forensics.media Subscribe
Image

How to tell what camera took a photo

By The Forensics Media team
5 min read
Contents

The quick answer is in the metadata, which usually names the camera make and model, but that is easily wiped or forged. When it is gone, a camera can sometimes be identified from its sensor-noise fingerprint, a technique called PRNU, but that needs reference images from the suspected camera and a good-quality file, and it is mostly a laboratory capability rather than something a free website does. So “what camera took this?” splits into two very different questions: the easy, unreliable one, and the hard, powerful one.

The quick answer: read the metadata

Every photo straight from a camera or phone carries EXIF metadata, and the Make and Model fields name the device directly. A metadata viewer reads them in seconds, and for the great majority of honest, unedited photos that is the whole answer.

The problem is trust. Metadata is unsigned text that anyone can change. Free tools like ExifTool can rewrite or strip every tag in one command, so the camera name can be invented, and it is usually wiped the moment a photo is uploaded to a platform. Read it first, but treat it as a claim, not proof. The full caveat is in Can EXIF data be faked?.

When metadata is gone: the sensor-noise fingerprint

If the metadata is missing or suspect, the camera can sometimes still be identified from the image itself. Every camera sensor has tiny manufacturing imperfections that make some pixels slightly more or less sensitive to light. This pattern, called photo-response non-uniformity (PRNU), is effectively the same in every photo that sensor takes, so it works like a fingerprint for the individual device.

The technique was introduced by Lukáš, Fridrich and Goljan (2006), who treated the camera’s reference pattern as a kind of watermark and confirmed its presence in a questioned image with a correlation detector, reporting a false-reject rate under 1 percent at a false-accept rate of one in a thousand on clean files. It was extended into an image-integrity test by Chen, Fridrich, Goljan and Lukáš (2008). Crucially, PRNU identifies the specific physical camera, not just the model: two phones of the same make have different fingerprints.

What PRNU actually needs to work

PRNU is powerful but demanding, and three conditions limit it sharply. First, you need a reference: several images known to come from the suspected camera, to build the fingerprint to compare against. With no candidate device, there is nothing to match, so PRNU confirms a suspicion, it does not generate one. Second, it needs signal: the fingerprint is faint, so a match is only declared when a detection statistic clears a set decision threshold. The standard statistic is the peak-to-correlation-energy (PCE), used in the large-scale camera-identification test of Goljan, Fridrich and Filler (2009), which ran over one million images from 6,896 cameras across 150 models to put real numbers on its false-accept and false-reject rates, and that signal falls away with heavy JPEG compression, downscaling, cropping, and strong filtering. Third, it needs the right tools. In the Forensics Media team’s review of the major forensic toolkits, true sensor-fingerprint matching appeared only in commercial-pro and research tools, while the free online services stop at reading metadata.

Model, not unit: encoding and format traces

Between “anyone can read the model” and “a lab can match the unit” sits a middle layer. Even without EXIF Make and Model, the way a file is encoded can narrow the field. JPEG quantization tables, the embedded thumbnail, and a camera’s proprietary MakerNote block tend to be characteristic of a particular model or the software that produced the file. These traces point to a model or a processing app rather than an individual device, but they can confirm or contradict a metadata claim, and they are harder to fake convincingly than a single text field. A newer, learned approach targets the model-level question head-on: Noiseprint, a convolutional network trained to extract a camera-model noise signature, reported 100 percent camera-model identification in a controlled three-model test against 77 percent for classic PRNU, while at the harder job of telling two individual units of the same model apart it fell to 62 percent, below PRNU’s 70 percent. Its authors are blunt about the boundary, noting that noiseprints allow excellent model identification but “cannot help for device identification,” and that “global image processing tends to reduce the noiseprint strength” (Cozzolino and Verdoliva, 2020). Metadata itself can be read the same structured way: Yang, Zhou, Baracchi and colleagues (Journal of Imaging, 2026) treat the whole EXIF block as an embedding for source-camera identification, which catches forgeries that change the obvious Make field but leave related fields inconsistent.

What you can realistically determine

What you can establish depends entirely on the file in front of you. If the metadata is intact and nothing contradicts it, you have the model, with low confidence that it is genuine. If you also have the suspected camera in hand and a clean, high-resolution file, PRNU can tie the photo to that exact device with real authority. And if all you have is a small, recompressed image off social media with the metadata stripped, the honest answer is often that the camera cannot be determined at all. As with every forensic signal, the strongest conclusions come from more than one method agreeing, never from a single field read in isolation. Device attribution is one of the questions covered in what forensics can learn from a file.

Sources

  • Lukáš, Fridrich, Goljan (2006). Digital Camera Identification from Sensor Pattern Noise. IEEE Transactions on Information Forensics and Security 1(2):205-214. DOI: 10.1109/TIFS.2006.873602
  • Chen, Fridrich, Goljan, Lukáš (2008). Determining Image Origin and Integrity Using Sensor Noise. IEEE Transactions on Information Forensics and Security 3(1):74-90. DOI: 10.1109/TIFS.2007.916285
  • Goljan, Fridrich, Filler (2009). Large Scale Test of Sensor Fingerprint Camera Identification. Proc. SPIE 7254, Media Forensics and Security. DOI: 10.1117/12.805701
  • Cozzolino, Verdoliva (2020). Noiseprint: A CNN-Based Camera Model Fingerprint. IEEE Transactions on Information Forensics and Security 15:144-159. DOI: 10.1109/TIFS.2019.2916364
  • Yang, Zhou, Baracchi, Shullani, Zou, Piva (2026). Forensic Analysis for Source Camera Identification from EXIF Metadata. Journal of Imaging 12(3):110. DOI: 10.3390/jimaging12030110
#image#prnu#attribution#metadata