How It Works
Sniffer runs a seven-layer forensic analysis on every image submitted. Each layer operates independently. The results are weighted, scored, and assembled into a cryptographically signed evidence report — formatted for platform takedown filings, legal exhibits, and personal records.
7
Analysis layers
<60s
Report time
0
Account required
Verification Process
Begin by providing basic context — where you found the image, the issue type, and your privacy preference. No account is required. Anonymous submissions are fully supported.
Case ID generated · no identity required
What happens
Your image is SHA-256 hashed at the boundary before anything else runs. The hash becomes the immutable identifier for the entire forensic chain. A reference image may optionally be provided for comparative analysis.
SHA-256 · hash-first architecture · file discarded post-analysis
What happens
All analysis layers execute concurrently. Each layer operates independently — no single layer controls the verdict. Results are weighted and aggregated into a composite authenticity score.
30–60s · 7 concurrent analysis modules
What happens
A structured evidence document is produced containing per-layer scores, detected anomaly regions, a forensic narrative, and a cryptographically derived case hash. The report is formatted to meet platform takedown filing and legal exhibit standards.
Tamper-evident hash · printable PDF · platform-ready
What happens
Analysis Engine
Each layer is designed to catch a different class of manipulation. A determined forgery rarely defeats all seven simultaneously.
Re-saves the image at a known JPEG quality and measures per-pixel deviation from the original. Edited regions compress differently — their ELA residuals stand out as bright regions against a uniform noise floor.
Parses all embedded metadata fields including camera model, software IDs, GPS coordinates, creation timestamps, and colour profiles. Missing, forged, or inconsistent tags are primary manipulation indicators.
Analyses the frequency spectrum and spatial domain for statistical patterns unique to neural network output — checkerboard artifacts, spectral peaks at regular intervals, and texture distributions inconsistent with camera optics.
Maps 68 facial key-points and measures geometric deviation from anatomically valid proportions. Deepfake generators and face-swap tools introduce measurable asymmetries at the bone structure level.
Detects copy-move forgery — where a region of the image is duplicated and pasted elsewhere to cover or add content. Uses block-matching across keypoint descriptors to find near-identical regions.
Every camera sensor has a unique photon-response non-uniformity (PRNU) noise fingerprint. Composited image regions break this field — the foreign pixels carry a different sensor signature.
JPEG images store data as discrete cosine transform (DCT) coefficients. Re-saved or edited regions have double-quantised coefficients — a statistical ghost of the editing tool's compression pass.
Evidence Output
Structured for platform abuse teams, legal professionals, and survivors who need verifiable documentation.
Case Metadata
Forensic Verdict
Layer Results
Visual Evidence
C2PA Provenance
Audit Trail
Chain of Custody
SHA-256 is computed over the analysis results JSON. Any alteration to the report after generation changes the hash, which invalidates the document as evidence. This design means your original file is mathematically excluded from the evidence chain entirely.
hash = SHA256(analysis_results)
report_id = SNF‑{case_id}
image_ref = SHA256(file_bytes)
stored = hash only · no pixels
─────────────────────
integrity = verifiable · tamper-evident
Protection Registry
Upload original images to compute and store their cryptographic fingerprint. If the same image is ever submitted through the verification pipeline, it is automatically flagged as matching a registered original — creating an immutable paper trail of ownership.
Upload your original
We compute a SHA-256 hash and perceptual image fingerprint. The image itself is never retained — only the mathematical proof.
Fingerprint registered
Your hash is written to the protection registry. Any identical or near-identical image uploaded for verification will automatically match against your entry.
Match detected
When a match is found, the forensic report flags the image with your registry reference ID — giving you cryptographic proof of prior registration.
Reference ID
A3F8D2C0
SHA-256 Hash
a3f8d2c0…1b9e74f3
Perceptual Hash
f7e3c2b1…9a0d5e2f
Registry Match
This image was submitted for verification on 6 Mar 2026 and automatically matched your registration.
Registered pre-dispute · ownership chain established
Takedown Workflow
Platform abuse forms require evidence in specific formats. Sniffer generates compliant takedown notices for all major platforms automatically.
Provide the image you found being misused online. We compute its hash and check the protection registry.
If a registry match is found, your ownership is cryptographically confirmed and referenced in the notice.
A formal DMCA-style takedown notice is generated, pre-populated with your evidence hash and case reference.
The notice links directly to the platform's official abuse reporting form — formatted to their requirements.
Privacy & Security
Your file is hashed on arrival and discarded immediately after analysis. The report references the hash — not the file.
No email, account, or identity is required. Anonymous cases receive full forensic analysis — indistinguishable from attributed ones.
The forensic output is itself hashed — any modification to the report after generation changes the hash, invalidating it as evidence.
Session thumbnails are stored in your browser only. No IP address, device identifier, or browsing pattern is logged.
Start Now
No account. No install. Upload your image and receive a signed evidence report in under 60 seconds.