Forensic analysis of JPEG files

Question 1

When the scaling value is small…

Answer 1

The quality factor is high and storage requirements are larger.

Question 2

What metadata can you get from a photo?

Answer 2

• Camera make and model
• Camera settings at the time picture was taken
• GPS coordinates for smartphones (e.g. Second gen iPhones).

Question 3

What is the forensic value of Exif?

Answer 3

• Contains a wealth of information that relates photograph to make and model and possibly owner.
• Easily accessible – Windows file explorer.

Question 4

What are the drawbacks of Exif?

Answer 4

• Relatively easy to alter or remove.
• Often overwritten by photo-editing software
• Transfer process (e.g. Mobile phone, social networking).

Question 5

What is Exif?

Answer 5

Exchangeable image file format

Question 6

What is the forensic value of DQT?

Answer 6

-Indicator of make and model.
- All JPEG file headers have one (even when Exif metadata has been deliberately removed).

Question 7

What are the drawbacks of DQT?

Answer 7

DQT may be overwritten when:
- Image tampering has taken place (compare with metadata – if still present).
- File is transferred – social networking, mobile phone.
- In some cases primary DQT may be inferred from the histograms of discrete cosine transformation coefficients even if the image has been compressed twice

Question 8

What is DQT?

Answer 8

Discrete quantization table