PDF Metadata Forensics and Document Image Authentication

A PDF file consists of a sequence of objects (integers, strings, arrays, dictionaries, streams, and references between them) followed by a cross-reference table (xref table) that maps each object's number to its byte offset in the file, and a trailer dictionary that points to the document catalogue and the previous xref section if one exists.

The document catalogue is the root dictionary of the PDF's logical structure. It links to the page tree, the named destinations, the outlines (bookmarks), the interactive form dictionary, and the document information dictionary. The information dictionary is where the metadata most relevant to provenance lives: the Creator field (the application that originally authored the document, often a word processor or design tool), the Producer field (the application that converted the content to PDF format, often a PDF printer driver or export library), the CreationDate field, and the ModDate (last modification date). These fields are plain text strings; they can be set to any value by the creating application and can be edited by a hex editor or a library such as Python's pypdf. They are therefore unreliable as a sole provenance indicator. The forensic examiner's task is to cross-check these fields against everything else in the file.

The cross-reference table records every object. In an original PDF, there is a single xref section. Whenever a PDF is edited and resaved incrementally, a new xref section is appended to the file without overwriting the original objects. This is the PDF incremental update mechanism, and it is the most important structural feature for forensic analysis. A document that shows two or more xref sections has been edited after the original save. The examiner can read each incremental update in isolation to reconstruct exactly which objects were changed or added at each stage, and tools such as QPDF (open source), pdf-parser.py (Didier Stevens, freely available), and PDF Examiner (Malware Tracker) expose this structure directly.

XMP metadata (Extensible Metadata Platform, ISO 16684) is a second metadata stream embedded in most modern PDFs as a binary stream on the document catalogue. XMP duplicates the information dictionary fields (Creator, Producer, dates) in XML format. Discrepancies between the information dictionary values and the XMP stream values indicate post-creation metadata editing: a forger who edits the information dictionary via a simple library may not know to update the XMP stream simultaneously, or vice versa. Comparing both is a standard first step in PDF provenance analysis.

Font embedding records tell the examiner which fonts were used to render each text object. A document claimed to have been created by one word processor may carry embedded font descriptors that are inconsistent with that application's font stack for the claimed platform and version. A sworn affidavit claimed to have been typed in Microsoft Word 2003 on Windows XP that embeds a Core Text macOS TrueType descriptor is internally inconsistent.

PDF digital signatures are governed by the PDF specification (ISO 32000-2) and implemented by most PDF creation tools via PKCS#7 / CMS (Cryptographic Message Syntax) containers. When a PDF is digitally signed, the signing application computes a cryptographic hash (SHA-256 or SHA-512 in modern implementations) over a defined byte range of the file, then wraps that hash in a signed PKCS#7 structure that includes the signer's X.509 certificate and the timestamp from a trusted Timestamp Authority (TSA). The signature dictionary is embedded back into the PDF, and the byte range that was hashed is recorded in the signature dictionary as the ByteRange entry.

The ByteRange entry specifies which portions of the file the signature covers, expressed as four integers: offset and length for the first covered region, and offset and length for the second covered region. The gap between the two regions is the signature container itself, which cannot hash itself. This architecture is important forensically: any bytes appended to the file after the original signing are outside the ByteRange and are therefore not covered by the signature. A valid signature in a document that has received incremental updates after signing does not cover those updates. Adobe Acrobat Reader visually flags this: it distinguishes between "signature is valid and covers the entire document" and "signature is valid but does not cover all content; modifications may have been made."

The examiner's workflow on a signed PDF proceeds in three steps: verify the mathematical validity of the signature (the hash matches); verify the certificate chain (the signer's certificate was issued by a trusted CA, is within its validity period, and was not revoked at the time of signing per OCSP or CRL); and verify coverage (the ByteRange covers all bytes except the signature container). In the UK, the Forensic Science Regulator's Legal Guidance for Digital Evidence (2020 edition) addresses signature verification as a component of electronic document examination. In India, the IT Act 2000 section 3 (as amended) and the Controller of Certifying Authorities (CCA) framework establish the legal validity of digital signatures, and the CCA's technical guidelines specify SHA-256 minimum hash lengths for signatures after April 2018. EU courts adjudicating under eIDAS Regulation 910/2014 recognise a qualified electronic signature as having the legal effect of a handwritten signature, and the TSA timestamp is treated as evidence of the signing time under ETSI EN 319 422.

JPEG compression is lossy: each time a JPEG is saved, the image is divided into 8x8 pixel blocks and a discrete cosine transform (DCT) is applied to each block, followed by quantisation (dividing the DCT coefficients by a quantisation matrix and rounding to integers). The quantisation step discards information, and the degree of information loss depends on the quality factor (1 to 100 in most implementations, where 100 is near-lossless and 1 is maximally lossy). When a JPEG is resaved, the existing quantised DCT coefficients are dequantised, an inverse DCT is applied to reconstruct pixel values (now with quantisation error), and the DCT-quantise cycle is applied again. The resulting image accumulates quantisation error across each save.

Error Level Analysis (ELA) exploits this accumulation. The technique was published by Neal Krawetz in 2007 and operates as follows: take the image under examination, resave it at a known quality level (typically 95 per cent), and compute the per-pixel difference between the original and the resaved version. This difference image is the error level image. In an unmodified JPEG that has been compressed only once at approximately the claimed quality level, the error pattern will be relatively uniform across the image. Regions that have been pasted in from a different image, or that have been edited and locally resaved, will show a different error level than the surrounding area, because they carry a different compression history.

Interpreting ELA output requires care. Several conditions produce localised variation in a genuinely unmodified image: regions of uniform colour (large flat skies, blank white sections of a form) converge to near-zero error quickly because there is little high-frequency DCT information to preserve, while regions of fine texture (hair, fabric, printed text) retain higher error levels through multiple saves. An ELA result therefore requires interpretation in the context of the image content, and an examiner who reports a bright ELA region as "evidence of manipulation" without accounting for texture content is applying the technique incorrectly. Published guidance from the ENFSI Digital Imaging Working Group and the SWGMAT (US) Digital Imaging Technical Working Group both note that ELA is a screening tool, not a definitive indicator of manipulation.

Copy-move forgery occurs when a region of an image is copied and pasted onto another region within the same image to conceal something: a date stamp obscured by cloning a portion of the background, a signature field covered by a region from the page margins, a person removed from a photograph and replaced with duplicated background pixels. Copy-move detection algorithms search for block-level or keypoint-level similarities within the image.

Block-based methods divide the image into overlapping tiles (typically 16x16 or 32x32 pixels), compute a feature vector for each tile (DCT coefficients, PCA-reduced pixel values, or robust hash), and search for near-duplicate tile pairs. Because the copied region shares the same pixel statistics as its source, duplicate tile pairs stand out against the rest of the image. Keypoint-based methods (SIFT, SURF, ORB) extract local feature descriptors at interest points across the image and match descriptor pairs; post-filtering by geometric consistency (RANSAC) distinguishes true copy-move matches from false positives. Tools implementing these methods include PhotoForensics.com (browser-based, Krawetz), FotoForensics, and academic implementations in Matlab and Python used in research labs at UNISA (Italy), Stony Brook University (US), and the DFR Lab (Digital Forensic Research Laboratory, Atlantic Council, international).

JPEG ghost analysis (Farid and Bravo, 2012) detects double-compressed regions. When a JPEG patch from a source image is pasted into a target JPEG and the composite is saved, the pasted region has been compressed at two different quality levels: the source JPEG's compression level and the final save's compression level. Resaving the composite at a range of quality values and computing the pixel-level difference between each resaved version and the composite produces a ghost signal at the quality level matching the source image's original compression. The ghost appears as a region of anomalously low difference (the patch is "at home" at the source quality) against a background of higher difference (the rest of the image, compressed at a different original quality level). This technique is independent of ELA and provides a second channel of forensic signal that corroborates or contradicts the ELA finding.

Lighting and shadow consistency analysis applies geometric photogrammetry rather than compression statistics. If a spliced element was photographed under a different light source geometry than the background scene, the direction and softness of cast shadows will be inconsistent. A 3D reconstruction of the light source position from the shadows cast by objects in the background can be compared with the light source implied by the shadows or specular highlights on the spliced element. Farid's group at Dartmouth (US) and the Intelligent Systems Group at the University of Amsterdam (Netherlands) have published extensively on shadow-geometry and specular-geometry inconsistency as manipulation indicators.

EXIF (Exchangeable Image File Format, JEIDA/JEITA, now formalised in the CIPA DC-008 standard) is the metadata standard embedded by cameras and scanners in JPEG and TIFF files. An unmodified camera original carries a rich metadata block: camera make and model, firmware version, lens focal length, aperture, shutter speed, ISO sensitivity, white balance setting, flash status, creation timestamp (from the camera's internal clock), GPS coordinates if the device has a location sensor, and the software that last processed the image (relevant when the image passed through a RAW-to-JPEG conversion pipeline).

EXIF metadata is not cryptographically protected in the base EXIF specification. It can be edited by any hex editor, by ExifTool (Phil Harvey, widely used by both legitimate photographers and document fraudsters), or by any image editing application that writes its own metadata on save. The forensic value of EXIF metadata lies not in its tamper-resistance but in the consistency of multiple fields with each other and with the image content: a claimed outdoor photograph at noon in July in London showing EXIF data indicating the camera's built-in flash fired and an ISO of 3200 is self-inconsistent. A document claimed to have been scanned on a Canon MF644Cdw in 2018 carrying an EXIF SoftwareVersion string that first appeared in 2021 is internally anachronistic.

Several cross-checks are standard practice in EXIF reconciliation. First, camera clock drift: every digital camera's clock runs slightly fast or slow, and some cameras ship with the clock unset (defaulting to 2000-01-01 or similar). A sequence of photographs that claim to document a scene in chronological order should show monotonically increasing timestamps with intervals consistent with what the claimed sequence required. Gaps or reversals in the sequence are forensically significant. Second, GPS-timestamp reconciliation: the GPS EXIF block includes both a GPS timestamp (UTC, from the GPS satellite signal) and a local time (from the camera clock). If these two timestamps are inconsistent by more than the expected clock drift, the GPS metadata or the local timestamp has been altered. Third, the thumbnail-main image consistency check: EXIF thumbnails are generated by the camera at capture and embedded in the EXIF block. If the main image has been cropped, rotated, or edited, the thumbnail may retain the original uncropped framing, providing an independent reference image of what the camera originally captured.

In Indian forensic casework, EXIF analysis is conducted under the CFSL (Central Forensic Science Laboratory) technical guidelines for digital image examination, which reference the SWGMAT guidelines as the international standard. In the UK, the Digital Imaging and CCTV Analysis Faculty of the Forensic Science Regulator has published technical guidance on image metadata analysis as part of its Digital Forensics suite. US federal examiners follow SWGMAT (Scientific Working Group for Materials Analysis) and NIST guidelines, with case-specific methodology challenged under Daubert and assessed against the four Daubert criteria (testing, error rate, peer review, general acceptance).

Error level analysis was designed in an era when forgers used JPEG-based copy-paste in applications such as Adobe Photoshop 7 or GIMP 2.x. Modern content-aware fill in Adobe Photoshop (Neural Filters, Content-Aware Scale, Generative Fill from the 2023 Adobe Firefly integration) and equivalent tools in DxO PhotoLab, Lightroom, and DALL-E-integrated pipelines do not necessarily leave the block-boundary artefacts that ELA detects. Content-aware fill synthesises new pixel values rather than copying an existing region, so there is no copied region with a different compression history to detect.

Copy-move detection assumes the manipulated region was taken directly from elsewhere in the image (or from a source JPEG) without scaling or rotation. Modern compositing workflows frequently use perspective correction, warping, and colour grading that break the block-level similarity assumptions underlying naive copy-move algorithms. Keypoint-based methods handle moderate rotation and scaling but fail under large affine transforms or when the forger applies deliberate noise to break feature matching.

AI-generated textures (Stable Diffusion inpainting, DALL-E inpainting, Midjourney Outpainting) synthesise photorealistic pixel values from a text prompt or a mask, producing regions with no prior JPEG compression history and no copied source. ELA typically shows these regions as having low error levels (consistent with a single high-quality save), not elevated error levels, which is the opposite of what a naive interpretation would flag as suspicious. Examiners must understand that low ELA error in a specific region could indicate a synthesised (AI-generated) patch rather than a pristine original.

The response from the forensic science community has been to move toward ensemble methods: combining ELA, copy-move detection, JPEG ghost, PRNU camera fingerprint analysis, and neural network-based detection (trained on large compositing datasets) into a joint decision framework rather than relying on any single technique. Research groups at the University of Erlangen-Nuremberg (Germany), UC Berkeley (US), and the Alan Turing Institute (UK) are active in this space, and several publications from 2022 to 2025 report detection accuracy above 90 per cent on held-out composite datasets for ensemble methods, though accuracy degrades significantly against adversarially constructed forgeries designed to defeat specific detectors.

1. Structural analysis of the PDF
   Extract the PDF object model using pdf-parser.py or QPDF. Count xref sections. Compare information dictionary fields against the XMP stream. Document any incremental updates and their byte ranges.
2. Signature verification
   Identify all signature dictionaries. Verify the mathematical validity of each hash. Verify the certificate chain and revocation status at the signing date. Check whether the ByteRange covers the entire document or only a subset.
3. Image extraction
   Extract all embedded JPEG and PNG images from the PDF using pdfimages or a forensic extraction tool. Preserve the original compressed bitstream; do not allow the extraction tool to decompress and recompress.
4. EXIF metadata reconciliation
   Read EXIF metadata using ExifTool in verbose mode. Cross-check Creator, Producer, timestamp, GPS coordinates, and software version against each other and against the claimed provenance.
5. ELA and compression analysis
   Run ELA on each extracted image at quality 95. Interpret anomalous regions in the context of image content (texture vs flat regions). Apply JPEG ghost analysis at quality steps 60-95 to detect double-compressed patches.
6. Copy-move detection
   Run block-based and keypoint-based copy-move detection on each image. Apply RANSAC post-filtering to geometric consistency. Flag duplicate-region pairs for spatial analysis.
7. Report and limitation declaration
   Document each technique applied, the result obtained, and the specific limitations of each technique for the image type under examination. Do not report ELA or copy-move results as definitive without corroborating evidence from a second channel.