About the site

What is FotoForensics?
FotoForensics is a free web site intended to provide budding researchers a sample of what can be done with digital photo forensics.
In August 2007, Dr. Neal Krawetz gave a presentation at the Black Hat Briefings computer security conference. The presentation, titled "A Picture's Worth", covered a handful of novel photo analysis algorithms. (A video of the presentation is available from iTunes, search for "Krawetz". The associated white paper and slides are available online.) Using these algorithms, researchers can determine if a picture is real or computer graphics, if it was modified, and even how it was modified. Dr. Krawetz gave variations of this presentation at different conferences between 2007 and 2010.
Following the disclosure of these algorithms, many people began recreating them. Error Level Analysis (ELA) is one of the simpler algorithms, and many people implemented their own variants. In 2010, Pete Ringwood created the "errorlevelanalysis.com" web site as a free service where people could submit photos and web pictures for analysis. The result was an instant hit.
In 2012, Mr. Ringwood decided to retire the site, which had introduced millions of people to the field of photo forensics. Hacker Factor has recreated the service as "fotoforensics.com", maintaining the basic principles that Pete Ringwood established: a free service that provides an introduction to photo forensics.
Who provides this service?
Hosting, administration, and site development are not free. This site is sponsored by Hacker Factor. If you would like to help support this site, please consider making a small donation. All donations will be used to offset the hosting costs for this service. Unfortunately, we cannot offer return links or other advertisement space in exchange for donations.
Please make donations payable to "Hacker Factor":
Hacker Factor
P.O. Box 270033
Fort Collins, CO 80527-0033
Be sure to include the message "FotoForensics Donation" with any donation.
What is the privacy policy?
This site's privacy policy is very basic: this is a public site. There is no web login and there is no privacy. Do not assume that the pictures you submit will be kept private.
What information does this site collect and how is it used?
This site collects pictures that are submitted, information about the pictures (where it came from, when it was submitted, how often it is accessed), and typical weblog information.
While the pictures are displayed upon request by your web browser, other information is used for site management and related research purposes. We will not publicly disclose information and we will not provide collected information to external third parties (such as advertisers and data aggregates). This web site does not collect email addresses. It also does not sell content.
By uploading a picture, you consent to having the picture viewed by FotoForensics, Hacker Factor, and research partners for analysis-related purposes. If the pictures contain illegal or potentially illegal content, then the site administrators may have an obligation to share the information with law enforcement.
Who should I contact about problems with this site?
Problems with this site, such as error messages, connectivity issues, maintenance, etc. should be sent to .
Do not send this address any advertisements, promotional offers, "let's swap links!" requests, or anything from any mailing list. Also, do not send questions about analysis results or requests for technical details about how the algorithms work. This email address is strictly for problems or issues with the web site.
Who can use this site?
This free service is available to everyone. It is intended to give people an introduction to digital photo forensics and image analysis. This site does not draw conclusions or interpret results; it just shows raw data. As such, the algorithms on this free service are not intended for commercial or legal uses. FotoForensics takes no responsibility for inaccurate, incorrect, or misleading analysis interpretations.
Some web developers have inquired about creating their own front-end systems to this online service. This is permitted as long as:
1. There is a link to FotoForensics.com and/or attribution provided to FotoForensics,
2. No fee is charged for accessing this data or for software that accesses this site,
3. No ads are used in conjunction with results from this site,
4. It is made clear that FotoForensics and Hacker Factor do not endorse your third-party software or service, and
5. Your service abides by this site's API.
Basically, developers must not take credit for work performed by FotoForensics, developers must not charge this free service, and developers must not claim or imply that FotoForensics endorses their software or services. Ads are not permitted because using these pictures to generate revenue from ads directly violates Copyright and the Fair Use clause. Developers who do not adhere to the API may find that their code no longer works if this site makes a code change. It is strongly recommended that developers contact FotoForensics prior to developing their systems.

About file submissions
What can I upload for analysis?
You can submit a picture from your computer or submit a URL of an online picture. The picture must be a JPEG or PNG. There is a 5 Meg file size limit. Pictures should also be at least 100x100 pixels and no larger than 10,000x10,000; thumbnail images will not work well and extremely large pictures take too long to process in real-time.
This web site is used by forensic researchers. Uploaded pictures may be viewed by the site administrators and research partners.
Please consider the content you are uploading. If you would not show it to your parents or children, then it probably does not belong here. People who upload pornography and sexually explicit content will be banned.
Why forbid pornography?
This site permits nearly all types of pictures. Dancing kittens, airplane crashes, and everything in between is par for the course. Currently, this site only forbids pornography.
This server is located in the United States of America. Although there are laws concerning obscenity, pornography in general is considered protected free speech. With one exception: it is a federal offense to knowingly possess or distribute child pornography (see 18 U.S.C. 2251, 2252, 2258, and 1466).
This web site is used for photo research. It is very possible that an administrator or research partner may see the pictures that you upload. I do not want my administrators spending any time guessing whether a person in a picture is over or under the legal age of consent. As such, we have implemented a very simple rule: no pornography, no nudity, no sexually explicit content. I do not care if you think the person is clearly an adult -- no pornography.
Why did my upload fail?
If your upload fails, it is probably because:
- It was not a JPEG or PNG,
- It was too large, or
- The URL you submitted was inaccessible.
Why does the picture look different?
Occasionally the uploaded picture does not look like you expected. It may appear inverted, rotated, or even larger that you thought.
JPEG images can contain display information such as rotation or inverting. In effect, graphical applications render the JPEG and then apply a transform. For the types of photo forensics performed on this site, addition transformations may distort the image. As a result, post-rendering transformations are not applied. Images may appear rotated, flipped, or inverted depending on the post-rendering transformations.
In other cases, such as a URL upload, the picture retrieved by FotoForensics may not look like the picture you throught you uploaded because FotoForensics acquired a higher quality image. This can currently happen with pictures that come from Facebook and Imgur.
With Facebook, the URL may contain commands for scaling, cropping, and positioning the image. When FotoForensics detects this, it attempts to retrieve the full-size picture stored at Facebook, and not the cropped or scaled image. This is done because scaling, cropping, and other server-side transformations result in a resave and may obscure information about an image. The picture retrieved by FotoForensics can appear larger and wider than the image shown on Facebook's web page.
With Imgur, users occasionally submit the URL to the text web page and not the URL to the image. (Editor's note: Don't blame the user!) If this is detected, then FotoForensics will retrieve the primary image from the web page. If there are multiple images on the page, then it may not retrieve the one you wanted. Try submitting the URL to the image itself: right click on the image and select "View Image" (the actual menu item varies by browser), and submit that URL to FotoForensics.
Why does the picture look broken?
In rare cases, pictures retrieved from a URL upload may appear broken. With JPEG images, they will usually render the top part of the image, but the bottom part will appear as a gray box. This happens when the server hosting the picture cannot provide it within a reasonable timeframe. Either the hosting server is slow, or there is a significant network delay that is causing the download to timeout.
This problem has been repeatedly seen with pictures hosted in China, such as pictures from Baidu.com. As far as we can tell, China is tarpitting the network connection -- intentionally making it slower and slower until the download fails.
The best solution to this problem is to download the picture to your local computer and use the File Upload option to submit the picture.
Who can see the pictures I upload?
When you submit an image, you are provided with a direct link that you can share with other people (and they, in turn, may tweet or post to Facebook or send it to friends). The pictures may also be reviewed by the site administrators and research partners.
How long are pictures kept on the server?
Pictures remain on the server for at least 3 months. After 3 month, inactive pictures may be removed in order to reclaim disk space as needed.
Is this site broken?
For some people, this site may appear broken. There is no upload window and every link to an analysis shows nothing. The only thing you can access is this FAQ.
Fear not! This site is not broken! You have been banned due to uploading prohibited content. (This site is not for your personal porn archive.) The ban will lift automatically after 3 months. (That is, 3 months after you stop visiting this site, and the counter resets every time you visit.)
If you feel unfairly banned from this site, you can write to . Be sure to explain why you believe that your actions (e.g., submitting pornography) was appropriate behavior on a public web service. Be sure to identify who you are (name, address, and phone number -- in case we need to contact you), your network address (you are currently using 107.22.25.119), what content you submitted, and approximately when it was submitted -- otherwise we will not be able to identify which block is associated with you.
NOTE: People who only submit their network address with their removal request will not have the block removed. You must include an explanation, who you are, and a description of the type of content you were submitting. Requesting a removal does not guarantee a removal.

About copyright
Who owns the copyright?
This web site is Copyright Hacker Factor, All Rights Reserved. However, we do not own the copyright to the submitted pictures.
Each picture's copyright is retained by the original copyright holder. For the derivative works (i.e., the analysis pictures), it depends on the picture and how much it looks like the original image. The derivative work is either the copyright work of Hacker Factor or of the original source's copyright holder. (It's best to consult an attorney, and I'm not an attorney.) It suffices to say that you do not own the copyright just because you submitted the picture.
What about copyright permission?
Let me preface this with "I am not a lawyer and this is not legal advice," "You should consult an attorney," and "It is my understanding that..."
US Copyright Law permits Fair Use for the purpose of criticism, comment, news reporting, teaching, scholarship, and research. Fair Use permits limited copying or distribution.
This site permits permits people to submit images to a digital image analysis system. The system does not draw any conclusions about the picture, and does not solicit people to submit any specific pictures. The purpose is for education, research, and criticism. This site does not host advertisements and is operated at a financial loss; it is not a profit-oriented service and does not gain financial profit from the submitted content. Direct links to submitted content are only provided to the people who submit the content (or who already have the link). It is our belief that this complies with the Fair Use clause (Title 17, Chapter 1, Section 107).
How can I request content removal?
Requests should be sent to , or write to:
FotoForensics
c/o: Hacker Factor
P.O. Box 270033
Fort Collins, CO
80527-0033
United States of America
Removal requests must include all of the following information:
- The direct link to the content that you wish to have removed.
- Information that can be used to verify that you are the copyright holder, you represent the copyright holder, or you represent the subject of the picture.
- A description of the complaint. Specifically, why you feel that this site is not in compliance with Section 107 of US Copyright Law (Title 17).
- Name, email address, postal address, and phone number for contact and replies.
How can I report offensive content?
Offensive is a very subjective term. See "How can I request content removal?" Be sure to mention the nature of the offense and why you feel it is offensive. Some types of pictures are illegal in the United States; we will contact law enforcement immediately.
This site does not cater to people who want to use it for hosting photos intended to harass or harm other people. Harassment complaints will be expedited.

About Analysis
Will this tell me if the picture fake?
No. This site is like a microscope -- it will show you data, but it does not draw any conclusions. FotoForensics includes tutorials to help you understand what to look for in the analysis results.
In some cases, the analysis may not provide the answer you wanted. For example, you may want to know if a picture was edited. However, if the picture is a low quality, then the results may not permit identification of anything beyond "low quality, multiple resaves."
As a concrete example, consider analyzing a picture from Facebook. Facebook strips out all original metadata and replaces it with their own metadata. So the metadata analysis will not identify anything beyond "Facebook". Facebook also resaves the image at a low quality, so the JPEG quality (JPEG %) will report a low quality image. Error Level Analysis will typically return a dark result with large colored rectangles -- indicating a low quality image and multiple resaves (a solid description of what Facebook provides). Even if the picture is visually altered, the algorithmic results may not detect much more than an image resaved by Facebook.
The tutorials on this site identify some common applications and online services that leave tell-tale artifacts that are usually identifiable.
What is Error Level Analysis?
Error Level Analysis (ELA) is an algorithm that evaluates the error level potential of a JPEG image. JPEG is a lossy image format; every resave degrades the picture. The amount of degradation varies based on the number of saves. The first save loses a lot, the second save loses a little more, and by the 20th save, it is probably as low quality as it will ever get. When a picture is modified, the changed parts have a higher error level potential than the rest of the image. ELA works by saving the picture at a known quality level (like a JPEG at 95%), and then determines how much changed. Edits and splices appear as regions with more change. See the tutorial for more detail.
How do I cite ELA?
The Error Level Analysis algorithm was publicly disclosed by Neal Krawetz in a white paper and presentation at the Black Hat Briefings security conference. The revised white paper and slides are from the 2008 conference in Washington, DC.
APA citation
Black Hat Briefings DC. (2008) A Picture's Worth: Digital Image Analysis and Forensics [White paper]. Washington, DC. Retrieved from http://blackhat.com/presentations/bh-dc-08/Krawetz/Whitepaper/bh-dc-08-krawetz-WP.pdf
MLA citation
Krawetz, N., "A Picture's Worth: Digital Image Analysis and Forensics." Black Hat Briefings DC. 2008. <http://blackhat.com/presentations/bh-dc-08/Krawetz/Whitepaper/bh-dc-08-krawetz-WP.pdf>
Chicago Manual of Style citation
Krawetz, N., "A Picture's Worth: Digital Image Analysis and Forensics." Black Hat Briefings DC. 2008. Available from http://blackhat.com/presentations/bh-dc-08/Krawetz/Whitepaper/bh-dc-08-krawetz-WP.pdf
How do I read the ELA picture?
See the tutorial and sample analysis.
What does ELA detect?
ELA measures the amount of change during a JPEG resave. When a digital photo is edited, the modified portions will have a different error level potential compared to the rest of the picture. Splices, drawing, and significant edits are usually visible as a significantly different error level potential.
There is a difference between real and authentic. A real photo of a forged document or a staged situation will not appear unusual under ELA. This is because the picture is real, even if the subject of the photo is not authentic. ELA does not identify the authenticity or other attributes related to the picture's subject.
ELA also does not detect all forms of digital manipulation; it only identifies differences in the error level potential. Digital modifications that do not significantly alter the error level potential, such as a minor color adjustment over the entire picture, may not be detected by ELA.
Why is the picture black?
A very low quality picture that has undergone multiple resaves will have no more error level potential. A black result is informative: this picture (1) is not a camera original, (2) is very low quality, and (3) has been repeatedly resaved.
Why does this ELA picture look different from other ELA systems?
When the Error Level Analysis algorithm was disclosed in 2007, we intentionally did not release source code. As a result, every implementation is a variant of the algorithm. They all implement the same basic approach and all can be used to reach the same conclusions. However, different settings can lead to slight differences in the appearance of the ELA image.
For a proper experiment, the results must be repeatable. This system uses libjpeg-6b with a resave quality of 75% and a post-process brightness factor of 20. Different JPEG libraries and different parameters will generate slightly different ELA images.
How can I improve the results?
The results from an analysis are directly dependent on the image quality. You may want to know if something was added, but if the picture is a copy of a copy of a copy, then it may only detect the resaves. Try to find the best quality version of the picture.
For example, many pictures are hosted at Flickr. Flickr provides small, medium, large, and original images. The small, medium, and large are derivative images (resaves) created by Flickr. The "original" is whatever the user sent to Flickr, so the original will be the best quality. Similarly, pictures on news sites are usually resaved. If they have a tagline like "Source: AP Images", then go to the source and use that picture instead. News sites typically recolor, resize, and crop images before saving them at a very low quality. Go for the original source (or get as close as you can to the original source) to improve the image's quality and the results.
If you do not know where to start, then try TinEye. Many pictures on the web are resaved as they pass from user to user. TinEye does not know every picture, but it knows many pictures. If the picture is being passed around, then TinEye can help find the source (or at least a better copy of the image). In general, the biggest image is usually the best quality. (But some sites do scale images larger...)
OMG, this picture is totally fake, who do I tell?
First remember: any single analysis algorithm can generate false positive results. You should confirm your results with other analysis methods. ("Observation" is always a good one, so is "common sense".)
Second, identify how the picture was modified. For example, scaling a picture smaller for the web will remove high frequencies and modifies every pixel. Are you seeing artifacts of how the picture was processed, or are you seeing intentional deception?
Finally, who you tell is up to you. If it is from the mass media, then find out where they got it -- usually they purchase pictures from GettyImages, Reuters, AFP, AP Images, or other professional organizations. Contact the right people. Be polite, and tell them what you found. (Do not demand that they fire the photographer; if you are right, that will happen automatically.)
One warning: there is a difference between accusing someone of photo manipulation and libel/slander. (Consider using alternate wording like "it is my belief that" and "based on the following tests it appears that".)

Frequently Asked Questions

About the site

About file submissions

About copyright

About Analysis