WHICH TOOLS TO ANALYZE EXIF METADATA of IMAGES & VIDEOS ?

When it is about images forensics, I strongly suggest trying Amped Authenticate. In case of videos I suggest trying Amped Five. I'm not affiliated in any way with Amped, but from my experience they make the best tools I know into images & videos forensics.

Another good tool is the Belkasoft Evidence Center for similar tasks, but more complex and is not ment only for images & videos forensics.

Yes I strongly agree with you passcodeunlock, I checked Amped, but no trial is available and that is a commercial software. also I have a good experience with Belkasoft and AccessDaa FTK Commercial tools as well but not available to me now. So, I had to find out the best alternate tools/methodology for doing this.

Moreover, my task is mainly to doing Social Media Investigations, so in that scenario, I had to establish the evidence of either this image was uploaded on the SNSs or not and from either this image/video was captured using the suspect device and etc. So I were just moving around to find out the the all other necessary possibilities that may help to establish the evidence, so that is why I just thought to try analysing the Image/Video Analysis in a mile wide and inch deep approach. Image/Video Forensics is itself a big and very important domain of Digital Forensics. )

I agree )

There is nothing to worry, initially it was small misunderstanding. The properties of photo (LOCATION) in phone , where the photo was taken and the EXIF entries (of LOCATION) extracted by the tool “EXIFPRo 2.1” are same.

Great – I thought that you maybe had discovered that one or more of the tools did not do the job. And you did, though of a different kind than I thought.

In tool like EXIF Data Viewer , the GPS values were " GPS latitude34? 22 minutes and 53.794669 seconds north GPS longitude73? 27 minutes and 53.508187 seconds east" , The "?" was ambiguous. However the results are absolutely fine now as I have understanding of the GPS format.Most of the tools shown the very near locations of the expected results.

That kind of error is always a concern – and it should not be present in a good forensic tool. Data should never be ambiguous.

I suspect some problems with the 'degree' character not being possible to show, and being replaced with a '?' … an understandable bug, though not necessarily acceptable, as any analysis report would need to explain how this is being handled. It's always better not to have to do that.

Thanks for the reply!

Great – I thought that you maybe had discovered that one or more of the tools did not do the job. And you did, though of a different kind than I thought.

Thank you. )

That kind of error is always a concern – and it should not be present in a good forensic tool. Data should never be ambiguous.

I suspect some problems with the 'degree' character not being possible to show, and being replaced with a '?' … an understandable bug, though not necessarily acceptable, as any analysis report would need to explain how this is being handled. It's always better not to have to do that.

Yes, more possibly it would be Degree Symbol , because 34? 22 minutes and 53.794669 seconds north is Degree Minutes Seconds (DMS) format of GPS coordinate, here minutes and seconds are in text but Degree symbol cant be represented properly . As you said "as any analysis report would need to explain how this is being handled.", yes, because if this is questioned in the court , forensics expert witness may face tough situation while explaining this to non-technical lawyers and judges and there is always a benefit of doubt and in such cases may lead to acquittal.

AccessData FTK, BelkaSoft, Cellebrite UFED etc are well known and we all know that these tools are applicable., Such tools have builtin features to analyze EXIF.

I were just wondering , If there is there any list of forensics tools/software which are applicable in court , issued by any international authorized body ??

Thanks for the reply!.

pleasure reside my heart )

I were just wondering , If there is there any list of forensics tools/software which are applicable in court , issued by any international authorized body ??

Not as far as I know.

The basis of such a list would probably need to be a large number of test suites, that focus on single issues does a tool report correct geographical coordinates correctly and unambiguously? Does it report bad coordinates in a suitable manner? … and so on for each single piece of information that we need to rely on to be correct in court time stamps, master file records, registry file entries, log files, file systems, archive file formats, document file structures, …

And as far as I know, there are no comprehensive test suites either. NIST has a Computer Forensic Tool Testing Program, and the Federated Testing Program that are interesting, but only covers some parts of the full spectrum. I've dabbled in this area myself (Sourceforce project CompForTest).

In twenty years … perhaps.

yes agree

Hi, I am from Amped Software, first of all thanks a lot for the nice words about Amped FIVE and Amped Authenticate.

I want to add my two cents here. While only looking at the images may not be enough for your case, in Authenticate we have also a Social Media Identification filter. If you have pictures downloaded from social media, it can search for typical traces. Of course, given the rapid and often unknown changes in social media processing of images, the comparison cannot be always exaustive, but it can give you some indicative information. You can read more about it here https://blog.ampedsoftware.com/?s=%22social+media+identification%22

For what regards a list of court approved tools, I am not aware of any official certifications for this kind of products. And, in any case, these are just tools and as such can be used either in the right or in the wrong way. As developers, it's our duty to help minimize the human error as much as possible, but the other half of the responsibility is in the hands of the user.

We have written some time ago about the validity of our tools in court, you can check the article here https://blog.ampedsoftware.com/2017/05/31/are-amped-software-products-validated-or-certified-officially-for-forensic-use/

Thank you martjno for valuable cmments.

Hi

Why dont you check the online http//fotoforensics.com/ medata data analysys. it gives some rich information

check this out

Hi

Why dont you check the online http//fotoforensics.com/ medata data analysys. it gives some rich information

check this out

I have checked this earlier, but this dont support video files .. which tool you would recommend for video metadata analysis ?