Forensic analysis of photographs and video files is a fairly voluminous topic that could take more than one chapter of our course. In terms of this topic we will examine several examples of problems solved by forensic analysis of photo- and videofiles. This is important for correct understanding of the method’s possibilities and the practices of its application.
The first example
This is a real life one. The police detained a citizen suspected of having abused sexually a child, which he filmed and kept on his computer. By the time the criminalists obtained access to his computer, the video had already been deleted using special software and there was no way to recover the deleted file.
The specialists carried out a complex forensic analysis of the computer, where a miniature video file was found preserved in the system. The size of the miniature was insignificant, but it was perfectly understandable that the suspect did commit sexual acts with a minor.
The attacker reliably deleted the video, but he did not know that information from the viewed images and video files in the form of miniatures remains in the system. This helped to reveal his actions.
The second example
This is one more famous real-life example. There was detained a gang suspected of counterfeiting banknotes. Dismounted cryptocontainer TrueCrypt was detected on the computer of the suspect. The suspects refused to give out the password, dictionary brute force attack failed, the situation seemed hopeless.
Then, with the help of forensic software the experts examined the contents of the hard disk of the computer and found the miniatures of all the pictures opened on it, as you can understand, they contained counterfeit banknotes. The system carefully preserved them and that was it which helped to build an evidence base.
We have told where the miniatures are stored and how to remove them in this chapter of our course.
Attention
Information about viewed images and videos is stored on your device in the form of miniatures and open file names.The third example
Another real story of the use of forensic image analysis, which led to the exposure of the fraudster. The owner of a small hosting provider received an email notification that one of his clients lost access to mail and wants to regain access to his account. The owner of the hosting sent a letter to the registration email, but there was no answer for a week, then he decided to start the recovery procedure, as he had the owner's registration data.
He requested a photocopy of the passport and bills for payment of utility service in the name of the owner of the account whose data he had and received them within three days. The time to give access to the account came, but the owner of the hosting still had some doubs, so he checked the xeroxed documents for fraud.
As a result, both the photocopy of the passport and the scanned bill were made using the image editor, this was clearly seen due to the inspection of the texture of pixels in places with user data (all changed places unnaturally stand out on the background of the overall picture). In terms of the course you will learn how to analyze photos independently and find pictures with changes made by inspecting the texture of pixels and image metadata.
Definitely the scammer did not get any data. Later it turned out that the real owner of the account was at that time on vacation and did not read the mail, on the server he kept valuable data that the malefactors were hunting for.
The fourth example
The user found a shop with the desired product on the Internet. This store had a lot of positive reviews and recommendations. Many users left photos of the received goods with an inscription “Thank you” on a piece of paper indicating the store site along with their reviews.
Buying anything from this seller assumed a solid prepayment and in order not to be deceived the user conducted an analysis of the texture of the pixels of the images with photoreviews. The analysis showed that the paper with thanks was added with the help of the editor and the original images themselves were taken from the Internet and had no relation to the seller. The fraudster was exposed.