Link to home
Start Free TrialLog in
Avatar of Brian
BrianFlag for United States of America

asked on

How to determine if a screenshot was manipulated.

Hello Experts,

I have a student who took a screenshot of her grades and I'm assuming she altered the screenshot by giving herself and A. However when I log into the system her grade is not an A. She claims that she did not alter the screenshot and that she claims to have been hacked. How can I determine if she did in fact alter a screenshot?
Avatar of Cornelia Yoder
Cornelia Yoder
Flag of United States of America image

If you can use photoshop, zoom in and look for a boundary where the colors change abruptly at the pixel level.  If you can find that, you might be able to tell.

You probably cannot be sure if she is good with something like photoshop.  A screenshot is low enough resolution that it can be manipulated at the pixel level, so it can be made pretty perfect.  

Seems to me a much better solution would be to call her teacher  :)
Avatar of Peter Hutchison
You can use the file's metadata (see the Details tab) to view information about the file and things like the file'sdate created and date modified, author, source and even camera info, if its was taken by a camera.

See this article on legal requirements for images: http://apps.americanbar.org/lpm/lpt/articles/tch06061.shtml
If the student took a screenshot - she had to have access to the grades via a computer. It would be easy enough to just change the grade, take a screenshot and then put the grade back the way it was.

So if she claims that she didn't Photoshop the screenshot - she could be telling the truth.  If she altered the actual data and changed her grade- took the shot and changed it back - she has at that point done nothing illegal.  If she then used the screenshot to deceive her parents into thinking she had a better grade than she did - that's really between them and her.  Your responsibility is simply to make sure that the parent get a true copy of her real grades.  I would certainly recheck all of the grades for the class to make sure that they are not changed.  If they are then your database has been hacked
Avatar of Brian

ASKER

@DTHConsulting,

She only has read access to view her grades via a website. She does not have access to change her grades. She would have had to take a screenshot and then modify her grade within an image application such as Photoshop or GIMP. The question is how to you tell for certain that she modified her grade. Her grade is correct on the website but she is changing it on the screenshot.
ASKER CERTIFIED SOLUTION
Avatar of Eoin OSullivan
Eoin OSullivan
Flag of Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of btan
btan

probably is to trace back the sender and the machine claimed to send out in its original form but thinking back, if the student is indeed trying to hide then all evidence should already be clean up or "housekeep"

Note - to really ascertain tampering in image really need some deep research for accurate findings. this paper shared out Image Tampering Detection For Forensics Applications (pdf) but i doubt we can even apply the theory and mechanism simply in layman understanding, hence we should go trace back ... event claimed by student

.. I was initially thinking of checking the application executed on that day, the login account on that day, the software installed and looking out for any special s/w and editing tools present...even encryption tools like truecrypt etc (to safeguard tainted evidences)  and cloud service (for uploading "evidence"...).
.. Tampering the file will change the file MAC attribute but there are tools such as timestomp to "hide" those changes.

..if the student has used camera or phone to "screenshot" the EXIF should have more info on the image. Check out the online exif viewer on potential "trails"

We may also want to search from similar images on the machine or even online for the original (google image, Tineye etc) and cloned copies to find hint why they exists on the hit location store. of course this subjected to both party agreement
Naw that's pretty futile, look her in the eye and see if the lies show through.
What hackker would give her an A!!!
The facts speak for themselves
However when I log into the system her grade is not an A.
Ring the school for her true report card.
Merete - The author doesn't need to ring the school - he is her teacher.

Even Internet explorer will let her bring up the on-line screen - all she has to do is View Source - Select all and save to notepad as a local .htm or html file - After she changed he D or F  to an A  

The only way around that would be to re-write the website is something that will mask most of the code - (ASP for instance)

You can search all you want and spend hours doing so - but to what result.

Just ask her if she changed it - then print out a correct version and ask her to have both her parents sign the correct copy and return it to you.  Explain to her that if she does so before the next school day - you will give her credit for being inventive but will not take it any farther (with a smile of course)  Make it clear to her that should she not do so - that a call to her parents will be made.    Also make her promise not to teach any of the other students how she did it.

Sometimes working with students like this where a teacher acknowledges  to the student that they know that the student has crossed over that line and is willing to work with that student without fear of punishment to go forward in a more acceptable manner.  I have see it time and time again where the errant student now work that much harder to impress the teacher  with a better attitude and better study habits
it is more of arbitration and mutual understanding if the search is null or not worthwhile spending efforts doubting one another especially if the student is not the frequent or typical miscreant in class (that should be noticeable). Of course parental involvement and attestation will be good formally, at set example of no "more" foul play attempted to best both concurrence.... importantly, no evidence is not an evidence per se. Hopefully with the tightening and sudit trail enforce at system backend and control of privileged account help deter and bring back integrity on system monitoring - leaving the students being on the brink and think twice doing something foolish...there is recent news (recall it is "Orange Public School") on changing grade by hacking into the system
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you Eoin