Skip to content
forked from ebemunk/phoenix

phoenix is a small command line image forensics tool

Notifications You must be signed in to change notification settings

nsidere/phoenix

 
 

Repository files navigation

phoenix - Image Forensics

phoenix is a small image forensics tool that can run some common analyses on images. It was inspired by the image analyses at the Hackerfactor Blog, and implements some of the algorithms used there. It is named phoenix because it has resurrected many times before taking its current form in C++.

Features:

  • Error Level Analysis
  • Luminance Gradient
  • Average Distance
  • HSV and Lab colorspace histograms
  • JPEG resave quality estimate (ImageMagick-style and Hackerfactor jpegquality estimates)
  • Extract JPEG Quantization Tables
  • Copy-Move (Clone Stamp) Detection

Usage

  • -h | -help display help text.
  • -f | -file <path> Required, the path to the source image.
  • -o | -output [path=./] Save results in files (as PNG)
  • -d | -display Display results
  • -ela [quality=70] Error Level Analysis
  • -lg Luminance Gradient
  • -avgdist Average Distance
  • -hsv [whitebg=0] HSV Colorspace Histogram
  • -lab [whitebg=0] Lab Colorspace Histogram
  • -labfast [whitebg=0] Lab Colorspace Histogram, faster but less accurate version (256x256 instead of 1024x1024 output)
  • -copymove [retain=4] [qcoeff=1.0] Copy-Move Detection
  • -a | -autolevels Flag to enable histogram equalization (auto-levels) on output images

Compiling

phoenix depends on OpenCV (2.4.9) and Boost (1.55.0) Libraries. Exact versions are probably not required. Try make to compile. The defaults should work if you didn't do anything fancy while compiling OpenCV or Boost, i.e. change default install path. You can use the shell scripts in install_scripts to compile Boost, OpenCV and then phoenix. The scripts are intended for provisioning Vagrant machines, but you can also use it to automatically compile phoenix. Don't clone the repository if you will use the scripts, it will do it for you.

Outputs

Here are some examples of phoenix output with the image used in the legendary Body By Victoria analysis by Neal Krawetz.

ELA (Error Level Analysis)

./phoenix -f bbv.jpg -o -d -ela

Error Level Analysis

LG (Luminance Gradient)

./phoenix -f bbv.jpg -o -d -lg

Luminance Gradient

AVGDIST (Average-Distance of Neighbor Pixels)

./phoenix -f bbv.jpg -o -d -avgdist

Average Distance

Copy-Move Detection

./phoenix -f bbv.jpg -o -d -copymove 4 5

Copy-Move Detection

HSV Colorspace Histogram

./phoenix -f bbv.jpg -o -d -hsv

HSV Histogram

Lab Colorspace Histogram

./phoenix -f bbv.jpg -o -d -labfast

Lab Histogram

Resources

Some resources I used while developing many of the algorithms here.

About

phoenix is a small command line image forensics tool

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C++ 87.6%
  • Shell 8.1%
  • Makefile 4.3%