Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
19 views

Forensic Investigation Report

Uploaded by

Yash Singh
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
19 views

Forensic Investigation Report

Uploaded by

Yash Singh
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Forensic Investigation Report

Case Title:
Image Tampering Analysis in the Bomb Blast Investigation of John
Doe.

Objective:
To verify the authenticity of three images presented as evidence of
John Doe's involvement in a recent bomb blast in Mumbai. Each
image allegedly proves a link between John Doe and terrorist
activities, but there are strong suspicions of tampering.

Tools Used:
 ExifTool – For metadata analysis to detect any discrepancies
and editing traces.
 Forensically – For deeper tampering analysis, including Error
Level Analysis (ELA), Clone Detection, and noise analysis.

Handling Image Evidence:


Before analyzing image files for tampering, proper procedures must
be followed to maintain the integrity of the evidence.

The process includes creating a copy of the original image to prevent


altering the original during analysis.
The following steps are critical:
1. Create a Duplicate of the Image:
A duplicate of the original image should be created before any
analysis. This ensures the original image remains intact and
unaltered.

2. Verify Integrity Using Hashing:


A hash (SHA-256 ) value should be generated for both the
original and the copied image files. By comparing the hash
values of the original and copied image, we can confirm that no
alterations have been made to the image during the analysis
process.

This is the python code used to compare the hashes of original and
copied image.
Image 1:
Financial Transaction Screenshot

Description: This image allegedly shows a bank statement with a


financial transaction in which John Doe is transferring a sum of
money to a bank account associated with blast funding. Authorities
suspect that the transaction details were altered using Adobe
Photoshop.

Verification:
First duplicate of this image is created and original image is kept in
faraday bag so that original image can’t be tampered.
Then SHA hash of both the image is verified.

Both the hashes are same hence verified.


1. Metadata Analysis (ExifTool)
 Objective: Identify any indicators of image modification,
including software used, dates, and other metadata
inconsistencies.

Findings:
 The metadata indicates that the file was edited with Adobe
Photoshop on "2019-05-04 at 08:43:19," which is after the date
when the original transaction was allegedly made.
 Metadata fields reveals the camera information also as the
camera used was HP oj5600.

2. Clone Detection using Forensically


 Process: Clone Detection is used to identify areas where
content has been copied or pasted, potentially indicating
tampering.
Findings:
 We can see that word Fifty has been copied many times same is
for letter 8 which is copied many times.
 These cloned areas likely correspond to the altered transaction
amount and recipient bank details.

3. Error Level Analysis (ELA) using Forensically


 Objective: Detect inconsistencies in compression levels, often
revealing digitally altered areas.

Findings:
 The ELA output shows a higher error level around the signature
of Manager.
 This indicates that these specific areas were likely modified
separately from the rest of the image.
4. Metadata Analysis using Forensically

Findings:
 We can once again verify that the original image was tampered
using Adobe Software tool which we already found out using
Exiftool.
Original Image:

Differences:
Conclusion:
The combination of metadata analysis, ELA, and clone detection
reveals that the image of the financial transaction was manipulated.
The altered transaction details, combined with the metadata
suggesting post-transaction editing, confirm that this image is
unreliable and should be excluded as evidence in the investigation.

Image 2:
Photo of John Doe with the accused of the Bomb blast case.

Description: The image allegedly shows John Doe with well-known


people accused of the bomb blast in Mumbai, implying his
involvement in the bomb blast.
Verification:
First duplicate of this image is created and original image is kept in
faraday bag so that original image can’t be tampered.
Then SHA hash of both the images is verified.

Both the hashes are same hence verified.

1. Metadata Analysis using Forensically


 Objective: Identify any indicators of image modification,
including software used, dates, and other metadata
inconsistencies.

Findings:
 The metadata indicates the use of deepswapper, confirming
that AI-based face morphing was employed.
 The Modify Date shows recent editing on 2015-08-14 at
19:02:39.
 Model of Camera used is SONY ILCE-6000.

2. Error Level Analysis (ELA) using Forensically


 Objective: Detect inconsistencies in compression levels, often
revealing digitally altered areas.

Findings:
 ETA shows inconsistencies in the circled part. Either the images
has been digitally added onto the original image or has been
tampered with.
 The tool has highlighted areas where the image appears to have
been manipulated, possibly through techniques like copy-paste
or overlaying.
3. Noise Analysis using Forensically
 Objective: Verify the consistency of facial features and noise
patterns to detect deepfake alterations.

Findings:
 This tool identifies subtle inconsistencies in texture around John
Doe's face, particularly around the beard and glasses,
suggesting an overlay.
 Noise analysis shows a different noise pattern on John’s face
compared to the rest of the image, which is characteristic of
face morphing and deepfake manipulations.

4. Magnifier using Forensically


 Objective: To identify inconsistencies around John Doe's face,
particularly around his beard, using the Magnifier tool in
Forensically.
Findings:
 Texture inconsistencies were found around the beard, with
unnatural smoothness compared to the rest of the face.
 Edge irregularities around the beard suggested blurring or
softening, typical of face-morphing.

Original Image:
Differences:

John Doe’s Original Image:

Conclusion:
The combination of metadata analysis, ELA, noise analysis, and
magnifier tool results provides conclusive evidence that this image
was manipulated. The face-morphing and the use of AI-based editing
tools to alter John Doe’s appearance make this image unreliable as
evidence. It should be excluded from the investigation due to its
tampered nature.

You might also like