How to detect if a photo's metadata has been changed?

  • There was a photography contest and it was limited to only three days of shooting - but the winning photo seemed a little out of season.

    So I suspect that the winner changed the metadata on the photo. Is there any way to detect if any changes have been made to metadata? Or any way to roll back to the original data?

    take a look at this site to see how easy it is to change the exif date: http://askubuntu.com/questions/101688/how-to-get-edit-exif-meta-data-of-multiple-images

    Even if there was some way to help I doubt it would apply to JPEGs, and every raw format (Canon/Nikon etc.) in the world.

    @kursat I'm not sure what you're hoping to get from the bounty here - you've got the answer, which is a pretty clear "no". A Stack Exchange bounty won't change that.

    can you supply the image here? the original, that he submitted to the contest...

    Keep in mind that "out of season" could be achieved by being in a different location. It is summer in Argentina while it's winter in the US, for example. Elevation and percipitation changes can allow access to different climates for relatively small travel distances.

    Ultimately someone doesn't need to change their EXIF data to do this. They can just change the date in their camera, take a picture, and change the date back.

    @dcaswell But in this case they would have needed to know the allowable window in advance to change the date on the camera to the future date needed to qualify for the contest (assuming the three day window was immediately before the contest submission closed, as is often the case with those types of contests).

  • It is sadly impossible to to prove when an image (or any file for that matter) originated. It is possible (if the author wants to) to prove that a file existed prior to a given time by signing the file from a third party time stamping server (through which the third party proves that the file existed at the time of the signing) but such information is not automatically possible and can easily be stripped.

    I am also an IT Security guy and there is no possible secure way to prove the creation date of any file if the user controls the system creating the file with current technology that I am aware of. The best bet would be a device with a locked clock that would have a hidden key store that the user shouldn't have access to and create a signature based on this so that they couldn't fake their own signature, but since the key must still reside in the device, it is still feasibly possible for someone to break as all the necessary information is in their possession, even if it is hard to get to.

    As far as detecting an amateur job, there is generally a file creation date in meta data of the file system itself that could be examined and compared to the EXIF metadata, but if they are good at it, they will have altered both and there is some possibility of the file system values getting lost depending on how the file is transferred, so it may not even be reliable.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used