Skip to content
/ sherloq Public
forked from GuidoBartoli/sherloq

An open-source digital image forensic toolset

License

GPL-3.0 license
0 stars 251 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hattom/sherloq

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
gui
gui
 
 
logo
logo
 
 
screenshots
screenshots
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Sherloq
An open source image forensic toolset

Introduction

"Forensic Image Analysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with law enforcement applications include: Photogrammetry, Photographic Comparison, Content Analysis, and Image Authentication." (Scientific Working Group on Imaging Technologies)

Sherloq is a personal research project about implementing a fully integrated environment for digital image forensics. It is not meant as an automatic tool that decide if an image is forged or not (that tool probably will never exist...), but as a companion in experimenting with various algorithms found in the latest research papers and workshops.

While many commercial solutions have unaffordable prices and are reserved to law enforcement and government agencies only, this toolset aims to be a powerful and extensible framework as a starting point for anyone interested in state-of-the-art forensic algorithms.

I strongly believe that security-by-obscurity is the wrong way to offer any kind of forensic service (i.e. "Using this proprietary software I guarantee you that this photo is pristine... and you have to trust me!"). Following the open-source philosophy, everyone should be able to try various techniques on their own, gain knowledge and share it to the community... even better if they contribute with code improvements! :)

History

The first version was written in 2015 using C++11 to build a command line utility with many options, but soon it turned to be too cumbersome and not much interactive. That version could be compiled with CMake after installing OpenCV, Boost and AlgLib libraries. This first proof of concept offered about 80% of planned features (see below for the full list).

While also including novel algorithms, the 2017 version mainly added a Qt-based multi-window GUI to provide a better user experience. Multiple analyses could be shown on screen and a fast zoom/scroll viewer was implemented for easier image navigation. That project could be compiled with Qt Creator with Qt 5 and OpenCV 3 and covered about 70% of planned features.

Fast forward to 2020 when I decided to port everything in Python (PySide2 + Matplotlib + OpenCV) for easier development and deployment. While this iteration is just begun and I have yet to port all the previous code on the new platform, I think this will be the final "form" of the project (as long as someone does not volunteer up to develop a nice web application!).

I'm happy to share my code and get in contact with anyone interested to improve or test it, but please keep in mind that this repository is not intended for distributing a final product, my aim is just to publicly track development of an unpretentious educational tool, so expect bugs, unpolished code and missing features! ;)

Features

This list contains the functions that Sherloq will hopefully provide once the beta stage is reached.

Interface

  • Modern Qt-based GUI with multiple tool window management
  • Support for many formats (BMP, JPEG, PNG, WebP, PGM, PFM, TIFF, GIF)
  • Highly responsive image viewer with real-time panning and zooming
  • Many state-of-the-art algorithms to try out interactively
  • Extensive online help with tool explanations and tutorials
  • Export both visual and textual analysis results

Tools

General

  • Original Image: display the unaltered reference image for visual inspection
  • File Digest: retrieve physical file information, crypto and perceptual hashes
  • Hex Editor: open an external hexadecimal editor to show and edit raw bytes
  • Similar Search: browse online search services to find visually similar images

Metadata

  • Header Structure: dump the file header structure and display an interactive view
  • EXIF Full Dump: scan through file metadata and gather all available information
  • Thumbnail Analysis: extract optional embedded thumbnail and compare with original
  • Geolocation Data: retrieve optional geolocation data and show it on a world map

Inspection

  • Enhancing Magnifier: magnifying glass with enhancements for better identifying forgeries
  • Channel Histogram: display single color channels or RGB composite interactive histogram
  • Global Adjustments: apply standard image adjustments (brightness, hue, saturation, ...)
  • Reference Comparison: open a synchronized double view for comparison with another picture

Detail

  • Luminance Gradient: analyze horizontal/vertical brightness variations across the image
  • Echo Edge Filter: use derivative filters to reveal artificial out-of-focus regions
  • Wavelet Threshold: reconstruct image with different wavelet coefficient thresholds
  • Correlation Plot: exploit spatial correlation patterns among neighboring pixels

Colors

  • RGB/HSV Plots: display interactive 2D and 3D plots of RGB and HSV pixel values
  • Space Conversion: convert RGB channels into HSV/YCbCr/Lab/Luv/CMYK/Gray spaces
  • PCA Projection: use color PCA to project pixel onto most salient components
  • Pixel Statistics: compute minimum/maximum/average RGB values for every pixel

Noise

  • Noise Separation: estimate and extract different kind of image noise components
  • Min/Max Deviation: highlight pixels deviating from block-based min/max statistics
  • Frequency Split: split image luminance into high and low frequency components
  • Bit Planes Values: show individual bit planes to find inconsistent noise patterns

JPEG

  • Error Level Analysis: show pixel-level difference against fixed compression levels
  • Quality Estimation: extract quantization tables and estimate last saved JPEG quality
  • Multiple Compression: use residuals to detect multiple compressions at different levels
  • DCT Dimples Map: analyze periodic quantization artifacts introduced by devices

Tampering

  • Contrast Enhancement: analyze color distribuions to detect contrast enhancements
  • Copy-Move Forgery: use invariant feature descriptors for cloned area detection
  • Composite Splicing: exploit DCT statistics for automatic splicing zone detection
  • Image Resampling: estimate 2D pixel interpolation for detecting resampling traces

Various

  • Median Filtering: detect processing traces left by nonlinear median filtering
  • Illuminant Map: estimate scene local light direction on estimated 3D surfaces
  • PRNU Identification: exploit sensor pattern noise introduced by different cameras
  • Stereogram Decoder: decode 3D images concealed inside crossed-eye autostereograms

Screenshots

Here are some screenshots from the previous C++ Qt GUI (to be updated with the new version):

File Analysis
File Analysis: Metadata, Digest and EXIF

Color Analysis
Color Analysis: Space Conversion, PCA Projection, Histograms and Statistics

Visual Inspection
Visual Inspection: Magnifier Loupe, Image Adjustments and Evidence Comparison

JPEG Analysis
JPEG Analysis: Quantization Tables, Compression Ghosts and Error Level Analysis

Luminance/Noise
Luminance and Noise: Light Gradient, Echo Edge, Min/Max Deviation and SNR Consistency

Installation

Linux

Install package manager
$ sudo apt install python3-distutils python3-dev subversion
$ wget https://bootstrap.pypa.io/get-pip.py
$ sudo python3 get-pip.py

Setup virtual environments
$ sudo pip install virtualenv virtualenvwrapper
$ echo -e "\n# Python Virtual Environments" >> ~/.bashrc
$ echo "export WORKON_HOME=$HOME/.virtualenvs" >> ~/.bashrc
$ echo "export VIRTUALENVWRAPPER_PYTHON=/usr/bin/python3" >> ~/.bashrc
$ echo "source /usr/local/bin/virtualenvwrapper.sh" >> ~/.bashrc
$ source ~/.bashrc
$ mkvirtualenv sq -p python3

MacOS

1) Open Terminal and enter "python3" to install the interpreter and other command line tools
2) Once installed, proceed similarly to Linux installation:
   $ wget https://bootstrap.pypa.io/get-pip.py
   $ sudo python3 get-pip.py
   $ sudo pip install virtualenv virtualenvwrapper
   $ echo -e "\n# Python Virtual Environments" >> ~/.bash_profile
   $ echo "export WORKON_HOME=$HOME/.virtualenvs" >> ~/.bash_profile
   $ echo "export VIRTUALENVWRAPPER_PYTHON=/usr/bin/python3" >> ~/.bash_profile
   $ echo "source /usr/local/bin/virtualenvwrapper.sh" >> ~/.bash_profile
   $ source ~/.bash_profile
3) $ mkvirtualenv sq -p python3

Windows

You can follow this guide (the Flask installation is optional).

Linux, MacOS, Windows

  1. Clone repository content into a local folder
  2. Change current directory to the gui folder inside sherloq
  3. Execute pip install -r requirements.txt
  4. Launch the program with python sherloq.py

Bibliography

  • Black Hat Briefings DC. (2008) "A Picture's Worth: Digital Image Analysis and Forensics" [White paper]. Washington, DC. Retrieved from http://blackhat.com/presentations/bh-dc-08/Krawetz/Whitepaper/bh-dc-08-krawetz-WP.pdf
  • "Noiseprint: a CNN-based camera model fingerprint" (Davide Cozzolino, Luisa Verdoliva)
  • "Exposing Digital Forgeries by Detecting Traces of Re-sampling" (Alin C. Popescu and Hany Farid)
  • "Two Improved Forensic Methods of Detecting Contrast Enhancement in Digital Images" (Xufeng Lin, Xingjie Wei and Chang-Tsun Li)

About

An open-source digital image forensic toolset

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Perl 65.7%
  • HTML 32.6%
  • Python 1.6%
  • PostScript 0.1%
  • Makefile 0.0%
  • CSS 0.0%