Sometimes forensic investigators need to process digital images as evidence. There are some tools around, otherwise, it is difficult to deal with forensic analysis with a lot of images involved. Images contain tons of information, Ghiro extracts this information from provided images and display them in a nicely formatted report. Dealing with tons of images is pretty easy, Ghiro is designed to scale to support gigs of images. All tasks are totally automated, you have just to upload your images and let Ghiro does the work. Understandable reports and great search capabilities allow you to find a needle in a haystack. Ghiro is a multi-user environment, different permissions can be assigned to each user. Cases allow you to group image analysis by topic, you can choose which user allow seeing your case with a permission schema.
Feature
METADATA EXTRACTION
Metadata are divided in several categories depending on the standard they come from. Image metadata are extracted and categorized. For example: EXIF, IPTC, XMP.
GPS LOCALIZATION
Embedded in the image metadata sometimes there is a geotag, a bit of GPS data providing the longitude and latitude of where the photo was taken, it is read and the position is displayed on a map.
MIME INFORMATION
The image MIME type is detected to know the image type you are dealing with, in both contacted (example: image/jpeg) and extended form.
ERROR LEVEL ANALYSIS
Error Level Analysis (ELA) identifies areas within an image that are at different compression levels. The entire picture should be at roughly the same level, if a difference is detected, then it likely indicates a digital modification.
THUMBNAIL EXTRACTION
The thumbnails and data related to them are extracted from image metadata and stored for review.
THUMBNAIL CONSISTENCY
Sometimes when a photo is edited, the original image is edited but the thumbnail not. Difference between the thumbnails and the images are detected.
SIGNATURE ENGINE
Over 120 signatures provide evidence about most critical data to highlight focal points and common exposures.
HASH MATCHING
Suppose you are searching for an image and you have only the hash. You can provide a list of hashes and all images matching are reported.
Download
git clone https://github.com/Ghirensics/ghiro.git
© Copyright 2013-2015, Ghiro developers. Revision
