www.assignmentwritingindia.

com

Digital Photograph as Forensic Evidence

 www.assignmentwritingindia.com

Abstract
This paper gives an impression of the forensic significance as well as legal implications of digital
photography. Digital photography serves as influential, resourceful tools for law enforcement.
Law enforcements groups have recognized the benefits of photography in criminal
investigations for many years. Photography is incorporated in crime prevention activities
through surveillance and security cameras during investigations for documentation of physical
evidence, which is the integral part of the case for prosecution. Photographs can be extremely
valuable evidence. The appropriate assessment as well as precise documentation of crime
prospect is the mainly imperative preliminary pace in every investigation. The notes, photos,
and sketches produced headed for the text the picture and the revealed proof present as an aid
and set orientation throughout the investigation. Images that are intended for utilization in a
court of law must acquired and processed by means of cautiously documented measures if they
are to be acceptable as evidence. Digital photography plays a key role as a part of legal
evidence but there are some reasons to challenge the digital photography as evidence. There
are some flaws in digital photography which are to be detected carefully and the evidence can’t
be taken as the appropriate one. We will discuss about some of the issues that are came into
existence in the real time and also some of the tools who are used to detect the details from
the digital photographs.

2|Page
 www.assignmentwritingindia.com

Table of Contents
1 INTRODUCTION..........................................................................3
1.1 Digital photography.........................................................................4
1.2 Advantages of Digital Photography.................................................4
1.3 Altering of digital image...................................................................4
2 OVERVIEW OF DIGITAL IMAGE FORENSICS.................................5
2.1 Problems associated with the Photographs....................................7
2.2 Manipulation of Evidence................................................................7
2.3 EXIF...................................................................................................8
3 RELEVANT FORENSIC TECHNIQUES...........................................20
3.1 Imaging...........................................................................................20
3.2 Hashing...........................................................................................21
3.3 Carving...........................................................................................21
3.4 Identity Resolution.........................................................................22
4 CURRENT TOOLS.......................................................................23
4.1 EnCase............................................................................................23
4.2 FTK..................................................................................................24
4.3 Sleuth kit........................................................................................24
4.4 PyFlag.............................................................................................24
CONCLUSION...............................................................................25
Bibliography................................................................................26

3|Page
 www.assignmentwritingindia.com

1 INTRODUCTION

Pictures influence inhabitants effectively. Photos converse additionally realistic than words do
unaccompanied with bringing to mind an exciting and cognitive provocation with the intention
of the similar information, lacking the pictures, does not. This paper will explore the use of
photography by forensics examiners as a means of identification.

1.1 Digital photography

Digital photographs are present merely as digital data. They possibly will eventually be
presented in an on paper type; there is no necessity to do in that way, with no trouble be
exhibited by using a monitor screen or, it’s not necessary for a requirement that in no way exist
as an analog symbol of the scene or image. Other than predictable photographs, there doesn’t
consist of film or paper. However there is a chance to exhibit in a paper form.[ CITATION
ACP04 \l 1033 ]

1.2 Advantages of Digital Photography

There are innumerable advantages in the direction of by means of digital photographs since it is
conflicting to conventional 35 mm film. Digital cameras help in developing and generate instant
images, authorizing the photographer in order to see the images as well as immediately
approach to a choice so that the photographs are satisfactory devoid, the holdup of waiting for
the processing of film and prints. Most of the Digital photography is not completely to
necessitate external emerging otherwise reproduction. Moreover, digital photographs are
effortlessly maintained, it’s not necessary to take up extra physical space and can be extensively
distributed by electronic means with virtually no time delay.[ CITATION ACP04 \l 1033 ]

4|Page
 www.assignmentwritingindia.com

1.3 Altering of digital image

Most of the photographers compose use of digital imaging technology particularly for the
reason that the image is manipulable; for instance NASA scientists developing pictures
broadcasted starting from satellites, or a profit-making photographer eliminating unnecessary
essentials as of an announcement. Since digital information comprise of merely numerical data,
data can directly be included, detached, or restored. Such type of alters of the actual data is
probable on the way to take place in any or one of three contexts: the things may happen
unintentionally, or that can be deceptive. Unintentional variation may effect as of an array of
origins. The consequences of unintentional modifications are probably on the way to be
disastrous, as well as it is complicated to visualize the types of evidentiary issues that can go
after away from those usually augmented by destroyed documents.[ CITATION ACP04 \l 1033 ]

Purposely altered images, conversely, is a different issue. Various software packages are
available which make the users to eradicate basics as of an image, reorganizing the essentials
which are important for an image, or else including essentials headed for an image. However
delicate information like color, contrast, light, and shadow may possibly adjusted. A
photographer or editor prefers to manage an image on behalf of a blameless cause; only some
evidentiary issues comes into existence through on purposely altered images, therefore a
eyewitness is presented moreover eager to be a witness so as to the scene that has been
edited. On the other hand, a significant individual be to purposely influence an image used for
falsified reasons, the similar tools exploited through the reliable photographer might be
concerned to the task of committing that deception in addition to that there is no effortless
technique of detection.[ CITATION ACP04 \l 1033 ]

5|Page
 www.assignmentwritingindia.com

2 OVERVIEW OF DIGITAL IMAGE FORENSICS

Digital image forensic techniques exploit either traces of image processing algorithms or
characteristics introduced during the image acquisition process. The former are applicable
without knowledge about the used digitization device.

To illustrate some characteristics typically introduced during image acquisition, below Figure
shows a simplified image processing pipeline of a digital camera. The main components are the
lens, the sensor with a color filter array (CFA) and the signal processing unit. The CFA is needed
for color images as typical sensors are only sensitive to the intensity of incoming light. A true
color RGB-image is obtained from interpolating intensity values of pixels in a close
neighborhood.

The captured image data is further processed in the signal processing unit and afterwards
stored in a data storage unit. Other digital image input devices, such as digital camcorders or
digital flatbed scanners, use similar image processing pipelines and thus introduce similar
statistical patterns in the image data.

Forensic algorithms may exploit specific characteristics of image statistics, which were
introduced by components of the image processing pipeline. Starting with the lens, chromatic

6|Page
 www.assignmentwritingindia.com
aberration and radial distortions are adequate features. Furthermore, defect sensor elements,
sensor noise and dependencies between adjacent pixels due to color interpolation form typical
ingredients for forensic methods. On the other hand, it is moreover possible to reflect on the
whole image acquisition process as a black box and analyze the camera response function or
macroscopic features of acquired images.

2.1 Problems associated with the Photographs

 A picture‘s characteristics to influence cannot be exaggerated. The vital principle intended
for every test is generally to influence the discoverers of truth. If the truth discoverers are
available to provide excessive influence to pictures just since they can be capable of seeing
them, this issues a panoply of issues since the crucial principle of a test is to decide the
truth. [ CITATION ACP04 \l 1033 ]
 Dye-sublimate digital printers be capable of even to puzzle imaging experts. The high
resolution images are cannot be produce as the film does, excluding their images that
appear to be photographs. They produce color and negative prints on photographic style
paper that mimics the look and feel of photographs.
 Conversely simple image improvements are able to provide a number of crime scene
particulars as well as fingerprint details as offensive. Dodge-and-burn, the top superior
lighting as well as diminishing of regions contained within an image, be capable of placing
particulars outer of the entry of a digital printer’s choice of light as well as dark printing
capabilities.

2.2 Manipulation of Evidence

Photography has many applications in forensic science. There are several applications of
photography in forensic science. Initially, it is used to shoot the crime picture. Later,
photographs are in use of person objects of proof, with the fingerprints and bloodstains, lying
on a dead body together by the side of the prospect along with the moment in time of an
autopsy. Focused methodologies like microphotography and infrared photography are mostly
useful in specific settings.[ CITATION Ste08 \l 1033 ]

7|Page
 www.assignmentwritingindia.com

As early as possible, it is imperative to take the photographs of photographing evidence that

could easily be damaged or lost, such as fingerprints, shoeprints, tire tracks, and tool marks.
Fingerprints may need to be made detectable, by exposing to laser or ultraviolet light, or by
applying special powders before they can be photographed at the scene. Similarly, shoeprints
also may need treatment before they can be visualized, even though those in mud or blood can
in general be captured on film without special preparation. It is essential to take photographs of
shoeprints at a 90-degree angle to its surface and centered in the camera lens. This prevents
deformation in the image and makes comparison with control shoeprints more consistent. Tire
track photographs need to be taken both as part of a general scene photograph, so that their
location can be accurately concluded, and also close up, to determine the pattern detail on the
tire for easy identification. Photographs of tool marks should at least give you an idea about the
location of this essential source of proof. On the other hand, even macro photography may not
disclose enough detail to allow the photographs to be used for laboratory comparison with
suspect tools. Each item of evidence is photographed individually before being touched if at all
possible, and several shots of each item are taken.[ CITATION Sim00 \l 1033 ]

The primary requirements to confess a photograph into evidence are relevance and validation.
Generally, a photograph will be admitted into evidence at the judgment of the trial judge. In
exceptional cases a chain of custody (including custody of the undeveloped film) will be
required, or the best evidence rule may be raised if the photograph is offered for its truth and is
the source of a controlling issue in the case. The most significant of these requirements is
validation. Unless the photograph is admitted by judicial admission of the parties, the party
seeking to introduce the photograph into evidence must be prepared to present testimony that
the photograph is truthful and accurate. In most cases, the testimony need not be from the
photographer; any witness qualified to testify that a photograph accurately depicts a scene well
known to that witness will be sufficient. Some courts will rule that a photograph is self-
validating, or presumably genuine. If the genuineness of a photograph is challenged, it is usually
a question for the trier of fact to settle.[ CITATION Wri01 \l 1033 ]

8|Page
 www.assignmentwritingindia.com

2.3 EXIF
It is an file format for image file called as Exchangeable image file format(EXIF),which are mostly
used by Digital camera .It is been known that there are specification for file JPEG,TIFF and RIFF
formats having an additional tags. In EXIF tag there always standard interpretation like cover
data and camera setting, previewing thumbnail and copyright information. There has been
additional plug-in called as the geolocation as part of standard EXIF format. In Present
advancement in cameras which come with built in GPS receiver and stores lot of information in
EXIF header .In near future there is a possibility of GPS receiver embedded.[ CITATION Sim06 \l
1033 ]

In an image file EXIF data is included; presently there many programs on manipulation of image
and can recognize safeguarded EXIF data when rewritten in modified image. Many image
gallery programs can identify EXIF data and provide it information alongside with the image.
Libraries of software such as the libexif and Exiv2 for C or read EXIF data () function for PHP and
file for read/write EXIF tag values for parse EXIF.[ CITATION Sim00 \l 1033 ]

It has been noted that JPEG file always starts with “FFD8” and can be defined as the SOI (start
of image) and ends up with “FFD9”, which is termed as EOI (End of Image) marker. Between
two markers data can be divided into segments of various levels having a specified marker.
Each segment can be identified with possibility of providing flexibility and application can
separately each segment .By having this structure which are flexible allow us for creation of
standard format such as JFIF and EXIF, which add up specific markers and store data and in
compliance to JPEG format. Below diagram shows structure of the format

9|Page
 www.assignmentwritingindia.com

In this JPEG specification are defined by a set of markers called as the application markers
having a range of FFEO to FFEF, which allow information of additional application. This added
information can be used for specific purpose, instead of decoding JPEG image .It is been noted
that JFIF employ these markers and use APP0 marker (FFE0) to identify segment ,which have
information and can be added to JFIF. With latest EXIF use of specification and APP1 marker for
taking up additional marker metadata information, possible added to a file.SOI marker is
followed by APP1. The file format for EXIF approximately is as follows:

10 | P a g e
 www.assignmentwritingindia.com

11 | P a g e
 www.assignmentwritingindia.com
ExIF Tag Information
The real benefit to the investigator of the ExIF standard is the information that may be provided
in the Tags fields. The tables below list the Tags defined by the ExIF standard for the IFD0, ExIF
sub IDF fields as well as the miscellaneous ExIF Tags. Investigators should note, Tag fields may
or may not have meaningful information stored in them. Tag field use is implementation
dependant and varies from manufacturer to manufacture.

12 | P a g e
 www.assignmentwritingindia.com

13 | P a g e
 www.assignmentwritingindia.com

14 | P a g e
 www.assignmentwritingindia.com

15 | P a g e
 www.assignmentwritingindia.com

16 | P a g e
 www.assignmentwritingindia.com

17 | P a g e
 www.assignmentwritingindia.com

The above tables show the vast amount of data that can be stored in ExIF Metadata. whilst
quite a lot of data, such as formulate and representation of the camera utilized, day as well as
point in time of original, copyright, user comments, Artist, Time Zone offset, GPS Information,
Image History, and Subject Location encompass understandable advantages in the direction of
an researcher if present, additional fields could be cooperative in evaluating many images in

18 | P a g e
 www.assignmentwritingindia.com
use at otherwise in close proximity to the similar occasion in the direction of setting up to
facilitate that they were in use in the company of the same camera. This might permit single
picture by means of recognizing information on the way to tie back to one more picture and
more prominently the images to the tool.

19 | P a g e
 www.assignmentwritingindia.com

3 RELEVANT FORENSIC TECHNIQUES

Digital forensic is the profession which is most challenging and very much in demand and as
such requires mastering different types of specialized skills. Although the skills used here are
found to be difficult, there has always been constant and firm change in skills according to the
changing industry.

3.1 Imaging

It is important to study about basic forensic investigation and primary skill used to take a file of
media or a picture. It is learnt from modern level of OS procedures of taking up system file
providing journal resolution and clear indexing, which are easy to understand and appears as
easy option. There can be maximum possible alteration can be made in providing an integrative
evidence. By taking an example of OS having index files, which can be altered and can modify
file at access time and indexed on basis of even function, which can be done through inserting a
disk and likely cause data in journal to overwrite to other files. There need due care taken by an
skill individual in taking up changes, when using OS as there may be issues of overwriting
remaining data. There needs to be a joint permission for not changing the drive image context.
It is mostly considered that, there has been specific steps, which needs to be followed t protect
media and be imaged. By using the mounting service and access permission of raw device can
be freeze. To safeguard OS and media for getting alteration, there needs to be definite
hardware solutions. The white blockers are very common for hard drives consequently
providing several variations while implementation of skills. [ CITATION RMa94 \l 1033 ]

If the investigator is more certain of source disk, which can be customized and data needs to be
copied above the disk for investigation. It’s been an easy procedure to have significant details
which needs to be considered for. It is been known that a physical media is made up of blocks

20 | P a g e
 www.assignmentwritingindia.com
which are addressable and can be made out in a partitions as per each device. The partitions
are arranged in file systems having definite blocks and have accounted metadata and control
data for file system. It is been known that a physical device is generally made of blocks which
can be stored. There needs to be process of multiple partitions per device and maintain
potential gaps. These partitions are arranged into file systems having definite blocks containing
Meta data and control data for file systems. It can be known that information from media can
be imaged at block level. It is to be considered that damaged present input or output can be
erroneous and can account for error. [ CITATION Pal01 \l 1033 ]

3.2 Hashing
To identify a file and to provide a clear legitimacy for an image to be a customize look, forensic
community taken up cryptographic hashing. There always one way policy of taking up
cryptography functions to maintain a hash, and mostly dependent on these functions. In 1991
MD5 was formulated by Ron Rivets and later carried on by the forensic community. There’s
always a MD5 tools because of it fastness and production of shorter hash. There have been
dissimilar results for change of 1 bit, which the research is underway. There has been better
State of art technique in Multi-Resolution Similarity Hashing .It triggered piecewise hashing;
taking up all the hashing similarities to form edit distances between files.[ CITATION SLG06 \l
1033 ]

3.3 Carving

File carver are considered one of the category toolkits which are digital. These tools allow
scanning of all the blocks of discs that are no longer having the files of current when deleted.
These toolkits use their own header or footer and can have signature, which can combine and
format the original files which are deleted. It is been noted that not all overwritten files are
cached for media.

21 | P a g e
 www.assignmentwritingindia.com
There have been recent advancements for having carving permit in a fragmented files and can
recover more accurate steps. There greater level of advancement in permit of fragmented file,
which recover with an accuracy. Garfinkel demonstrated file carving with object validation,
showing it was possible to validate whether blocks belonged to certain files as they are carved
out, permitting fragmented files to be recovered cleverly. [ CITATION Bri061 \l 1033 ]

3.4 Identity Resolution

There has been a greater problem in identifying information to an owner resolve it into
individual pieces. There is always a complex and multiple users which could co exist for a single
machine or network. The best two techniques, which can be helpful for having a commonsense
on resolution, are like of Joan’s work for IBM and learning techniques of probable machine. It
has been developed by the law enforcement commissioner. The data can be inter-related and
have resources which are pointed out for an entity meant for a person. If there is more data
accumulated which might gain an extra piece of data for having better resolution and provide
information which can arise for an entity to have a split for separate entities .The piece of data
which an entity can own up for a symbolize communication for other entities and social
networks can be confirmed.[ CITATION SLG06 \l 1033 ]

22 | P a g e
 www.assignmentwritingindia.com

4 CURRENT TOOLS

It is known that basic forensic have created lot of opportunities for a commercial venture and
can be regarded in factor of open source alternatives. There have been standalone tools which
have a clear extraction of EXIF data from JPEG and continuously developed for a distributed
academic and open source community. The basic level of function can be easily integrated and
analyzed in suites .These suites are generally called as the GIU based Programs having a permit
of forensic analyst to have a clear search on data for a hard drive.

4.1 EnCase
It is an forensic suite which is been sold by an software company named as Guidance ,having a
license of NIST CFTT and several other law enforcement agencies throughout United states. It
has a powerful and network enabled and different platform specific investigation solution. It
also provides an answer to all computer related incidents and forensic analysis. It has the
capability of taking up all volatile and static data for servers and workstations anywhere for
distracting operations.[ CITATION Pal01 \l 1033 \m ACP04]

There has been a clear case of fill format for storing images in opens source library, it has the
permit of all other forensic tools and use images .It is a complex interface having all the
necessary steps for having a clear operations and intelligence which are actionable and can be
overturned. In other way Encase is a clear scripting language having the entire basic common
task for taking operations automatically. The use of this scripting language helps us in carving
and taking up report for a restricted use of an encase viewer. It doesn’t have a clear reference
for other cases. The main source can be stopped and can be added up for an extension to a
program. [ CITATION Pal01 \l 1033 \m ACP04].

23 | P a g e
 www.assignmentwritingindia.com
4.2 FTK
It is a Forensics Tool Kit which is been y Access Data. It is other level of commercial tool having
all the steep learning curve and have users. As of encase these forensic tool kit can be made
used in courtrooms and other legal precedents. Forensic tool kit takes up an more data rich
reports and can have interface that can encase .Forensic tool kit doesn’t provide any other
scripting language and not allow users to add up other functionality.[ CITATION Pal01 \l 1033 ]

4.3 Sleuth kit

In a world of open source for forensic there is another better and controlled method of Sleuth
kit .It is an primary tool which provides an open source suite of forensic tools and is based on
coroners Toolkit set. This coroner sleuth kit has all the necessary searching, time based building
and other browser setup. Sleuth tool kit have all have the basic command line and better
practitioner and other simplifies efforts for an graphical user interface. For an autopsy and
other PTK it is more than a graphical shell which can run on TSK commands for a child process
and present a web browser for better visualization and command in tools.[ CITATION Pal01 \l
1033 ]

4.4 PyFlag
Python Forensic and log analysis GUI (PyFlag) was put forwarded by government of Australia
.This python forensic is another kind of open source forensic intended to have a clear analysis
of media and network. Python forensic have a case image of back end database have clear
constant clear information having a right use of web browser and other client work stations.

In practice database can be on same system as client can allow for a mobile deployment on a
central server and make investigators to work same case at same time. Python forensic use
sleuth tool kit for underlying image access and builds individual file analysis, extraction and
reporting on top of sleuth tool kit. This forensic make up its own scripting language called
Python Flash and let users to write their own extensions to suite of python.[ CITATION Ste08 \l
1033 ].

24 | P a g e
 www.assignmentwritingindia.com
CONCLUSION

In this paper, we have depicted the significance of a standard, open format for digital evidence
attribution; both for description and comparison of particular pieces of evidence as well as for
tool interoperability and validation. In order to safeguard against better simplicity making the
observer assuage right of entry for counterfeit evidence, and taking method of validating
images can be followed. It is extensively acknowledged, and widely ignored, that digital images
are easy to generate, easy to influence but difficult to validate.

In an clear EXIF section of a JPEG file, there needs to be a remarkable amount for better use of
information There’s always an clear of misgiving in taking up the image data manually from a
file and the program exist today extract data in investigator. There’s been technology pathway
tool of forensic and other pro Discover tools having to make out a report for information to
investigators for a desired JPEG and TIFF files as marked for evidence.

There needs to be clear new investigator probable action for investigator to capture EXIF data
and be evidentiary quality manner to be used for a court at a later date. There is always a clear
methods which have a clear degree of reasonable and positivity and can be employed for a
photographs and helps court to determine truth for better management.

There’s always a possibility of designing a clear forensic mind for an expert these present a
clear financial option and provide a clear technical knowledge for extracting all image
knowledge to extract data media images. Tools presented can extract data in ineffectually
organized fashions that try to show user as much data as possible rather than prioritizing
information in accordance to relevance. This paper is intended to show some of the advantages
and tools used in imaging by the forensics community. It also gives clear techniques of image
forensic in digital photography making it contribution to a toolbox in this field.

25 | P a g e
 www.assignmentwritingindia.com
Bibliography
Anandabrata Pal, H. S. (2008.). Detecting file fragmentation point using sequential hypothesis
testing. In Digital Forensic Research Workshop .
Bassi, S. (June 2008). An automated acquisition system for media exploitation. .
Bassi, S. ( June 2008). An automated acquisition system for media exploitation. . Master’s thesis,
Naval Postgraduate School.
Carrier, B. ( 2006). A Hypothesis-Based Approach to Digital Forensic Investigations. . PhD thesis,
Purdue University.
Carrier., B. (2006). A Hypothesis-Based Approach to Digital Forensic Investigations.thesis.
Cohen., M. I. (2008). Advanced jpeg carving In e-Forensics ’08: . Proceedings of the 1st
international conference on Forensic applications and techniques in
telecommunications,information, and multimedia and workshop,, (pp. pages 1–6).
Englberger, R. M. (1994). “An SNR Estimation algorithm using Fourth-Order Moments.
Englberger, R. M. ( 1994). An SNR Estimation algorithm using Fourth-Order Moments.
Farid, A. C. (2004). Statistical tools for digital forensics.
Garfinkel, S. L. (2006). Forensic feature extraction and cross-drive analysis Digital Investigation .
Garfinkel., S. L. (2007). Carving contiguous and fragmented files with fast object validation,
Digital Investigation.
J. Fridrich, D. S. (2003). “Detection of Copy-move forgery in digital images.
Palmer, G. (2001). A Road Map for Digital Forensic Research: Technical Report DTR0010-01.
Pratt, W. K. ( 1987). Digital Image Processing. Third Edition, John Wiley and Sons,.
Pyflag, M. C. ( August 2008). An advanced network forensic framework. In Proceedings of the
2008 Digital Forensics Research Workshop. DFRWS.
Simson L. Garfinkel, D. J.-A. ( 2006). Disk imaging with the advanced forensic format, library and
tools.
Wright FD, D. J. ( 2001). Human bite marks in forensic dentistry. . Dental Clinics of North
America , 365-397.

26 | P a g e