Forensic source identification using JPEG image headers: The case of smartphones

Abstract A common problem in forensic investigations is the identification of the source of multimedia data, i.e., determining the model, make or individual device that recorded media content. In contrast to methods based on sensor noise, source linkage based on header information of media items allows for easy automation. Such header information involves metadata like EXIF tags and the parameterization of the JPEG algorithm. While traditional digital cameras typically had a fixed software stack that makes it straightforward to fingerprint a device, modern mobile devices vary considerably in their software stack over time. We perform a large-scale study of JPEG header information from Apple smartphones to investigate the effect of this development on the possibility to perform source identification. Our analysis shows that identification of the concrete hardware is much harder for smartphones than it is for traditional cameras. However, identification of software stack, particularly the operating system version and selected apps, is well feasible.