KinesenseLE v4.0 introduces a new Authentication tab. You will find this new tab in Report next to Annotate and Clarification. Authentication provides a number of new tools to help investigators determine if an image file or photograph is real or has been altered.
Error Level Analysis
This is a standard tool for analysing jpeg files. It highlights regions of an image which show different levels of compression. This can indicate parts of the image which have been added using image editing software.
Exif data is added to an image file by the digital camera and by editing software. This tool extracts that data and highlights terms useful for authentication such as ‘Creator tool’, ‘Software’, ‘Modified Date’, etc.
Hex viewer reads the raw binary data from the image file and automatically searches for and highlights useful byte sequences, such as those corresponding to ‘Photoshop’, or ‘Adobe’.
Jpeg Snoop computes the ‘compression signature’ of a jpeg image and then compares it to a database of over 3300 different cameras and software applications, highlighting matches.
The compare tool lets you select two images and compare them. If a region of one image differs, those pixels are highlighted. Compare also looks at the binary data and highlights bytes that have been altered.