Forensic IMAGE EXIF Analyzer
Extract EXIF, GPS, XMP, IPTC, and maker notes from JPEG, HEIC, and RAW images. View camera serial numbers, GPS maps, timestamps, and edit history. All client-side. No upload.
Drop image files or folders here
JPEG, HEIC, TIFF, DNG, CR2, NEF, ARW, and more
JPEG · HEIC/HEIF · TIFF · DNG · CR2 (Canon) · NEF (Nikon) · ARW (Sony) · ORF (Olympus) · RW2 (Panasonic) · RAF (Fujifilm) · PNG* · WebP*
* PNG/WebP: only if EXIF was embedded at capture time
Add image files to begin extracting metadata. Results appear here as each file is parsed.
How to Use the Forensic IMAGE EXIF Analyzer
Add image files
Drag image files or a folder onto the drop zone, or use the Add Images / Add Folder buttons. JPEG, HEIC, TIFF, DNG, and all major RAW formats are supported.
Review the results table
Camera, date, GPS pin, and anomaly badges appear for each file. Click the GPS pin to preview location. Click anywhere on a row to open the full detail overlay.
Inspect in the detail overlay
Each file has nine collapsible sections: capture data, camera identity (serial numbers), timestamps with timezone selector, GPS map, image properties, copyright, edit history, color profile, and raw dump.
Export your findings
Select files and export CSV (all metadata fields), KML (GPS locations for Google Earth), or JSON (complete raw EXIF segments). Copy formatted text reports for case notes.
Frequently Asked Questions
JPEG, HEIC/HEIF, TIFF, DNG, CR2 (Canon), NEF (Nikon), ARW (Sony), ORF (Olympus), RW2 (Panasonic), RAF (Fujifilm), and other RAW formats. PNG and WebP are partially supported if EXIF data was embedded at capture time.
No. All parsing is performed entirely in your browser using the exifr library running in a Web Worker. Your images never leave your device at any point during the process. SHA-256 hashes are computed using the browser's built-in Web Crypto API. You can verify this by disconnecting from the internet and using the tool normally.
SHA-256 is a cryptographic hash function that creates a unique 64-character fingerprint of a file's raw bytes. If even one pixel changes, the hash changes completely. The tool computes SHA-256 for every image to provide file integrity verification. In digital forensics, this hash serves as proof that the analyzed file is identical to the original. You can compare the hash displayed here against the hash from your acquisition tool to confirm no alteration occurred during analysis.
The tool computes a SHA-256 hash of each file's raw bytes. When two or more files share the same hash, they are byte-for-byte identical copies. These files are flagged with an amber "DUPLICATE" badge in the table and appear as a warning anomaly. This helps identify re-saved copies in evidence collections and can reveal when the same image appears under different filenames.
Many cameras and smartphones embed GPS coordinates in image metadata. This records where the photo was taken. Forensically, GPS coordinates can place a device at a location at a specific time. The embedded GPS timestamp (from satellites) can also be compared against the camera clock timestamp to detect inconsistencies.
The amber "Edited" badge appears when the Software or CreatorTool EXIF/XMP field contains the name of a photo editing application such as Adobe Photoshop, Lightroom, GIMP, Snapseed, or Affinity Photo. This indicates the image was processed after capture. The original capture metadata may still be preserved, but pixel-level content may have been altered.
Adobe applications write an edit history into the XMP metadata of the file. Each history entry records the action taken (export, save, derive), the timestamp, and the software version. If XMP history is present, the tool shows an info badge and lists each operation in the Software section of the detail overlay.
Many camera manufacturers embed the camera body serial number and lens serial number in proprietary maker note fields. This can link a specific image to a specific physical device, which is valuable for authentication and chain of custody in investigations.
Phil Harvey's ExifTool supports 300+ file formats, reads deeply embedded vendor-proprietary tags, and handles edge cases that browser-based parsers cannot. This tool covers the most common forensic fields for JPEG, HEIC, TIFF, and major RAW formats in a convenient browser interface. For comprehensive analysis of unusual formats or maximum metadata extraction, use ExifTool on the command line.
Select files with GPS data using the checkboxes in the table. Click "Export KML" in the selection bar. This creates a KML file that opens directly in Google Earth, Apple Maps, QGIS, or any application that reads KML. Each photo is placed as a pin at its GPS coordinates with the filename and date as the label.
Always work from a forensic copy, never the original file. Use the SHA-256 hash displayed in this tool to verify the file was not modified during analysis. Export the full metadata to JSON for a machine-readable record. Generate a PDF or printable HTML report that includes the hash, methodology, and analysis date. Document your tool, version, and the date of extraction. For court submissions, corroborate findings with a validated forensic tool like ExifTool.
Keep Your EXIF Findings in Your Case Notes
GPS coordinates, camera serial numbers, and timestamps belong alongside your observations and chain of custody records. Forensic Notes keeps everything court-ready and tamper-evident in one place.