are showing you an interesting, perhaps a bit hidden, functionality of Amped Authenticate. There is no need to introduce the PDF file format: it is surely the most widespread format for sharing digital documents. Therefore, it may easily happen that you have to deal with a PDF containing images and that some of them get questioned.
What would you do in such a case (after realizing that if you drag-and-drop the PDF into Amped Authenticate, nothing happens, because it’s not an image file)? Would you take a screen capture of the picture and work with that? “Nooo!” – I hope you said! Screenshots are evil for image forensics! Ok, you would get some pixels to work with, but you would lose all metadata, you would lose encoding properties, you could be recompressing data… That means you cannot check image integrity, and finding manipulations becomes much harder. No, there’s a better way of dealing with images embedded in PDFs, and we’ll show you how!
Dear Amped friends, welcome to this week’s Tip Tuesday!
In our last Tip we’ve talked about how Amped FIVE users can save time by trimming and cropping the video they’re working on, so to focus the analysis only on interesting parts. Probably, we opted for that topic because February is the shortest month, and it may give you the feeling that time flows away too quickly. Since we can’t stop time, let’s at least save it when possible!
This week is Amped Authenticate‘s turn, so let’s see how we can save time when investigating our digital images. Once more, it’s a matter of focus: to save time, we have to focus the analysis on the right images (i.e., properly select them) and run only the analysis filters that we need on them. We will focus on the first aspect today, and leave the second for a coming-soon Tip.
Amped Authenticate users know how important it is to understand the processing history of an image, and they (hopefully!) know that “processing history” does not mean just splicing. For example, there are cases where the image has been scaled or re-compressed, and when one of these happen you should be aware of it, as they bring important consequences to the rest of your investigation.
Amped Authenticate offers many tools for processing history analysis under the Global Analysis filter category. Some of these, for example the DCT Plot, the Correlation Plot, and the JPEG Ghost Plot are… plots! They should be examined carefully, because we know that artifacts like a “comb-shaped” DCT histogram strongly suggests double JPEG compression, and so does a JPEG Ghost Plot with multiple local minima. The problem is… sometimes it’s just hard to see these artifacts, because they are “hidden” in the plot!
Consider the image below: at a first glance, its DCT Plot for DCT Frequency 4 seems rather “smooth”, and you could easily overlook it.
As Amped Authenticate users hopefully learned during our training courses, authenticating a digital image means much more than attaching a fake/real label to it. In some cases, you may be asked whether the integrity of a questioned digital image is preserved (or broken). In such a case, forgery localization tools should not be your first choice from Authenticate’s powerful arsenal.
Indeed, proving that the integrity of an image is “broken” means demonstrating that the image file is not the original file produced by the acquisition device; instead, it has been processed after acquisition. “What” happened during the processing may even not be of interest, because in some cases broken integrity alone is enough to discard a potential evidence.
That’s why we always stress the importance of tools under Amped Authenticate’s File Analysis category: they are the best way to screen image properties, metadata and coding details looking for unexpected or suspicous elements.
In this post, I’ll share with you a tip that could prove important in your cases: check for un-updated Exif image resolution tags! Let’s take this nice picture from a Sony Xperia XA1 smartphone (formally called G3112), and let’s imagine we are asked to validate its integrity: is this an original file, untouched since acquisition?