Version: Image Forensics v3.0.0 | Video Forensics v2.5.0
This guide helps you understand the analysis reports from ImageForensicsAnalyzer and VideoForensicsAnalyzer. Each section explains what the signatures mean and how to interpret the results.
The forensics analyzers examine files at the binary level to detect signs of AI generation, manipulation, or editing. They look for:
A forensics report provides:
No forensic tool is 100% accurate. Consider these factors:
Every detected signature includes a confidence rating:
| Level | Meaning | What to Do |
|---|---|---|
| Very High | Near-certain identification. The signature is unique to a specific AI tool or manipulation software. | This is strong evidence. The file very likely came from the identified source. |
| High | Strong indicator. The signature is rarely found in authentic camera/recording content. | Take seriously. Look for corroborating factors in the report. |
| Medium | Possible indicator. The signature may appear in both AI and legitimate content. | Consider alongside other evidence. Don't rely on this alone. |
| Low | Weak indicator. Common in many types of files. | Informational only. Not reliable for determining AI generation. |
The analyzers calculate an overall risk score based on multiple factors.
| Level | Score Range | Interpretation |
|---|---|---|
| High | 50-100 | Strong evidence of AI generation or significant manipulation. Multiple high-confidence indicators present. |
| Medium | 30-49 | Moderate evidence. May include AI tool signatures or suspicious encoding patterns. Warrants further investigation. |
| Low-Medium | 15-29 | Some indicators present, but not conclusive. Could be legitimate editing software or partial AI assistance. |
| Low | 0-14 | Minimal indicators. Appears to be authentic or processed with standard tools. |
Each factor in the report is weighted by its significance:
These signatures are strong evidence of AI image generation. They rarely appear in photos from cameras or standard editing software.
| Signature | Description | What It Means |
|---|---|---|
| Midjourney | Text-to-image AI service | Image was created or processed by Midjourney's AI |
| Stable Diffusion | Open-source AI image generator | Image was generated using Stable Diffusion models |
| DALL-E | OpenAI's image generation AI | Image was created by OpenAI's DALL-E system |
| NovelAI | AI art generation service | Image originated from NovelAI's generators |
| Automatic1111 | Popular Stable Diffusion interface | Generated using the Automatic1111 web UI |
| ComfyUI | Node-based AI generation interface | Created using ComfyUI workflow system |
| InvokeAI | Stable Diffusion distribution | Generated using InvokeAI software |
| DreamStudio | Stability AI's web service | Created using Stability AI's platform |
| Bing Image Creator | Microsoft's AI image tool | Generated through Microsoft's Bing AI |
| Adobe Firefly | Adobe's generative AI | Created using Adobe's Firefly AI tools |
| SDXL | Stable Diffusion XL model | Generated using the larger SDXL model |
| Flux.1 / FLUX | Modern diffusion model | Generated using Flux AI models |
| Fooocus | Simplified SD interface | Created using Fooocus generator |
| IDEOGRAM / ideogram.ai | Text-focused AI generator | Created using Ideogram's AI service |
| Recraft | AI design tool | Generated using Recraft AI |
| Imagine with Meta | Meta's AI image generator | Created through Meta's AI tools |
| Google Inc. 2016 | ICC Profile signature (UTF-16 BE) | Strong indicator of Google AI (Gemini/Imagen) origin |
| Gemini | Google's multimodal AI | Image processed or generated by Google Gemini |
| Imagen | Google's image generation AI | Created using Google's Imagen system |
| Diffusers | HuggingFace library | Generated using HuggingFace Diffusers library |
| HuggingFace | ML model repository | Created using models from HuggingFace |
| Civitai | AI model sharing platform | Generated using models from Civitai |
These indicate the image was edited with professional software. Not necessarily AI-generated, but has been modified.
| Signature | Category | What It Means |
|---|---|---|
| Adobe Photoshop | Photo Editing | Image was edited in Photoshop |
| Adobe Lightroom | Photo Editing | Image was processed in Lightroom |
| GIMP | Photo Editing | Edited with the free GIMP software |
| Affinity Photo | Photo Editing | Processed with Affinity Photo |
| Pixelmator | Photo Editing | Edited using Pixelmator (Mac) |
| Paint.NET | Photo Editing | Processed with Paint.NET |
| Capture One | RAW Processing | Professional RAW development software |
| Snapseed | Mobile Editing | Edited using Google's Snapseed app |
| Meitu | Beauty App | Processed with Meitu beautification app |
| FaceApp | Face Modification | Face was modified using FaceApp AI |
These are serious indicators of facial manipulation or synthetic face generation.
| Signature | Description | Severity |
|---|---|---|
| DeepFaceLab | Face-swapping software | Critical - Direct deepfake tool |
| FaceSwap | Open-source face-swap | Critical - Explicit face manipulation |
| Roop | One-click face swap | Critical - Face replacement detected |
| Reface | Face-swap app | High - Mobile face-swap tool |
| SimSwap | AI face swapping | Critical - Advanced face manipulation |
| InsightFace | Face analysis library | High - Often used for face swapping |
| GFPGAN | Face restoration AI | Medium - Face enhancement (may be legitimate restoration) |
| CodeFormer | Face restoration AI | Medium - Advanced face enhancement |
| Real-ESRGAN | Image upscaling AI | Low - May be legitimate upscaling |
| Lensa | AI portrait app | High - AI-enhanced/generated portraits |
| Remini | Photo enhancement AI | Medium - AI enhancement applied |
The analyzer also detects AI signatures through patterns rather than exact text matches:
| Pattern Type | What It Detects | Example Match |
|---|---|---|
| Midjourney Filename | UUID patterns with "_mj_" marker | abc123_mj_image.png |
| Midjourney Parameters | Command-line style generation parameters | --v 5, --ar 16:9 |
| SD Generation Info | Automatic1111 generation metadata | Steps: 30, Sampler: Euler |
| CFG Scale | Guidance scale parameter | CFG scale: 7.5 |
| Model Hash | AI model identification | Model hash: a1b2c3d4 |
| ComfyUI Workflow | JSON workflow structures | "class_type": "KSampler" |
| DALL-E Signature | OpenAI generation marker | Generated by DALL·E |
| Prompt/Negative Prompt | Generation prompts in metadata | Prompt: beautiful landscape... |
| Seed Value | Random seed for generation | Seed: 123456789 |
These signatures indicate the video was generated by AI systems.
| Signature | Company | Description |
|---|---|---|
| Runway ML / Gen-2 / Gen-3 | Runway | Leading AI video generation platform. Creates videos from text or images. |
| Pika Labs | Pika | Text-to-video AI. Known for creative video generation. |
| OpenAI Sora / Sora1 | OpenAI | OpenAI's advanced video generation AI. |
| Synthesia | Synthesia | AI avatar video platform. Creates videos of synthetic humans speaking. |
| HeyGen | HeyGen | AI avatar videos with voice cloning. |
| D-ID | D-ID | Talking head AI. Animates faces from photos. |
| Colossyan | Colossyan | Enterprise AI avatar platform. |
| Stable Video Diffusion | Stability AI | Open-source video generation model. |
| Google Veo / Lumiere / Phenaki | Google's video generation AI systems. | |
| Meta Make-A-Video / Emu Video | Meta | Meta's video generation research projects. |
| AnimateDiff | Open Source | Animation framework for Stable Diffusion images. |
| ModelScope / ZeroScope | Various | Open-source text-to-video models. |
| CogVideo / VideoCrafter | Research | Academic video generation models. |
| Luma AI / Dream Machine | Luma | AI video and 3D generation platform. |
| Kaiber AI | Kaiber | AI video generation for music and art. |
| Kling AI | Kuaishou | Chinese AI video generation platform. |
| MiniMax / Hailuo | MiniMax | Chinese AI video generation (Hailuo AI). |
| Haiper AI | Haiper | AI video creation platform. |
| PixVerse | PixVerse | AI video generation service. |
| Deforum / Warp Fusion | Open Source | Animation tools for AI image sequences. |
| Signature | Type | Risk Level |
|---|---|---|
| DeepFaceLab | Face Swap | Critical - Most common deepfake tool |
| FaceSwap / FaceFusion | Face Swap | Critical - Open-source face replacement |
| Wav2Lip | Lip Sync | Critical - AI lip synchronization |
| Roop | Face Swap | Critical - Single-image face swap |
| First Order Motion | Animation | High - Animates images from video |
| SimSwap / InsightFace | Face Swap | Critical - Advanced face manipulation |
| SadTalker / MakeItTalk | Talking Head | High - Animates portraits to speak |
| Audio2Face | Facial Animation | High - Audio-driven face animation |
| LivePortrait | Portrait Animation | High - Real-time portrait animation |
Detection of cloud infrastructure used for AI processing:
Presence of machine learning libraries may indicate AI processing:
Some AI tools leave binary (non-text) patterns in video headers:
| Signature | Pattern | Meaning |
|---|---|---|
| Kling AI SPS | 95 90 05 00 5b b0 11 | Kling AI's H.264 encoder signature in video stream parameters |
AI video generation tools typically use fast, simple encoding settings. The analyzer looks at x264/x265 encoder parameters to detect patterns associated with AI pipelines.
These encoding settings, when found together, suggest AI generation:
| Option | Suspicious Value | Weight | Why It's Suspicious |
|---|---|---|---|
| scenecut | 0 | 4 | Scene detection disabled. AI generates frame-by-frame, doesn't need scene cuts. |
| bframes | 0 | 3 | No bidirectional frames. AI generates sequential frames without temporal prediction. |
| subme | 0 | 3 | No subpixel motion estimation. AI content has no real motion to estimate. |
| cabac | 0 | 2 | CABAC disabled for speed. AI pipelines prioritize fast encoding. |
| ref | 1 | 2 | Single reference frame. AI doesn't benefit from multiple references. |
| mbtree | 0 | 1 | Macroblock tree disabled. Not needed for AI-generated content. |
| trellis | 0 | 1 | Trellis optimization disabled for speed. |
| 8x8dct | 0 | 1 | 8x8 discrete cosine transform disabled. |
| weightp | 0 | 1 | Weighted prediction disabled. |
| mixed_ref | 0 | 1 | Mixed references disabled. |
| Score | Likelihood | Interpretation |
|---|---|---|
| 0 | None | Normal encoding parameters |
| 1-7 | Low | Some fast-encode options, possibly legitimate |
| 8-11 | Medium | Suspicious pattern of options |
| 12-15 | Medium-High | Likely AI encoding pipeline |
| 16+ | High | Strong evidence of AI encoding |
When the x264 encoder string doesn't include the "options:" section, it often indicates the video passed through a cloud AI pipeline that strips this information.
The analyzer extracts frames from the video and measures statistical properties that differ between AI-generated and real video.
| Metric | What It Measures | AI Indicator |
|---|---|---|
| Color Stats (mean, std) | Average color and variation per channel (R, G, B) | AI videos often have unnaturally consistent colors |
| Edge Density | Amount of sharp edges in the frame | AI may have unusual edge patterns |
| Noise Estimate | Background noise level | AI generates unnaturally uniform noise |
| Histogram Entropy | Information density (0-8 bits) | AI may have unnatural distribution |
| Banding Score | Color quantization artifacts | AI often produces color banding |
| Analysis | Description | Suspicious Threshold |
|---|---|---|
| Color Consistency | Range of color variation across frames | <15 total range indicates synthetic content |
| Noise Patterns | Variance of noise across frames | <0.5 variance indicates uniform AI noise |
| Banding Analysis | Average banding artifacts | >20 average indicates AI color issues |
C2PA (Coalition for Content Provenance and Authenticity) is an industry standard for embedding verifiable information about how content was created. Major companies like Adobe, Microsoft, Google, and OpenAI are adopting this standard.
| Indicator | Meaning | Significance |
|---|---|---|
| c2pa | C2PA Content Credentials present | File contains provenance data |
| jumb / JUMBF | JUMBF container found | ISO standard container for C2PA data |
| trainedAlgorithmicMedia | IPTC AI-Generated flag | High confidence: Explicitly marked as AI-generated |
| compositeWithTrainedAlgorithmicMedia | IPTC AI-Composite flag | Contains AI-generated elements mixed with other content |
| algorithmicMedia | IPTC Algorithmic flag | Created using algorithmic/AI processes |
| digitalSourceType | Source type declaration | Describes origin (camera, AI, composite, etc.) |
| softwareAgent | Creation software | Names the tool that created the content |
| truepic | Truepic signing | Content signed by Truepic verification service |
AI tools often generate files with distinctive naming patterns. Even if metadata is stripped, the filename may reveal the source.
| Pattern | Source | Example | Confidence |
|---|---|---|---|
| Generated_Image_[Month]_[Day]_[Year] | Google Gemini | Generated_Image_November_14__2025_-_1_15PM.png | Very High |
| UUID with _mj_ marker | Midjourney | a1b2c3d4_mj_5678.png | High |
| DALL·E or DALL-E variants | DALL-E / OpenAI | DALL·E_2025_image.png | Very High |
| 00001-1234567890-prompt | Stable Diffusion (Auto1111) | 00001-123456789-beautiful_landscape.png | High |
| comfyui_[number] | ComfyUI | comfyui_00001.png | Very High |
| leonardo_ai_[...] | Leonardo.AI | leonardo_ai_creative_123.png | High |
| OIG.[...] or bing_image | Bing Image Creator | OIG.abc123.jpg | High |
| firefly_[...] or adobe_firefly | Adobe Firefly | firefly_generated_image.png | High |
| flux_dev or flux_schnell | Flux | flux_dev_output.png | Medium |
| nightcafe_[...] | NightCafe | nightcafe_studio_art.png | High |
| Pattern | Source | Score Impact |
|---|---|---|
| kling_[...] | Kling AI | +40 points |
| runway_[...] | Runway ML | +40 points |
| pika_[...] | Pika Labs | +40 points |
| sora_[...] | OpenAI Sora | +40 points |
| synthesia_[...] | Synthesia | +40 points |
| text_to_video or txt2vid | Any T2V generator | +20 points |
| ai_generated | Generic AI | +20 points |
| YYYYMMDD_HHMM_ timestamp | AI service export | +10 points |
| 24+ character hex ID | AI service export | +15 points |
JPEG images use quantization tables during compression. Different software uses different tables, creating a "fingerprint" that can identify the source application.
| Table Name | Source | Significance |
|---|---|---|
| Standard_IJG_50 | IJG (JPEG standard) Quality 50 | Default JPEG library. May indicate programmatic generation. |
| Standard_IJG_75 | IJG Quality 75 | Common default quality setting. |
| Standard_IJG_90 | IJG Quality 90 | High quality setting. |
| Photoshop_SaveWeb_HQ | Adobe Photoshop "Save for Web" | Indicates Photoshop processing. |
Real cameras typically use proprietary quantization tables. When an image uses the standard IJG tables, it often means: