Probably one of the most exciting fields in the computing world today is Cyber Forensics. Today, we will be discussing one of the most interesting areas in Cyber Forensics i.e. Multimedia Forensics.
Computer Forensics is the practice of collecting, analyzing, and reporting on digital evidence so that it is admissible in the court. Forensic investigators must extract the probative facts from the computers involved and use these facts to create a logical scenario. Multimedia Forensics comes as a second phase, in which scientific methods are used for the analysis of the contents.
In this article, we will be discussing the following topics:
- What is Multimedia Forensics?
- What are the approaches to Multimedia Authentication?
- What are Digital Fingerprints?
What is Multimedia Forensics?
When applied to the field of multimedia, digital forensics started to face challenges, as multimedia is content that uses a mix of audio, video, images, text. Thanks to the wide adoption of mobile devices, cheaper storage, high bandwidth, online users are generating a humungous amount of data. This growth has pushed digital multimedia in the forefront. The amount of data is so massive that it has surpassed the capabilities of the forensic experts to effectively analyze and process the data. Multimedia forensics has now become an integral part of the Cyber Forensics.
Multimedia forensics involves the set of techniques used for the analysis of multimedia signals like audio, video, images. It aims to:
- Reveal the history of digital content.
- Identifying the acquisition device that produced the data.
- Validating the integrity of the contents.
- Retrieving information from multimedia signals.
What are the approaches to Multimedia Authentication?
Internet content is not only limited to text form, it comes in a lot of different varieties, so the forensic approaches developed to analyze them must also vary in scope. The goal here is to analyze images, text, audio, video, in order to generate a piece of logical Forensic evidence.
Multimedia Forensics divides its efforts between 2 main approaches – Active Image Authentication and Passive Image Authentication.
As you can see from the diagram, Active image authentication, and Passive image authentication are further divided into categories.
Let’s get started and discuss each category in detail.
Active Image Authentication:
In this technique, a known authentication code is embedded in the image at the time of image generation or sent with the image for accessing its integrity at the receiving end. Verifying this code authenticates the originality of the image. Active Authentication is further classified into 2 categories: Digital Watermarking and Digital Signatures.
Drawbacks of Active image authentication:
- The authentication code needs to be embedded in the image at the time of recording using special equipment thus prior information about the image becomes indispensable.
- This approach requires a digital watermark or a digital signature to be created precisely when the image is recorded, which limits its ability to handle specially equipped digital devices.
- As the majority of the images on the Internet, today don’t have a watermark or a digital signature, which has forced this image authentication method to consider additional techniques –
Digital Watermarking: In this technique a digital watermark is embedded into the image at the time of either image acquisition or in the processing stage.
Digital Signatures: Digital signatures embed some secondary information that is usually obtained from the image, at the acquisition end into the image.
Passive Image Authentication:
Passive authentication also known as image forensics uses the only image with no prior information for accessing the integrity of the image. Passive authentication works on the assumption that even though tampering with the image may not leave any visual trace but they are likely to alter the underlying statistics. This means that digital forgeries may disturb the underlying properties of the image, quality of the image, even though no physical clue has been left behind.
Passive techniques are further classified into Forgery-type dependent and Forgery-type independent techniques.
Forgery-type dependent –
These are designed to detect only certain types of forgeries like copy-move and image-splicing which are dependent on the type of forgery carried out on the image.
It is further classified into 2 categories: Copy-move detection and Image-splicing detection.
1. Copy-move detection:
Copy-move is the most popular photo tampering technique because of the ease with which it can be carried out. It involves copying some regions in the image and moving the same to some other region in the image. Since the copied region belongs to the same image so the dynamic range and color remain compatible with the rest of the image.
In copy-move detection post-processing operation like blurring is used to decrease the effect of border irregularities between the two images.
2. Image-splicing detection:
The Image-splicing method involves merging 2 or more images changing the original image significantly to create a forged image. Please note when merging images with differing backgrounds, it becomes difficult to make the border and boundaries indiscernible. Image-splicing detection is a challenging task involving the following techniques:
- Composite regions are investigated by a variety of methods.
- The presence of abrupt changes between different regions that are combined to create a composite image and their backgrounds, provide valuable traces to detect splicing in the image under consideration.
Forgery-type independent –
These methods detect forgeries independent of forgery type but based on artifact traces left during the process of re-sampling and due to lighting inconsistencies. It is further classified into 2 categories:
1. Retouching detection:
This method is most commonly used for commercial and aesthetic applications. Retouching is mostly carried out to enhance or reduce the image features or to create a convincing composition of 2 images that requires rotation, resizing, or stretching of one of the images. Image retouching detection is done using the following techniques:
- Find the blurring, enhancements, or color changes and illumination changes in the forged image.
- Retouching Detection is easy if the original image is available however blind detection is a challenging task.
2. Lighting Conditions:
Images that are combined during tampering are taken in different lighting conditions. It becomes very difficult to match the lighting condition from combining photographs. This lighting inconsistency in the composite image can be used for the detection of image tampering.
What are Digital Fingerprints?
Although Cryptographic tools and access control mechanisms ensure the safe delivery of multimedia content across the Internet. But this protection ends as soon as the content is delivered to the end-user and safely decrypted. Digital Fingerprinting has emerged to cater to this post-delivery by identifying the end-users who have authorized access to plaintext but use it for unauthorized purposes.
Digital Fingerprinting process involves investigators to trace the illegal usage of multimedia content through a unique identifying information known as “Fingerprint” that is embedded in the content before distribution. Youtube is using this technology to scan files and match the digital fingerprints they find against a database of copyrighted material to see if any intellectual property is being violated.
Digital Fingerprints are technically coded strings of binary digits generated by mathematical algorithms, they are as unique as the analog fingerprints of a person.
The more images and videos continue to flood the Internet, the more difficult it becomes to protect the information through forensic investigations. As online multimedia content grows, it becomes important for the users and creators to understand the legal boundary of the virtual world.