Researchers can already detect sophisticated tampering in still images, but they are only beginning to tackle the same problem in video.

Some of the early video-forensics efforts are coming out of Dartmouth College, where Hany Farid, professor of computer science, and researcher Weihong Wang have illustrated a method for detecting if a high-quality video has been re-saved--a telltale sign that someone has tampered with the original file.

While Farid's technique would not work well with low-quality YouTube videos, he says, it is well suited for high-quality video such as that from surveillance cameras. "The tools are becoming increasingly more sophisticated for manipulating video and audio," Farid says. "We may as well get a jump on it."

The researchers' antiforgery tool uses mathematical tricks that exploit the predictable way in which videos are compressed into standard MPEG files. Video compression works on the assumption that there isn't much movement between a series of video frames, hence keeping every frame isn't necessary. But the information about the movement is still maintained: the compression algorithm looks at an initial frame and a second frame, and it extracts numbers that represent the motion difference between them. The numbers describe how to regenerate the second frame from the first frame, Farid says, and can be saved without taking up as much storage space as the second frame would. This process is repeated for subsequent frames. As it extends further from the initial high-quality frame, however, more error is introduced. Therefore, Farid says, every twelfth frame of an MPEG video is a high-quality still image that starts the process anew.

Farid says that the high-quality image that appears every twelfth frame is nothing more than a JPEG, an image format that, as he and his team have previously shown, is sensitive to being compressed multiple times. "Imagine you take a video sequence, tamper with it, and re-save it," he says. "Now you have this double JPEG compression." Compressing the images twice, Farid says, introduces a statistical signature that is revealed when the video is analyzed with signal-processing software. Detecting the recompression signature of the JPEG within a video proves that the file has been re-saved at least once, indicating tampering.