Exciting terms get overused and worn down with time. I can remember when “awesome” meant magnificent, extraordinary, awe-inspiring. Today it’s barely stronger than “that’s nice.” Maybe it’s inevitable; people like to use words with a strong punch, even when they’re excessive.
“Digital forensics” is an example. Dictionaries say forensics is the study of issues in public discussion or debate. We usually think about it in connection with technical investigation of legal issues. Was a crime committed? If so, who did it and how? With so much of the world being computerized, people can legitimately use the term for a lot of digital activities, like identifying forgeries and attacks. I used the term for my own investigation of a defect in Honda’s MP3 players.
In the library and archiving world, though, some people are using it just because “data analysis” sounds awfully (there’s another word that’s been worn down) dull. In an interview on the Library of Congress’s digital preservation blog, Kam Woods says:
Digital forensics commonly refers to the process of recovering, analyzing, and reporting on data found on digital devices. The term is rooted in law enforcement and corporate security practices: tools and practices designed to identify items of interest (e.g. deleted files, web search histories, or emails) in a collection of data in order to support a specific position in a civic or criminal court case, to pinpoint a security breach, or to identify other kinds of suspected misconduct.
Occasionally that process does get involved with court cases and suspected misconduct, but he stretches its bounds:
The goals differ when applying these tools and techniques within archives and data preservation institutions, but there are a lot of parallels in the process: providing an accurate record of chain of custody, documenting provenance, and storing the data in a manner that resists tampering, destruction, or loss.
When archivists do their jobs, it prevents controversies from arising in the first place. I’m not demeaning the work; it’s better to prevent uncertainty than to have to resolve it. But good record keeping isn’t forensics.
Sometimes the methods and aims of “digital forensics” and real forensics directly oppose each other. Woods points out that the former needs to avoid collecting sensitive personal information where it’s not appropriate. A real forensic investigation will often need personal data as a vital clue.
People will go on calling routine data analysis “forensics” regardless of anything I say here, but let’s not confuse it with the real thing.
Mad File Format Science 
Photographic forensics
The FotoForensics site can be a valuable tool in checking the authenticity of an image. It’s easy to alter images with software and try to fool people with them. FotoForensics uses a technique called Error Level Analysis (ELA) to identify suspicious areas and highlight them visually. Playing with it a bit shows me that it takes practice to know what you’re seeing, but it’s worth knowing about if you ever have suspicions about an image.
Let’s compare that to an analysis of the unaltered image. The “heart” stands out as a dark spot on the ELA image, but its edges aren’t noticeably brighter than the edges of the planet’s (OK, “dwarf planet”) image. The tutorial says that “similar textures should have similar coloring under ELA. Areas with more surface detail, such as a close-up of a basketball, will likely have a higher ELA result than a smooth surface,” so it seems to make sense that the smooth heart (which is something like an ice plain) looks different.
Continue reading →
Comments Off on Photographic forensics
Posted in commentary
Tagged forensics, JPEG