/ 
/ 
— Browsing Safely ( Upload and analyse instantly — no registration or login required.
Choose how long your private report link stays active before it expires.
Available on clearnet, Tor (.onion), and I2P — use whichever suits your threat model.
Images: JPEG · PNG · WebP · APNG · GIF · HEIC · AVIF · JXL · TIFF · DNG
Video: MP4 · MOV · MKV · WebM · AVI · MPEG · M4V · M2TS · 3GP · FLV · WMV and 350+ more variants
1. Image Forensic Analysis
Visual and statistical properties analysis to identify edits and inconsistencies.
Error Level Analysis (ELA)
Identifies areas of an image that are at different compression levels. Modified areas typically show a higher error level.
DQT Fingerprinting (JPEG)
Analyses the Define Quantisation Table used by the JPEG encoder to identify if an image was last saved by Photoshop or camera firmware.
Thumbnail Mismatch Detection
Compares the embedded thumbnail to the main image to ensure they match. A mismatch indicates the main image was likely replaced.
Histogram Gap Analysis
Statistical analysis of colour distribution. Brightness or contrast adjustments leave detectable "gaps" in the histogram.
Double JPEG Compression Probe
Analyses the re-compression error curve across multiple quality factors to find statistical "ghosts."
JPEG Ghost (Original Quality)
Sweeps every potential quality factor to find the exact original quality at which an image was first compressed.
Clone / Copy-Move Detection
Searches for regions of an image that are identical or near-identical to other regions in the same image.
Resampling & Interpolation
Analysis of periodic correlations between neighbouring pixels which leave a detectable mathematical grid.
2. Video Forensic Analysis
Temporal domain analysis checking for consistency across frames and containers. Accepts MP4, MOV, MKV, WebM, AVI, MPEG, M4V, M2TS, 3GP, FLV, WMV and 350+ additional variants.
Video Encoder Fingerprinting
Analyses bitstream structure and metadata tags like `©too` to identify the true underlying encoder.
GOP (Group of Pictures) Analysis
Analyses how I, P, and B-frames are organised. Edited videos often have irregular intervals or "broken" GOPs.
Inter-frame Tampering (Spike Analysis)
Measures the statistical difference between adjacent frames. Tampered videos show abrupt "spikes" at edit points.
Edit List (elst) Analysis
Parses the internal "Edit List" atom in MP4/MOV containers which instructs players to skip media data.
Frame Duplication & Freeze Detection
Searches for duplicate frames in a sequence where content should be fluid.
Security & DRM Detection
Identifies internal encryption markers like `pssh` boxes in MP4 or ContentEncoding in MKV.
3. Metadata & Privacy Analysis
Deep inspection of "data about data" to prevent inadvertent sensitive information leaks.
Privacy Category Taxonomy
A classification engine that groups thousands of metadata tags into 13 high-level categories ranked by severity.
Metadata Consistency Cross-Check
Compares different metadata fields (e.g., GPS timezone vs file timestamp) to catch contradictions.
Advanced Forensic Markers
Deep inspection of high-signal metadata blocks that provide a "paper trail" of the file's digital life.
Windows XP Identity Leaks
Specifically targets the `XPAuthor` and related tags that Windows Explorer silently writes into files.
4. Structural & Container Integrity
Analysing file formats to find hidden data or "extra" appended content.
Trailing Data (Overlay) Detection
Checks for data appended after the standard "End of File" marker of a media file.
Hidden Animation Stream Detection
Parses animated image formats to find frames too short for the human eye to see — including GIF frames with delays of ≤10 ms and non-looping frames that appear only once at imperceptible speed.
Container Offset Tampering (MKV/WebM)
Validates the SeekHead element directory — an internal map that declares the exact byte position of every top-level block. If any declared position doesn't match the actual position in the file, bytes have been inserted, removed, or the file was re-packaged by a tool that didn't update the index.
Mislabelled Container Detection (WebM)
WebM is a strict subset of Matroska — it only permits VP8, VP9, or AV1 video and Vorbis or Opus audio, with no Chapters or Attachments elements. A file that declares DocType=webm but contains Matroska-only content was relabelled after creation, either by a re-mux tool or deliberately.
JPEG XL Repack Detection
JXL supports lossless JPEG recompression — the original JPEG bitstream is stored verbatim inside the JXL container. A jbrd box in the file means the submission is a repacked JPEG, not a native JXL capture from a camera. The original JPEG can be reconstructed byte-for-byte from the wrapper.
jbrd JPEG Bitstream Reconstruction Data box with a clear forensic verdict.Document Steganography & Extraction Coming Soon
Deep inspection of document containers for embedded streams, structural gaps, or hidden XML.
AVI ISFT Encoder Leak (AVI)
AVI files carry an optional RIFF LIST INFO block with an ISFT (Software) tag written by the muxer. FFmpeg writes Lavf58.x, VirtualDub writes its own version string, and OBS writes obs-output. CCTV firmware that omits the tag is itself a signal. The codec FourCC from the stream header is also fingerprinted — MJPEG indicates a webcam or IP camera; XVID/DIVX indicates legacy PC encoding.
AVI Header Integrity Checks (AVI)
The AVI main header (avih) declares the stream count and frame rate. These must match the actual stream list (strl) blocks and the per-stream rate declared in strh. A mismatch — or an unexpectedly missing indx super-index — reveals partial re-muxing, truncation, or two-tool editing. The ICRD creation date in the INFO block is also extracted and can reveal the original recording timestamp independent of the filesystem.
Ready to analyse your media?
Start your deep analysis now and expose what's hidden.
Analyse Photos » Analyse Videos »Want to protect your media after analysing it?
Hide & Conceal with Vaultify → Learn more about Vaultify →