Exif Summarizer

Exif metadata are wonderful.
Just think about all the fields listed in the Exif standard: a great bunch of information is available for each image. When the picture was taken? And where? And what camera was used? And what were the f-stop and exposure settings? And who was the photographer? ... damn! Why the author field is always empty?
Anyway...Exif metadata are definitely marvelous.
The problem is that commonly, pictures and related metadata are too numerous and this prevents an efficient inspection of the files during a digital investigation.
So there is a need of aggregation of the information: for the picture content the problem is hard, also using machine learning algorithms. But in the case of metadata, a smart way to show them can alone lead to evidence discovery, or at least to form a suspicion!

And that is what EXIF summarizer tries to do: given a directory (the root directory is fine), it recursively scans all the folders, reads the EXIFs and composes a table with all the found cameras used to take the pictures, and the usage time intervals, based on the Photo.DateTimeOriginal  field. The obtained report could be for example useful to easily detect the cameras or the phones which are most used by the person under investigation.
The only requirement is to download and install the pyexiv2 module.
Then, simply run the script giving it the desired options:

-i <directory_to_scan> (mandatory)
-o <out_file_name>
-r to enable the recursion into the directories
-c to obtain a csv output
-w to obtain an html output (recommended)
-f to create a list of the photos for each camera in the html report

 
Special thanks to Joost de Valk for the sort-table javascript!

Comments

Popular posts from this blog

A first look at Android 14 forensics

Huawei backup decryptor

iOS 15 Image Forensics Analysis and Tools Comparison - Communication and Social Networking Apps