Fiding out the sour...
 
Notifications
Clear all

Fiding out the source of an image

5 Posts
5 Users
0 Likes
213 Views
(@mwade)
Posts: 77
Trusted Member
Topic starter
 

I pulled jpg's from a system with foremost. I was wondering if its possible to obtain the source of that image. Is there metadata that can be pulled? Owner of the original file etc? I am pretty sure that the images were pulled from a site and am looking to any data relevant to the site or to the name of the original owner of the file.

Thanks,

Mark

 
Posted : 01/07/2007 2:51 am
 ddow
(@ddow)
Posts: 278
Reputable Member
 

Within the first 100 bytes or so you might see source informaton such as camera, creation date, etc. Details vary by program, manufacture, etc. Getting original owner is doubtful as would be the site. They would have to embed it in the image.

If you believe you know the site the images came from, you could download the images from that site and hash them, then compare with the hashes of the images you have.

Another alternative is if the owner watermarked it. Similar to stenago, even if you already know the mark was used, finding it would be about impossible. YMMV.

 
Posted : 01/07/2007 7:48 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Mark,

Look for info on EXIF data…data left behind by digital cameras when they create JPGs. Also look for other comments.

Harlan

 
Posted : 01/07/2007 3:57 pm
(@kpryor)
Posts: 68
Trusted Member
 

I use a program called Exif Reader. It provides quite a bit of info. It was given to me in a class, so I'm not sure where you can get it. Just use your favorite search engine to look for it.
Here's a snippet from the readme file

Exif Reader is image file analysis software for Windows. It analyzes and
displays the shutter speed, flash condition, focal length, and other
image information included in the Exif image format which is supported by
almost all the latest digital cameras. Exif image files with an extension of
JPG can be treated in the same manner as conventional JPEG files.
This software analyzes JPEG files created by digital cameras.
Exif Reader can analyze some maker-specific formats such as Makernote.
This software can display the image information in more details than any
other Exif analysis software. For details, refer to the operating environment.

In addition to the Exif format, Exif Reader is applicable to the TIFF/EP format
supported by CANON EOS D Series and Kodak digital cameras for professionals, the NSK-TIFF format by the Japan Newspaper Publishers and Editors Association, the TIFF-FX format for FAX by Xerox, and many other special image formats.

KP

 
Posted : 01/07/2007 11:07 pm
steve862
(@steve862)
Posts: 194
Estimable Member
 

Hi,

Lots of programs will let you view exif data. The main CF tools EnCase and FTK will of course do it but I quite like ACDSee, which is a good graphic viewing program.

In terms of where a graphic files came from, in addition to the suggestions so far I would look at the internet history, the creation date and time of the image in question and the part of the internet history for that same date and time.

If the last written date and time pre-dates the created date and time then it is more likely it had been mannually copied there from another folder, partition, attached device etc, so check the registry and setupapi.log file for other devices.

Also look at other pieces of software such as Kazaa or Limewire. There are means of analysing the Kazaa dbb files to see what history they contain and other pieces of file-sharing have their means of storing information on files that have been downloaded using that software.

There are many other things but that's a start.

Steve

 
Posted : 02/07/2007 2:01 pm
Share: