Digital Image Fundamentals: Pixels, Sensors, and Formats

A digital camera sensor is a rectangular grid of photosites, each a small photodiode that accumulates charge in proportion to the light it receives during an exposure. When the shutter closes, the camera reads out those charge values and converts them to digital integers. The resulting grid, one integer per photosite, is the rawest form of the image data.

Sensors are inherently monochrome. To record colour, most consumer and professional cameras place a Bayer Colour Filter Array (CFA) over the sensor. The most common pattern is a 2×2 tile with one red, one blue, and two green filters. Green is doubled because the human visual system is most sensitive to green wavelengths, and the extra green sample reduces noise in the luminance channel.

The Bayer CFA means each photosite records only one of the three colour channels. Demosaicing is the step that estimates the missing two channels at every site using neighbouring values. The quality and specific algorithm of demosaicing varies between camera manufacturers. Canon, Nikon, and Sony each ship different interpolation kernels, and those kernels leave characteristic spatial correlations in the pixel array that have been used since the mid-2000s as camera-identification signals.

Not every image file carries the same forensic richness. The format a camera writes, or that a user later converts to, determines how much of the original sensor signal is available to an examiner. Each format makes a different set of trade-offs between file size, image quality, and information preservation.

JPEG is the dominant format in investigations because it is the default for most phone cameras and social media platforms. Each time a JPEG is opened and saved at a given quality level, the DCT quantisation step reintroduces quantisation error on top of whatever was already there. This double-compression signature is one of the oldest and most reliable signals in JPEG forensics.

PNG is the standard for screenshots, graphics, and images that have been edited and explicitly saved without lossy compression. Because PNG is lossless, the pixel values are exact. This means noise analysis and clone-detection methods retain their full power. The absence of JPEG block artefacts in a PNG claimed to be a camera-original should itself prompt scrutiny: most cameras do not output PNG natively.

Bit depth sets how many discrete tonal steps each colour channel can represent. An 8-bit channel has 256 steps; a 12-bit RAW channel has 4,096; a 16-bit channel has 65,536. This matters forensically because editing operations that spread or compress the tonal range leave characteristic gaps or spikes in the histogram.

Colour spaces define how numerical RGB triples map to actual colours. sRGB, the default for the web and most consumer cameras, covers roughly 35% of all visible colours. Adobe RGB covers a wider gamut and is common in professional photography. ProPhoto RGB covers nearly all of the Pointer gamut. Converting between these spaces is not lossless: out-of-gamut values are clipped, and in-gamut values are numerically remapped, altering the statistical fingerprints that camera-identification methods rely on.

Gamma encoding is a non-linear mapping applied before storage. Human vision is more sensitive to differences in dark tones than in bright ones, so images are stored with a curve (gamma ≈ 2.2 for sRGB) that allocates more code values to shadows and fewer to highlights. An analyst working with raw sensor output must account for this encoding or noise estimates will be skewed toward bright pixels.

A sensor that perfectly measured every photon it received would produce identical output from identical scenes. Real sensors do not. Several independent noise processes add uncertainty to each photosite reading, and understanding them is the basis for both noise-consistency analysis and camera fingerprinting.

• Photon shot noise: random arrival of photons follows Poisson statistics. Variance equals the mean signal level, so bright regions are noisier in absolute terms but less noisy relative to their brightness.
• Read noise: electronic noise introduced during charge readout and analogue-to-digital conversion. Roughly Gaussian and signal-independent. Dominant in dark regions and long-exposure images.
• Dark current noise: charge that accumulates even without light, driven by thermal electrons. Grows with exposure time and sensor temperature. Subtracted by dark-frame calibration in astrophotography, but rarely corrected in forensic materials.
• Fixed-pattern noise (FPN) / PRNU: deterministic per-photosite offsets caused by manufacturing variation. Photo response non-uniformity is the multiplicative component of FPN. It is stable, unique to each sensor, and the basis for camera identification.

Camera identification via PRNU, developed by Jan Lukáš, Jessica Fridrich, and Miroslav Goljan at Binghamton University in 2006, works by extracting the high-frequency noise residual from an image after suppressing the scene content with a denoising filter. Averaging this residual across many images amplifies the stable PRNU component and cancels random noise. The resulting fingerprint can be correlated against the residual from a questioned image. The method has been validated in court proceedings in multiple jurisdictions and is now routinely applied to images from phone cameras recovered in criminal investigations.

Resolution has two distinct meanings that are often conflated. Pixel dimensions (e.g., 4000×3000 pixels) describe the actual data in the file. PPI (pixels per inch) is a metadata tag that tells printing software at what density to render those pixels on paper. PPI has no effect on the pixel data: the same 4000×3000 file looks identical on screen whether its embedded PPI is 72 or 300. Only the printed output size changes.

This matters for document fraud. A forger who scales a small image up to produce a larger one introduces resampling artefacts: the interpolation algorithm creates smooth gradients where the original had sharp transitions, and periodic patterns appear in the Fourier spectrum of the image. A document examiner comparing pixel-level sharpness across different regions of a scanned form can use these artefacts to detect that one region was captured at a different resolution and then resampled to match.

The imaging pipeline is a chain of decisions: sensor design, Bayer pattern, demosaicing algorithm, in-camera processing, colour-space assignment, format, and compression. Each link in that chain writes something into the file. Forgeries that alter the pixel content break one or more of those consistent writes. The analyst's job is to know what each link normally writes and to recognise the breakage.

• CFA / demosaicing pattern: local disruption of the demosaicing correlation indicates pixel-level manipulation. Detected by measuring the periodicity of colour-channel correlations on a 2×2 grid.
• PRNU / sensor fingerprint: local absence of the camera's fixed-pattern noise indicates a region that did not originate on that sensor. Works even after mild JPEG compression.
• JPEG block artefacts and double-compression: a single-compression image has a clean DCT coefficient histogram. Re-encoding introduces a secondary quantisation pattern detectable in the frequency domain.
• Noise inconsistency: genuine images have a noise level that follows a predictable function of brightness (Poisson + Gaussian). Regions with anomalously low or high noise relative to that function are candidates for spliced or generated content.
• Resampling and interpolation artefacts: scaling or rotating a region introduces periodic correlations in the pixel grid that do not appear in unmodified images from that sensor.