Tracing origin of t...
 
Notifications
Clear all

Tracing origin of the photograph  

  RSS
harshbehl
(@harshbehl)
Member

Hi All
I am assigned a case where police has been struggling to get hold of the suspect who might have uploaded one offensive photograph. I know about reverse image search but this is not of any help in this case. The image is doing rounds on whats-app basically. Is there a way to trace the original camera and device particulars from which it was taken ? Or any other idea that can give a vital lead ?
I will appreciate your responses.

Quote
Posted : 10/08/2015 12:47 pm
bknowlton107
(@bknowlton107)
New Member

what i can think of is that you might be able to trace the photos travels via the whatsapp through the chat logs between users (assuming this was sent by cell phone). this would be a long and tedious process. normally, once you locate the originating device (at least shown via cellebrite) the picture would have information about the phone (usually the one youre currently examining) that took it.

hope this helps

ReplyQuote
Posted : 10/08/2015 6:15 pm
mscotgrove
(@mscotgrove)
Senior Member

I know nothing about Whatsapp but original photos normally have a lot of metadata often including camera make and model. My concern would be that whatsapp might strip all this information. Some phones include gps in the metadata.

I am not aware of seeing a serial number in the metadata - but it may be worth seeing if one is ever added.

The resolution of the photo may help, it could indicate DSLR, compact, tablet or phone, but again the photo may have been resized

If the metadata is there, then it should help reduce your search area from very large to just large.

ReplyQuote
Posted : 10/08/2015 6:33 pm
(@jaclaz)
Community Legend

My concern would be that whatsapp might strip all this information.

Seemingly a righteous concern
http//www.forensicfocus.com/Forums/viewtopic/t=10344/

jaclaz

ReplyQuote
Posted : 10/08/2015 7:33 pm
Belkasoft
(@belkasoft)
Active Member

Hi,

Generally, such information is available if EXIF is present. There are a few tools that can let you extract EXIF data, including our Belkasoft Evidence Center.

However, the problem with EXIF is that it can be modified, so there is always a chance that the information you find this way is false. There are some tools that can find original metadata, thus reliably showing you the camera model which was used to take the photo (as well as some other info) - in particular, Forgery Detection module for Belkasoft Evidence Center allows you to do that, with a few hundred camera models supported. It will also show you whether the picture was modified in any way.

We suggest that you try a free fully functional version of our software (with forgery detection) to see if it serves the purpose - we will be happy if it does! To procceed, please follow the instructions on our website belkasoft.com/trial.

We hope this helps!

Thanks.

P.S. Please don't hesitate to ask if you have any questions!

ReplyQuote
Posted : 12/08/2015 1:15 am
(@jaclaz)
Community Legend

P.S. Please don't hesitate to ask if you have any questions!

In the thread I linked to imaged sent and received through WhatsApp are said to be stripped of EXIF metadata, is that accurate or not?

Or if you prefer, was it just a case that the images Copyright found and was talking about in that thread were stripped of all EXIF data (lets say because they went through - say Facebook - before) and WhatsApp itself does not strip the EXIF data or does it always strip the EXIF?

I would guess that "Generally, such information is available if EXIF is present" can be seen as a truism, the "specifically" here is IMHO whether WhatsApp keeps the EXIF or strips it.

jaclaz

ReplyQuote
Posted : 12/08/2015 1:24 am
anirudhrata
(@anirudhrata)
New Member

Hey all, I just tested and can confirm Whatsapp does strip EXIF information and it also compresses the image. I have tried it with both sent images and received images using latest version of ExifTool.

ReplyQuote
Posted : 12/08/2015 10:26 am
harshbehl
(@harshbehl)
Member

Hello All
I thank you all for your valuable suggestions. However i got a lead from the case in the following way-

1. Reverse Image search lead me to few twitter profiles who posted those images way before media covered those.

2. After the police investigations, their devices are being seized and we will compare the image signatures with the images from their phones.

3. Hopefully it can help us, if the pictures were taken from any of those devices.

4. However suspects are denying at this stage but will post the final results once we reach the conclusion.

I thank all of you once again.

ReplyQuote
Posted : 12/08/2015 5:04 pm
 jhup
(@jhup)
Community Legend

Appreciate your follow-up!

ReplyQuote
Posted : 15/08/2015 6:52 am
harshbehl
(@harshbehl)
Member

Hi people
I would like to appreciate all of yours advises and tips. Finally, we have got hold of the person who had sent the pictures on whatsapp at the first go. After getting the twitter profile of the person who had shared it first online we did a physical extraction of his phone and were able to recover the deleted photograph from his phone and the user who had shared it with him. This led us to the guy who had sent him the picture. A physical extraction of his device gave us the original picture (deleted) which was sent later on whatsapp to different people. After doing the image analysis on the recovered deleted picture (which was later sent on whatsapp) we were able to match the image signatures to the phone's camera signature. The image signatures matched perfectly with the suspect's camera signatures. Hence, we were able to get hold of him with a good number of evidences. Thanks to all of you once again.

ReplyQuote
Posted : 20/08/2015 3:06 pm
Share: