Manisha Mann*, Shukla SK and Shruti Gupta
Amity Institute of Forensic Sciences, Amity University, Noida, UP-201303, India
Received date: May 21, 2015; Accepted date: July 21 2015; Published date: July 26, 2015
Citation: Mann M, Shukla SK, Gupta S (2015) A Study to Ascertain and Differentiate between Genuine and Transplanted Documents/Signatures. J Forensic Res 6:293. doi: 10.4172/21577145.1000293
Copyright: © 2015 Mann M, et al. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
Visit for more related articles at Journal of Forensic Research
Digital forgery is very common these days because the use of digital document is increasing day by day and readily available software’s for manipulating the documents. It is very necessary to authenticate the integrity of digital document, whether it’s genuine or not. Various secure detection systems are made which involves use of algorithm, but this paper deals with examining simple features present in image/document which can be used to check the authenticity of an electronic document, whether they are genuine or forged. These simple features are like Color variation, Font size difference, Pixelate resolution, Range of magnification-low, medium and high range of magnification and extracting hash value-MD4, MD5, SHA-1, RIPEMD-128 and RIPEMD-160. Results are highly reliable.
Digital documents; Digital forgery; Image hashing; Pixels
Now a days use of electronic documents have been increased tremendously which results in increase in digital forgery. A forgery is an unlawful act of forging a document or item for the reasons of misrepresentation or trickery. Digital forgery is very common now, because digital images are not difficult to manipulate and alter due to easily available image processing and editing software’s. These days, it is feasible to include or exclude any important characteristics from a picture without leaving any conspicuous hints of altering. Digital forensics is the current topic which has received attention recently. Digital images play an important role in depicting and transferring the data easily, therefore new techniques for detection of forgery in digital images have been investigated. There is a little difference between image forgery and digital image forgery, as the digital image forgery deals with the digital image as compared to photographs which are used in image forgery. There are many different computer graphic editing software are available like Adobe Photoshop, GIMP (GNU Image Manipulation Program), and Corel Paint Shop, etc.
Areas like legal, criminal, journalism, medical requires the digital document to be authentic. So there is high demand for a dependable, safe and secure detection system, which is capable to determine or check whether the digital image/document is real or altered. As due to presence of easily available image editing software’s alteration could be done to the digital document and some modification may be impossible to be seen by human eye, these modification results in some core statistics changes in the digital document which can be detected.
Forgery techniques in digital images are classified into three main groups
• Copy Paste Forgery (Image splicing).
• Image retouching.
• Copy Move Forgery (Image cloning).
Copy paste forgery also known as image splicing: In this type an altered duplicate copy or a document is prepared with the help of an original image along with some additional images, for instance including particular area of the additional image to the original one, just to hide or manipulate the image.
Image retouching: In this type the forger manipulates the image in a way so that the modification in the content of the image becomes unnoticeable.
Copy move forgery also known as Image cloning: In this type of forgery a distinct part of an image is copied and moved to another part of the same image.
Usually there are two types of detection techniques or approaches are used. Following are the two techniques
Active method includes features like watermarking which helps in detecting digital tampering like name, signature, date, etc.
Passive method in this method digital image forgeries are detected without taking any use of the features or information of the original image .
Image hashing/Image fingerprinting
Image hashing or image fingerprinting is a procedure of providing value that is specific to particular image by examining its content. This fingerprint is basically a string which is assimilated with other fingerprint for possible matches . There are two types of image hashing techniques:
Perceptual hashing: Perceptual hashing a technique which produces fingerprint of different multimedia like audio, video or image file with the help of algorithm. Perceptual hash functions (PHF) are most commonly used in area of digital forensics and protection against copyright infringement. Through PHF one can assimilate and map source the data with the help of correlation between the hashes. For instance, Wikipedia contains a database of hashes of online articles and books for which copyright is hold by the authors, when any Wikipedia users upload any document containing data of online books or article registered in that database will have same hash value and will match with each other and this can be used in flagging or pointing out plagiarism .
Cryptographic hashing: Cryptography is a technique in which a message authentication code (MAC) is produced with the help of hash function. Even a slight change in input message results in distinct hash value. Following are mostly used hash algorithm:
• MD (Message Digest Algorithm) - MD4, MD5.
• SHA (Secure Hash Algorithm) – SHA-0, SHA-1.
• RIPEMD (RACE Integrity Primitive Evaluation) – RIPEMD-160 .
Pixels: Pixel is derived from a word “picture element”. In a computer picture, a pixel is the simplest unit of programmable color. The size of the pixel relies on the resolution of the display screen. If the display is at its highest resolution, the physical size of pixel will be equal to dot pitch of display. If the resolution is less than the highest, then size of pixel will be larger than dot pitch .
Early studies on this topic were Weihai li; et al. developed a method for detection of copy paste forgery in manipulated JPEG pictures and also locates the position or the area of manipulation. This method works by extracting DCT block artefact grid and determining mismatch of grid . Thirumagal, et al. proposed a forensic technique for detection of contrast enhancement (globally or locally applied) and by identifying the peculiarities of intrinsic fingerprint the histogram equalization in a picture can be detected . Najah Muhammad, et al. proposed an effective non-intrusive technique for detection of copy move forgery. In this technique the image is segmented and the similarity is detected with the help of Dyadic Wavelet Transform (Dy WT) . R. Venkatesan, et al. proposed an image indexing technique which is known as image hash function. Randomized signal processing is used by algorithm for a non-reversible compression of an image which results into arbitrary binary strings . Kelsy Ramirez-Gutierrez, et al. proposed two algorithm to detect authenticity of an image, even if the image is affected by distortion like filtering, compression and other malevolent modification like geometric distortion. The algorithm can also detect tampering and also the localized tampered areas .
This paper deals with examining simple features present in image/ document which can be used to check the authenticity of an electronic document, whether they are genuine or forged. These simple features are like Color variation, Font size difference, Pixelate resolution, Range of magnification: low, medium and high range of magnification and extracting hash value: MD4, MD5, SHA-1, RIPEMD-128 and RIPEMD-160.
25 samples of documents were created which contained signatures, dates, names and addresses, which have been transplanted from the originals on those documents. Doctor’s prescription, list of student selected in any institution, stamp papers, certificates and appointment letters are the type of samples.
The 25 samples were collected from Google Images.
Procedure adopted for analysis
As original disputed documents cannot be gathered due to their authorization and confidentiality, which should be maintained by government forensic laboratories with due reason, such documents were prepared manually for the research with the help of software’s. These samples were then analyzed in soft copy format. Then the signatures were cropped from the originals, copied and pasted on the documents to be forged with the help of MS Paint. These forged documents were then examined in soft copy format with the help of Picasa. Following are the features on the basis of the samples were examined:
• Colour variation.
• Font size difference.
• Range of magnification: low, medium and high range of magnification.
• Hash value: MD4, MD5, SHA-1, RIPEMD-128 and RIPEMD-160
Software’s and application used for analysis
• Microsoft Paint or MS Paint is a simple graphics program that has been included with all versions of Microsoft Windows. This program can be in colour mode or two-colour, black-and-white, but there is no grayscale mode.
• Picasa 3.9 is an image organizer and image viewer for organizing and editing digital photos plus an integrated photo-sharing website, originally created by a company named Lifescape in 2002 and owned by Google since 2004.
• Fileformat.info is a website which reveals the all types of hash value of any type of file like audio, video or any document. Basically it’s an online hash value calculator.
Samples (observed features)
Since the number of samples created and observed for this study is very large, it would not be convenient to attach all the samples and pictures of the features observed in each sample. Therefore, only a few samples are being attached with the zoomed in images of their parts showing some difference from the whole of the document, indicating different sources of origin (Figures 1-4).
The following 25 samples were examined on basis of different features in Picasa Software:
• Range of magnification: low, medium and high range of magnification.
• Colour variation.
• Font size difference.
• Pixelate resolution.
Above mentioned features are given in Table 1.
Range of magnification
All the samples were first analyzed by magnifying them. The range at which transplantation was first observed was considered as lowest range of magnification for the specific sample. Simultaneously the range of magnification was increased and it was observed that on increase of magnification the transplantation was more prominently seen. All the samples were analyzed between 26 to 1252 ranges of magnification.
Color variation and font size difference
All the samples were analyzed to check color variation in two aspects: color variation in paper background and color variation in ink. Difference in the font size of the samples was examined and observation was noted down in the Table 1. The samples which were transplanted had noticeable difference in their background/ink color as well as font size.
All the samples were analyzed to detect difference in the pixelate resolution. It was found that the transplanted area had difference in their pixelate resolution as compared to the document on which they were transplanted.
All the samples (including the original document and simulated document) were analyzed using this application. Five type of hash values were calculated: MD4, MD5, RIPEMD-128, RIPEMD-160 and SHA-1. The change in the hash values of original and the simulated document were observed and the values were noted down in the Table 2.
|Sample||Original Sample||Simulated Sample|
Table 2: Shows the observation made on examination of samples with transplanted signatures on basis of Hash values.
The present research reveals some simple methods which can help document experts as well as common man to establish whether the document is authentic or not. The results are extremely beneficial and reliable as after an appropriate magnification, color variation can be seen between transplanted area and the original document. Along with it on increasing the range of magnification the differences in font size and pixelate resolution are very much evident. The range of magnification was found to be between 26-1252%, which clearly determines the difference between the transplanted area and original document. The five types of hash values were also calculated to determine the difference between simulated document and the original one, the hash values were: MD4, MD5, RIPEMD-128, RIPEMD-160 and SHA-1. By adopting the material and methods used in this research, experts can be benefitted in dealing with softcopy transplanted forgery cases up to a huge extent.
Make the best use of Scientific Research and information from our 700 + peer reviewed, Open Access Journals