Archive for April 9th, 2016
This article will walk you through installing GIMP on OS X with an ELA (Error Level Analysis) plugin to detect editing.
To learn more about reading ELA results, read this:
First, download GIMP from here: https://www.gimp.org/downloads/
Next, grab elsamuko-error-level-analysis.scm from the bottom of this page: https://sites.google.com/site/elsamuko/forensics/ela – Save it for later.
After downloading this .scm file, open it in your favorite text editor and locate the following line:
SF-STRING "Temporary File Name" "error-level-analysis-tmp.jpg"
Change it to the following:
SF-STRING "Temporary File Name" "/tmp/error-level-analysis-tmp.jpg"
And save the file. This fixes an issue with images not being able to be processed as the default location is not writable by GIMP.
Now double-click the GIMP .dmg file you downloaded, and copy GIMP to your Applications folder as shown:
Once you have it copied over, you will want to open the package contents by alt-clicking and selecting “Show Package Contents“.
From here, navigate to Contents > Resources > share > gimp > 2.0 > scripts and drop in the elsamuko-error-level-analysis.scm file you download earlier.
Now, run GIMP. Because of security-related things and stuff, the first time you run you will have to alt-click on GIMP and select Open. After doing this for the first time, you won’t have to do it again.
GIMP will appear to freeze for about 5 minutes while it builds its initial caches. This will cause GIMP to appear unresponsive. Do not force-kill it during this time, simply be patient until it opens.
Now, you can perform ELA on an image by opening it, and selecting Image > Error Level Analysis from the menu.
Once you’ve done that, running it against an image will produce an ELA mask as an additional layer, which you can use to analyze an image.
You can toggle the ELA layer visibility by clicking the eye shown in the following screenshot.
(Sample image from http://fotoforensics.com/tutorial-ela.php, retrieved April 11th, 2016)