In general, there are four sets of techniques for camera identification. The first uses information specifically embedded by the camera to identify itself (metadata). Metadata is usually specific to a make and model of camera, but not to a specific camera. The second set of techniques can be used to identify a specific camera, either by identifying specific characteristics of the camera (commonly referred to as bullet scratches or fingerprinting). These techniques generally require a candidate source camera for comparison. The third set of techniques rely on characteristics specific to a manufacturer and possibly a series of cameras, particularly the choice of coding parameters, interpolation and filtering. These techniques are useful for checking consistency with other evidence and can aid investigation when metadata has been removed. Finally, a wide range of steganographic (watermarking) techniques have been proposed, but these are really only useful for proving ownership of a copyright work and would almost certainly not be deliberately embedded in an image from a deliberately anonymous source. While watermarking might be introduced in a future generation of cameras, this is of no help in tracking the sources of the existing images of interest in the digital domain.
The simplest technique for identifying the source camera is to use metadata embedded by the source camera, of which the Exif metadata standard, published by the Japan Electronics and Information Technology Industries Association (2002), is almost ubiquitously supported. In many cases this is in fact sufficient because it is often beyond the skills of camera users to manipulate or remove the Exif metadata header. Two key forensic fields in the Exif metadata are the Make and Model. The metadata is easily extracted using a range of photography tools including recent versions of Adobe Photoshop and such shareware applications as IrfanView.
On the other hand, any savvy photographer who wishes to remove or modify Exif metadata will find a range of easy-to-use tools at their disposal on the Internet. Older versions of image manipulation software, such as early versions of Adobe Photoshop, do not recognise the Exif metadata standard and will strip such identification from the file. More sophisticated users can develop their own techniques to edit Exif. It should be noted in particular that Exif metadata is encoded in clear ASCII text and is both easy to read directly in the binary file, and easy to change.
For this reason, it is unreasonable to expect metadata to be present, and if it is present, to be a reliable indicator of the image source. It is true, however, that many photographers of interest are not aware of the existence of metadata, and the author’s experience in criminal cases suggests that where metadata is not present this is more often due to inadvertent erasure rather than deliberate action.
Even if Exif metadata is present, other indicators of the source camera identity are useful to establish whether that metadata has been tampered with. For example, the image size should be consistent with the capabilities of the candidate camera. Also, many camera manufacturers define their own proprietary extensions to Exif, or use their own metadata protocol, which can also provide a level of confidence in the metadata present in the file.