Deepfake provenance
How to verify the origin of a photo or video: a practical workflow
To verify where a photo or video actually came from, run a fixed sequence of checks ordered from strongest evidence to weakest: preserve the original file, inspect its Content Credentials (cryptographic provenance), read its embedded metadata, test for AI-generator watermarks, reverse-search it to find earlier appearances, and corroborate its claimed time and place against independent facts. Each check either adds evidence or explicitly comes up empty; your conclusion is the sum, not any single result. This tutorial turns that sequence into a repeatable workflow for media, publishing, and trust-and-safety teams.
Why a workflow rather than a tool? Because no tool is trustworthy alone. Detection software degrades against new generators (on in-the-wild 2024 deepfakes, leading open-source detectors lost close to half their benchmark AUC), and humans misjudge high-quality fakes with confidence. Provenance signatures are strong evidence but exist only on signed media, as we argue in the deepfake provenance hub. A layered checklist is what remains when you stop hoping for a magic verdict button.
Before you start: what “origin” means
Verifying origin means answering four sub-questions, and it helps to keep them separate on your worksheet:
- Source: what device, software, or account first produced this file?
- Time: when was it created, and when did it first appear online?
- Place: where was it captured, if it claims to depict a real scene?
- Integrity: has it been edited, re-encoded, or spliced since creation?
A piece of media can pass some and fail others: a genuine photo shared with a false date is a context fake, not a pixel fake, and it is by far the most common kind of misleading media.
The workflow
Step 1: Preserve the original file and log the chain of custody
Save the file exactly as you received it, before opening it in any editor or uploading it anywhere. Record: the URL or message it arrived from, who sent it, the timestamp of receipt, and a cryptographic hash of the file (on any OS, sha256sum file.jpg or certutil -hashfile file.jpg SHA256 on Windows). Work on copies from here on.
This matters for two reasons. First, several later checks read data that careless handling destroys: screenshots, messenger re-compression, and “save for web” exports all strip metadata and Content Credentials. If you only have a screenshot, note that; it caps how far verification can go. Second, if the item becomes evidence or a correction, you will need to show what you received and when.
Step 2: Check for Content Credentials (signed provenance)
Open the file in the free Content Credentials Verify tool. If the file carries a C2PA manifest, Verify shows who signed it, when, with what device or app, what edits were applied, and whether any AI generation was involved; it also flags a signature that no longer matches the pixels. Engineering teams can run the same validation in bulk with the open-source c2patool and CAI SDK.
Read the result precisely:
- Valid credential from a trusted issuer: strong evidence of source, time, and integrity. Note the signer; the credential authenticates custody, not the honesty of the scene.
- Credential present but validation fails: treat as tampered. This is a meaningful red flag, not a technicality.
- No credential: no conclusion either way. Most genuine media today is still unsigned, and platforms routinely strip metadata in their upload pipelines, which is exactly the gap durable Content Credentials aim to close. Continue to Step 3.
For the deeper reading of manifests, assertions, and ingredient chains, see our companion guide on how to verify content provenance.
Step 3: Inspect the embedded metadata
Run the file through a metadata reader such as ExifTool. For photos, look at camera make and model, capture timestamp and timezone, GPS coordinates, lens and exposure data, and the software tags that editing programs leave behind. For video, container metadata (creation time, encoder) plays the same role.
Interpret with care, in both directions:
- Metadata is unsigned and trivially editable, so it is corroborating evidence, never proof. Anyone can rewrite an EXIF date.
- Absence is normal. Social platforms strip metadata on upload, so a bare file is expected for anything that traveled through Instagram, X, or WhatsApp.
- Inconsistencies are the payload. A “smartphone photo” with no camera fields, a capture date after the file’s first online appearance, a GPS point in the wrong country, or an AI tool named in the software tag are all leads worth pulling.
Step 4: Test for AI-generator watermarks
Several major generators now mark their output invisibly, and those marks survive some of the re-processing that kills metadata. Check the ones with public verification paths:
- Google (Imagen, Veo, Gemini output): SynthID watermarks can be checked via the SynthID Detector portal or by asking the Gemini app to verify an image.
- OpenAI: generated images carry C2PA metadata plus a SynthID watermark, so Step 2 often catches them; OpenAI also cautions that the metadata layer is easily removed, which is why this watermark check is a separate step.
A positive hit is near-conclusive evidence of AI origin from that vendor. A negative result means little: the content may come from an open-source model or a generator that does not watermark. Do not let a clean watermark scan upgrade your confidence; the limits of watermarking under hostile processing are a topic of their own (see watermark robustness and attacks).
Step 5: Reverse-search the image (or video keyframes)
Now establish the file’s public history. Upload the image to at least two of: Google Lens, TinEye (sort results oldest-first), and Bing Visual Search. For video, extract keyframes and reverse-search those; the InVID-WeVerify verification plugin automates keyframe extraction and one-click searches across engines, and remains the standard free toolkit for this in newsroom practice.
You are looking for:
- An earlier appearance. If the “breaking” image was online in 2021 attached to a different event, you are done: context fake.
- A higher-quality or uncropped ancestor. Crops and mirrored copies often conceal captions, watermarks, or bystanders that identify the true origin.
- The original poster. The earliest finding often points at an account or outlet you can evaluate or contact in Step 7.
Step 6: Corroborate the claimed time and place
If the media claims to show a real event, test its internal evidence against independent facts:
- Geography: match buildings, signage, terrain, and road markings against satellite and street-level imagery in Google Maps or similar.
- Weather: check historical weather for the claimed date and place against what the footage shows.
- Light: shadow direction and length constrain time of day for a known location.
- Language and details: signs, license plates, uniforms, and storefronts should match the claimed setting.
This step catches both context fakes and many synthetic scenes, because generators still fumble real-world specifics that satellite imagery pins down. It is slow, human work; that is unavoidable, and it is where trained verifiers still outperform automated pipelines.
Step 7: Go to the source
Verification’s most underused tool is asking. Contact the earliest identifiable poster and request the original file (which restores Steps 2 and 3 if intermediaries stripped data), the device used, and corroborating shots from moments before or after. A genuine witness usually has neighboring photos, an odd angle, a burst sequence; a fabricator usually has exactly one perfect file. For high-stakes items, confirm through a second independent channel. The Arup fraud, where a live deepfaked video call authorized US$25 million in transfers, is the standing reminder that out-of-band confirmation must not depend on the same medium you are trying to verify.
Step 8: Record the verdict with its confidence level
Write down, per item: which checks ran, what each showed, and a graded conclusion. A simple ladder works:
| Confidence | Typical evidence |
|---|---|
| Verified origin | Valid Content Credential from a trusted signer, consistent metadata, no earlier conflicting appearance |
| Probable | Consistent metadata plus corroborated time and place plus credible source contact, but no signed credential |
| Unresolved | Checks came up empty or mixed; treat as unverified and label it that way |
| Probable fake | Earlier conflicting appearance, failed credential validation, generator watermark hit, or corroboration failures |
Two rules keep the ladder honest. Never promote an item just because nothing negative surfaced: absence of red flags is not verification, especially when the fakes that matter are the ones humans and detectors miss. And never bury an unresolved verdict; “we could not verify this” is publishable information.
Making this scale
Run manually, this workflow costs 15 minutes to several hours per item. Teams that face volume should automate the deterministic layers: validate C2PA credentials and extract metadata at ingest, run watermark checks in batch, auto-queue reverse-search results, and reserve humans for Steps 6 through 8. That split, machines for signatures and lookups, people for judgment, is the same layered architecture we recommend in detection vs provenance, applied at the desk level.
Webisoft builds exactly this kind of infrastructure: provenance validation, media-ingest verification pipelines, and the tooling that lets a trust team run this workflow at scale.