Lens Distortion, CFA Pattern and Demosaicing Fingerprints

A digital image sensor is a grid of photosites, each sensitive to light intensity but not to colour. To produce a colour image, most cameras place a colour filter array directly over the sensor surface. In the standard Bayer mosaic, 50% of the photosites are filtered green, 25% red, and 25% blue, arranged in a repeating RGGB 2x2 tile. This means the raw sensor output is a single-channel grid where each position carries only one of three colour values. The missing channels must be estimated at every pixel through demosaicing.

Demosaicing interpolates the missing channels using the known values in the neighbourhood of each pixel. Even the simplest bilinear method creates a systematic local correlation: the estimated green value at a red pixel is a linear combination of its four green neighbours, and this combination repeats every two pixels in both horizontal and vertical directions. The result is a periodic signal embedded in the image at the spatial frequency of the CFA tile. In a Bayer image this produces peaks in the 2D discrete Fourier transform at coordinates corresponding to a half-period in both dimensions. More sophisticated demosaicing algorithms (AHD, LMMSE) produce more complex peak structures but still produce detectable periodic artifacts.

The forensic consequence is that any image produced by a camera with a known CFA pattern can be tested for the presence of the expected spectral peaks. Digimarc, Adobe, and several academic groups have published detectors based on this principle. The detector extracts a small patch of the image, computes the 2D DFT of one or more colour difference channels, and looks for energy concentration at the predicted CFA frequencies. A strong peak at the expected location is consistent with the claimed camera type; absence of the peak, or peaks at wrong frequencies, is inconsistent.

Not all cameras use the Bayer RGGB layout. Understanding the variants is necessary both for correct fingerprint prediction and for detecting images where a claimed camera model is inconsistent with the observed CFA signature.

The Foveon sensor is the forensically significant exception: it uses stacked silicon layers to capture all three colour channels at every photosite, so no CFA interpolation is performed and no periodic CFA fingerprint exists. Images from Foveon cameras will fail a CFA-presence test even though they are authentic. Examiners must check the claimed camera model before interpreting a negative CFA result.

Demosaicing algorithm choice matters independently of CFA layout. Two cameras with identical Bayer sensors but different firmware demosaicing implementations will produce slightly different peak structures. Research by Bayram et al. (2005) and later work by Swaminathan and Wu demonstrated that the demosaicing algorithm can be identified from the correlation structure of the colour channels. This means that in some cases, analysis can narrow the source not just to a sensor family but to a camera model or firmware version.

Lens distortion is a geometric aberration: the actual position of a projected point in the image differs from its ideal position predicted by the pinhole camera model. The dominant component is radial distortion, which is described by a polynomial in the radial distance from the principal point. The Brown-Conrady model expresses this as r_distorted = r_undistorted * (1 + k1*r^2 + k2*r^4 + k3*r^6), where k1, k2, k3 are the radial distortion coefficients and r is the distance from the optical axis in normalised image coordinates.

A negative k1 produces barrel distortion, the outward bowing of straight lines visible in wide-angle lenses and virtually all smartphone cameras. A positive k1 produces pincushion distortion. The specific values of k1 and k2 are determined by the physical lens design and are consistent across all units of the same lens model. Published databases such as the Hugin lens database and commercial profiling tools contain distortion coefficients for thousands of camera-lens combinations, enabling an examiner to compare measured coefficients against reference values.

Forensic application proceeds in three steps. First, the examiner extracts the distortion profile from the questioned image or video by fitting the Brown-Conrady model to straight-line features in the scene (road markings, building edges, door frames) or by using calibration targets if the device is available. Second, the extracted coefficients are compared against a reference set for the claimed camera model. Third, if the footage is alleged to show a single continuous recording from one device, the distortion profile is tested for consistency across the full footage. A temporal change in distortion coefficients within a single claimed recording is evidence of compositing or splicing.

The most forensically powerful application of CFA and distortion analysis is the detection of spliced or composited imagery. When a forger inserts a region from a second source into a base image, the inserted region carries the CFA fingerprint and distortion profile of its original camera, not the base image camera. Both signatures are typically inconsistent across the splice boundary.

CFA consistency testing divides the image into non-overlapping blocks and extracts the CFA spectrum from each block independently. Blocks from the authentic region will show the expected spectral peaks for the base camera. Blocks from the inserted region will either show peaks at different frequencies (different CFA layout), show peaks at the same frequencies but with different phase (rotated Bayer pattern), or show no peaks at all (heavily processed or AI-generated insert). The spatial pattern of anomalous blocks reveals the shape and location of the inserted region.

Distortion consistency testing works at the full-image level. For a genuine single-camera image, straight lines in the real world should map to curved lines with a consistent distortion profile everywhere in the frame. If an inserted region was photographed from a different distance or with a different focal length, fitting a single distortion model to the whole image will fail: the residuals will be large in the inserted region and small in the authentic region. The map of fitting residuals acts as a forgery heatmap.

These two tests are complementary and partially redundant. CFA consistency is more sensitive to inserts from different camera models; distortion consistency is more sensitive to inserts from different recording distances or focal lengths, even if the camera model is the same. Using both together reduces the false-negative rate. The combination is described in a widely cited study by Popescu and Farid (2005) and has been refined in subsequent work using convolutional neural networks to map CFA anomaly regions.

Generative AI models (diffusion models, GANs, transformer-based image generators) synthesise pixel values directly from a learned distribution. They do not pass image data through a physical CFA or demosaicing pipeline, so the periodic spectral fingerprint associated with camera capture is absent. This absence is detectable.

The test is straightforward: compute the 2D DFT of the input image (or of a colour difference channel to reduce natural scene structure interference), apply a high-pass filter to suppress low-frequency scene content, and look for energy concentration at the spatial frequencies corresponding to the claimed camera's CFA tile period. A genuine camera image shows clear peaks; an AI-generated image shows no peaks or random noise. The test was formalised by Goljan et al. and has been validated across multiple generative model families.

The limitation is that some recent generative models deliberately add simulated camera noise, including simulated demosaicing artifacts, to their outputs to defeat this class of detector. Research published between 2022 and 2024 documents an ongoing adversarial cycle: detection methods are published, generator developers incorporate countermeasures, and more sophisticated detectors are developed in response. Examiners should not rely on a CFA absence test alone as proof of AI generation; it is one indicator that should be combined with PRNU absence analysis, metadata examination, and inspection of high-frequency noise statistics.

CFA and distortion analysis produces quantitative outputs: spectral peak magnitudes, distortion coefficients, residual fitting errors. These numbers can be expressed as likelihood ratios or as consistency statements, which is the form preferred by most forensic evidence frameworks. Under the US Federal Rules of Evidence Rule 702, expert testimony on image authentication is admissible provided it rests on sufficient facts, uses reliable methods, and applies those methods reliably to the facts. UK courts apply a similar reliability test under Criminal Practice Direction 19A. The EU's AI Act (in force from 2024-2026) imposes specific documentation requirements on AI-generated content, creating a parallel legal interest in provenance analysis.

India's Bharatiya Sakshya Adhiniyam 2023 (BSA 2023), which replaced the Indian Evidence Act 1872, addresses electronic records in sections 61 to 65. Section 63 requires a certificate from a responsible official to accompany electronic evidence, and courts have increasingly required technical authentication of digital video before admission. The companion statute, the Bharatiya Nagarik Suraksha Sanhita 2023 (BNSS 2023), which replaced the CrPC, preserves the investigative framework within which digital evidence is collected. Forensic examiners in Indian cases should document the chain of custody for digital files and record their analysis methodology in a form that satisfies both the BSA certificate requirement and cross-examination on technical grounds.

Regardless of jurisdiction, the examination report should state: the tools and software used with version numbers, the image or video file hash values before and after analysis, the specific parameters extracted (CFA peak frequencies and magnitudes, distortion coefficients k1, k2, k3), the reference database or calibration data used for comparison, the statistical threshold or decision criterion applied, and the conclusion expressed in terms the trier of fact can evaluate. The report should also state what the analysis cannot conclude. If JPEG compression is severe enough to suppress the CFA fingerprint, the report must say so rather than treating a null result as evidence of tampering.