Kenneth B. Springer

Image showing what metadata survives when you send via different means

Can you get metadata from a photo someone sent you?

Whether you can read metadata from a received photo depends on the channel, not the tool. Email and AirDrop pass the file unchanged. Messaging apps re-encode — EXIF is gone, but a compression signature takes its place.

Photo shows LHS and RHS where LHS has person standing in photo and RHS has person missing

The EXIF thumbnail that gave the edit away

JPEG, WebP, PNG, HEIC, AVIF, and camera RAW files embed a firmware-generated thumbnail before any editing software has touched them. When software re-saves the image without updating the thumbnail, the mismatch is forensic evidence — one of 60+ forensic checks snapWONDERS runs automatically on every photo and video.

camera with streams coming out of the lens trying to illustrate that camera contains makernote

Blog / Digital Forensics · 10 June 2026

MakerNote forensics: what camera manufacturers hide inside every photo

MakerNote is the manufacturer-written EXIF block that standard stripping tools typically leave intact — carrying lens serial numbers, shutter counts, burst UUIDs, and capture context that survives a standard privacy scrub. Its absence from a known device is equally revealing.

A photograph split vertically — left half shows a pristine original outdoor scene labelled "Original"; right half shows the same scene with a thin cyan "Inconsistency detected" overlay on a region of compression irregularity

Blog / Digital Forensics · 3 June 2026

How to tell if a photo has been edited

How to tell if a photo has been edited: forensic analysis reads compression signatures, manufacturer metadata baselines, and thumbnail mismatches across JPEG, WebP, PNG, and video.

Forensic analysis on a photo of a book reveals a thumb print

Blog / Digital Forensics · 27 May 2026

Your camera’s fingerprint survives EXIF stripping — here’s how

Stripping EXIF metadata doesn’t make a photo anonymous. DQT quantisation tables and Huffman coding tables are baked into the JPEG compression — a permanent camera fingerprint that survives every standard metadata strip. Two of the 60+ forensic checks snapWONDERS reads from every image.

Blog / Digital Forensics · 20 May 2026

How I built a JPEG encoder fingerprint database from scratch

How I built the DQT encoder fingerprint database inside snapWONDERS — deriving libjpeg tables mathematically from the ISO standard, and running a live accumulation pipeline with a trust model to guard against faked metadata. And what this has to do with Vaultify.

lots of photos and videos in a whirlpool style being sucked into a photo of a couple on a holiday shoot, where they have slight overlay indicating it's concealed/hidden into the photo

Blog / Digital Forensics / News / Press Release · 13 April 2026

snapWONDERS Launches Vaultify — An AI-Powered Platform for Hiding Files Invisibly Inside Photos and Videos, Dedicated to the Memory of Huey

snapWONDERS has launched Vaultify, an AI-powered platform that invisibly hides files inside photos and videos, honouring the memory of Huey. This innovative idea originated from their earlier work on AI-enhanced …