ashar_oz contact
Chief author, Open Source enthusiast, Web Programmer, and UI/UX Designer.
Saturday, July 31, 2010 at 10:51


Exchangeable image file format (Exif) is a specification for the image file format used (mostly) by digital cameras. Exif is metadata hidden behind an image/audio/video created by device while image being taken, exif data is introduced by the Japan Electronic Industries Development Association (JEIDA) with purpose to encourage interoperability between imaging devices. learning exif data is part of digital forensic studies, trough exif data we learn when was image is being taken, what device is use to take, and what is being manipulated.   

What information inside Exif data ?
Exif usually contain of supporting information of file, that information can be [1] Date and time information, digital cameras will record the current date and time and save this in the metadata.[2] Camera settings, the information of camera setting includes static information such as the camera model and make, and information that varies with each image such as orientation, aperture, shutter speed, focal length, metering mode, and ISO speed information. [3] A thumbnail for previewing the picture on the camera's LCD screen, in file managers, or in photo manipulation software, if a file was being manipulated the data will be shown here. And the last information of exif data is [4] Descriptions and copyright information, this case not created by imaging device but it created by application like a photo editor.

How to read exif data on Ubuntu Linux ?
Reading exif data is quiet simple in ubuntu, we have application called exiftool (also available in windows/machintos) which can help us to read, write, and edit metadata on exif data. to install exiftool we can use the synaptics package manager or go to official exiftool website to download and install. exiftool is command-line application which run on terminal, to running this application we can use this syntax synopsis.
exiftool [OPTIONS] FILE
as case studies, we will try to use this application to analyze image then see what hidden information behind them, we have two identic image and one which of them is has being edited by image editor application, let see what goes in their metadata :
raw_imageedit.jpg

Through a bare eyes we have same image above, did exif give a same explanation ?, notice the data below
Exif data of raw_image
Look, we can see hidden information behind the image, we have some particular information such us the image is being taken in 27 september 2009, using device Canon PowerShot A590 IS, using iso 400.
Exif data of edit.jpg
based on data above, 2nd image (edit.jpg) is not original, edit.jpg was being manipulated in 31 July 2010 using Adobe Photoshop. Some potential information can be found from exif data if we notice carefully, yes.., practice make perfect.

How to manipulate information on exif data ?
yes, we make right statement when we decide that exif could be a potential evidence of computer crime, but one point must be remember is exif data "can be manipulated", simple example below would describe it. We use application named jhead, jhead  is  used  to  display  and manipulate data contained in the Exif header of JPEG images from digital cameras. By default jhead displays the  more  usefull camera  settings  from  the  file in a user-friendly format. We have conclusion that jhead have ability to delete exif or make 'fake' exif data. To get complate information and option of jhead you can visit this link. We try to remove exif information of Edit.jpg above using option [-purejpg] in jhead, then see what different : 

Edited exif data
we look pretty different of exif data now, some information is 'disappear', simple example above prove that exif data could be a potential evidance but not 'Absolute' because exif data can be manipulate (remove or edit). Jhead is strong application, they can do much with exif data, if you interesting with this application i suggest you to visit this website.