• Where the thumbnail lives
  • How firmware generates it
  • Whether editing software updates it
  • What mismatches reveal in practice
  • Thumbnail sources — what snapWONDERS extracts
  • Coverage and limits
  • When it's not what it looks like
  • The gap that persists
Skip to content
Kenneth B. Springer
Menu
  • About
  • Our Story
  • Websites
  • FAQ
    • Your FAQ
    • Privacy Policy
    • Terms of Service
  • News
  • Connecting

Tag: photo forensics

Photo shows LHS and RHS where LHS has person standing in photo and RHS has person missing
Blog / Digital Forensics · 17 June 2026

The EXIF thumbnail that gave the edit away

JPEG, WebP, and PNG files can all carry an EXIF thumbnail generated at capture. Whether editing software updates it is inconsistent — and that inconsistency is the forensic signal.

camera with streams coming out of the lens trying to illustrate that camera contains makernote
Blog / Digital Forensics · 10 June 2026

MakerNote forensics: what camera manufacturers hide inside every photo

MakerNote is the manufacturer-written EXIF block that standard stripping tools typically leave intact — carrying lens serial numbers, shutter counts, burst UUIDs, and capture context that survives a standard privacy scrub. Its absence from a known device is equally revealing.

A photograph split vertically — left half shows a pristine original outdoor scene labelled "Original"; right half shows the same scene with a thin cyan "Inconsistency detected" overlay on a region of compression irregularity
Blog / Digital Forensics · 3 June 2026

How to tell if a photo has been edited

How to tell if a photo has been edited: forensic analysis reads compression signatures, manufacturer metadata baselines, and thumbnail mismatches across JPEG, WebP, PNG, and video.

Forensic analysis on a photo of a book reveals a thumb print
Blog / Digital Forensics · 27 May 2026

Your camera’s fingerprint survives EXIF stripping — here’s how

Stripping EXIF metadata doesn’t make a photo anonymous. Two compression signatures — quantisation tables and Huffman tables — survive every standard strip and reveal both the original encoder and whether the file was re-processed. Here’s what forensic analysis actually reads.

Recent Posts

  • The EXIF thumbnail that gave the edit away
  • MakerNote forensics: what camera manufacturers hide inside every photo
  • How to tell if a photo has been edited
  • Your camera’s fingerprint survives EXIF stripping — here’s how
  • How I built a JPEG encoder fingerprint database from scratch

Recent Comments

    Archives

    • June 2026
    • May 2026
    • April 2026
    • December 2025
    • October 2025
    • August 2025
    • June 2025
    • May 2024
    • April 2024
    • February 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • June 2023
    • December 2022
    • March 2021
    • June 2017
    • October 2016
    • March 2014

    Categories

    • Accessibility
    • Blog
    • Digital Forensics
    • Infrastructure
    • News
    • Our Story
    • Press Release
    Keep Updated
    Copyright © 2026 Kenneth B. Springer
    Kenneth B. Springer logo
    This website uses cookies to ensure you get the best experience on our website.