For nearly two centuries, photography held a privileged status as evidence. A photograph was something that happened in front of a lens. That assumption began eroding with Photoshop in the 1990s, and it collapsed entirely when diffusion models started producing synthetic images indistinguishable from camera output. The question now is not whether images can be faked but whether any image can be proven real. RAW file verification is the strongest answer currently available.
The method is straightforward in principle. A photographer submits both a finished JPEG and the original RAW file from the camera. A verification system compares the two across multiple independent dimensions: sensor characteristics, structural similarity, metadata consistency, statistical distribution, and tampering indicators. If the evidence aligns across all checks, the JPEG is signed with a cryptographic certificate attesting to its lineage. This guide explains each step in detail.
Why RAW Files Matter
The RAW file occupies a unique position in digital photography. It is the closest thing to a physical negative that a digital camera produces. A JPEG has been processed, compressed, and rendered by the camera's internal software. A RAW file has not. It contains the unprocessed output of the sensor: a grid of single-channel intensity values, one per pixel, captured through a color filter array. This makes it exceptionally hard to fabricate.
AI image generators produce pixel rasters. They output finished images in RGB color space, with three color values per pixel arranged in a format ready for viewing. They do not simulate the physics of photon capture on a CMOS or CCD sensor. They do not produce Bayer mosaic data. They do not introduce the specific noise patterns that arise from manufacturing imperfections in silicon. A genuine RAW file carries physical evidence of its origin in ways that no current software generator replicates.
This is why the RAW file serves as ground truth in verification. If someone claims a JPEG is a genuine photograph, the corresponding RAW file either corroborates or contradicts that claim through multiple independent lines of evidence. Each line of evidence is independently verifiable. Together, they form a case that is far more convincing than any probability score from an AI detector.
The distinction matters practically. An AI detector examines a finished image and returns a percentage. A RAW verification system examines the relationship between two files, the alleged source and the alleged derivative, and produces a detailed report documenting what it found. One is an opinion. The other is evidence.
Anatomy of a RAW File
Understanding RAW verification requires understanding what a RAW file actually contains. The internal structure is more complex than most photographers realize, and that complexity is part of what makes fabrication difficult.
The core data in a RAW file is the Bayer mosaic. The camera sensor's color filter array (CFA) places a single color filter over each photosite: red, green, or blue, arranged in a repeating pattern. The most common arrangement, the Bayer pattern, uses two green filters for every one red and one blue, reflecting human vision's greater sensitivity to green wavelengths. The RAW file stores the intensity value from each photosite directly, before any color interpolation occurs. The camera's image processor later performs demosaicing, interpolating the missing color values to produce a full-color image. But the RAW preserves the pre-demosaiced data, where each pixel records only one color channel.
Every sensor also produces noise, and the characteristics of that noise are specific to the hardware. Fixed-pattern noise arises from manufacturing variations in the silicon substrate. Some pixels respond slightly more strongly to light than their neighbors, and some produce a small current even in total darkness (dark current). These patterns are consistent across every image a particular sensor produces. Shot noise, by contrast, is random and follows a Poisson distribution governed by the number of photons arriving at each photosite during the exposure. Both types of noise are physically grounded. They reflect the behavior of matter and light, not the output of an algorithm.
The metadata embedded in a RAW file extends well beyond standard EXIF fields. Manufacturers encode proprietary data structures in formats specific to their firmware. Nikon's NEF files, Canon's CR3 files, and Sony's ARW files each contain lens correction profiles, autofocus point data, processing parameters, and internal camera state information in formats that are partially documented and partially opaque. These structures vary between camera models and even between firmware versions. Correctly fabricating all of them would require detailed knowledge of each manufacturer's internal software.
The file container itself adds another layer of complexity. Most RAW formats are based on TIFF, with manufacturer-specific extensions. Canon's newer CR3 format uses the ISO Base Media File Format (BMFF), the same container used by HEIF and MP4. These container structures have specific byte-level layouts, tag orderings, and internal references that must be internally consistent. A synthetic file that gets any of these structural details wrong reveals itself immediately.
Sensor Authenticity Analysis
Sensor authenticity analysis is the most physically grounded component of RAW verification. It examines whether the data in a RAW file could plausibly have originated from a real camera sensor.
The primary technique is PRNU (Photo-Response Non-Uniformity) analysis. Every sensor pixel responds slightly differently to the same amount of light due to microscopic variations introduced during manufacturing. One pixel might consistently produce a value 0.3% higher than its neighbors under uniform illumination; another might read 0.2% lower. These variations form a fixed, unique pattern, analogous to a fingerprint. The PRNU pattern is specific not just to a sensor model but to an individual sensor unit. Two cameras of the same make and model will have different PRNU signatures.
PRNU analysis in verification does not typically require a reference fingerprint from a known camera. Instead, it examines whether the noise residual extracted from the RAW file is consistent with what genuine sensor output looks like. AI-generated images lack PRNU entirely because no physical sensor was involved in their creation. The noise in a synthetic image, if any, is algorithmically generated and does not exhibit the spatial correlations and frequency characteristics of real sensor noise. Research published in IEEE Transactions on Information Forensics and Security has demonstrated that PRNU-based methods can reliably distinguish camera-captured images from synthetic ones, even when the synthetic images have been post-processed.
CFA interpolation artifacts provide a second line of evidence. In a genuine RAW file, adjacent pixels under the Bayer mosaic exhibit specific statistical correlations. A green pixel's value is correlated with its neighboring red and blue pixels in ways determined by the optical properties of the scene and the physics of the sensor. These correlations are subtle but measurable. Demosaicing algorithms exploit them to reconstruct full-color images, and their presence in the RAW data confirms that the mosaic structure is genuine rather than synthetically generated.
Dark current analysis adds a third dimension. In underexposed regions of an image, the signal is dominated by sensor noise rather than photon-generated signal. The behavior of pixels in these dark regions, their baseline offset, their noise distribution, and the presence of consistently "hot" pixels, reveals characteristics specific to the sensor hardware. A fabricated RAW file would need to replicate not just the image content but also the correct dark-current profile for the claimed sensor, a difficult proposition without access to the physical hardware.
Structural Similarity Measurement
Sensor analysis establishes that the RAW file comes from a real camera. Structural similarity measurement establishes that the JPEG was actually derived from that RAW file. These are separate questions. A genuine RAW file paired with an unrelated JPEG would pass sensor checks but fail similarity checks.
The comparison begins with normalization. The RAW file must be developed into a viewable image before it can be compared to the JPEG. The verification system renders the RAW with neutral settings (no creative adjustments, standard color profile, default sharpening) to produce a reference image. This reference represents what the JPEG would look like with minimal processing.
The reference rendering is then compared to the submitted JPEG using perceptual similarity metrics. The most widely used is SSIM (Structural Similarity Index Measure), developed by Zhou Wang, Alan Bovik, and colleagues across the University of Texas at Austin and New York University. SSIM evaluates three components: luminance similarity, contrast similarity, and structural correlation. Unlike simple pixel-difference metrics, SSIM is designed to reflect how the human visual system perceives image similarity. Two images can differ substantially in absolute pixel values (due to exposure adjustment, color grading, or contrast enhancement) while still scoring high on SSIM because the structural content, the edges, textures, and spatial relationships, remains intact.
Perceptual hashing provides a complementary measure. Perceptual hash algorithms reduce an image to a compact fingerprint that is stable across common transformations. Two renderings of the same photograph, even with different exposure and color settings, will produce similar perceptual hashes. Two different photographs, or a photograph with content added or removed, will produce divergent hashes. The verification system compares the perceptual hashes of the RAW rendering and the JPEG to confirm that they depict the same scene.
Spatial alignment is a necessary preprocessing step. Photographers routinely crop, rotate, and adjust the aspect ratio of their images during editing. The JPEG may show only a portion of the RAW's full frame, or it may have been rotated to straighten the horizon. The verification system must detect and compensate for these geometric transformations before running similarity metrics. This involves feature matching (identifying corresponding points in both images) and geometric transformation estimation (computing the crop, rotation, and scale that maps one to the other).
The system must tolerate the full range of normal post-processing while detecting substantive content changes. Exposure adjustments, white balance shifts, saturation changes, sharpening, and noise reduction are all legitimate editing operations that alter pixel values without changing what the image depicts. Object removal, face swapping, and compositing change the content itself. The challenge is drawing the line correctly. The threshold must be strict enough to catch meaningful manipulation and loose enough to accommodate the creative latitude that photographers expect.
Metadata Consistency Analysis
Metadata analysis examines whether the technical parameters recorded in the RAW and JPEG files are consistent with each other. This check is simpler than sensor or similarity analysis, but it catches a different class of problems.
The basic comparison covers EXIF fields shared between both files: camera make and model, lens identifier, focal length, aperture, shutter speed, ISO sensitivity, and capture timestamp. A JPEG that claims to have been shot on a Canon EOS R5 at 85mm f/1.4 should pair with a RAW file recording the same camera and lens combination. If the JPEG's metadata says Canon and the RAW says Nikon, the mismatch is immediate and unambiguous.
More subtle inconsistencies reveal themselves in the relationship between settings. A RAW file recorded at ISO 6400 with a shutter speed of 1/30s should produce an image with certain exposure characteristics. A JPEG paired with that RAW but claiming ISO 100 in its own metadata has an implausible discrepancy. The metadata may have been edited, or the files may not actually be related.
Manufacturer-specific metadata fields add depth to this analysis. RAW files from major camera manufacturers contain proprietary data blocks that standard EXIF editors do not write. Canon's CR3 files include internal processing tables, lens optical correction data, and autofocus tracking information stored in Canon's proprietary format. Nikon's NEF files contain similar manufacturer-specific structures. Fabricating a RAW file that passes metadata consistency checks requires replicating not just the standard EXIF tags but also these proprietary fields, in the correct format, with internally consistent values. This is a substantially harder problem than editing a few text fields.
GPS and timestamp verification provides an additional constraint when present. If both files contain geolocation data, the coordinates should match or be consistent with the time elapsed between captures (for workflows where the RAW and JPEG are not created simultaneously). Timestamps should reflect a plausible sequence: the RAW's creation time should precede the JPEG's, by an interval consistent with the photographer's editing workflow. A JPEG created before its supposed RAW source is a clear anomaly.
Histogram and Statistical Comparison
Histogram analysis compares the statistical distribution of pixel values across color channels between the RAW rendering and the JPEG. This check operates in a different domain than structural similarity. Where similarity metrics measure whether two images look alike, histogram analysis measures whether the mathematical relationship between them is consistent with known editing operations.
Legitimate photo editing transforms histograms in predictable ways. An exposure increase shifts the entire distribution toward higher values. A contrast increase stretches the distribution, pushing shadows lower and highlights higher. White balance adjustment shifts the relationship between color channels, making reds warmer or blues cooler. These transformations follow well-understood mathematical functions (gamma curves, tone curves, channel mixing matrices) that leave characteristic signatures in the statistical relationship between the source and the edited file.
Content manipulation produces different statistical effects. Compositing two images (splicing a person from one photograph into the background of another) creates local discontinuities in the histogram. The spliced region's pixel value distribution reflects the lighting, exposure, and processing of its source image, which may differ from the rest of the frame. AI inpainting, where an object is removed and the gap filled by a generative model, introduces pixel statistics that don't correspond to any standard editing operation applied to the original RAW data.
Color space analysis extends this comparison. RAW files record data in a device-specific color space determined by the sensor's spectral response. The JPEG exists in a standard color space, typically sRGB or Adobe RGB. The mapping between the two follows predictable transformations defined by the camera's color science and the user's chosen output profile. If the color relationship between the RAW and JPEG deviates from any known camera-to-output color mapping, the files are unlikely to be genuinely related.
Recapture and Tampering Detection
Recapture is one of the more sophisticated attacks against verification systems. The attacker displays a manipulated image on a high-quality monitor, then photographs the screen with a real camera. The result is a genuine camera capture, complete with authentic RAW data and legitimate EXIF metadata, that depicts a fabricated scene.
Detection relies on the physical artifacts that recapture introduces. Photographing a screen creates the possibility of moire patterns, interference fringes produced by the interaction between the display's pixel grid and the camera sensor's photosite grid. Even when moire is not visible to the eye, spectral analysis of the image's frequency domain can reveal periodic peaks corresponding to the display's subpixel structure.
The tone curve provides another signal. A recaptured image has been tone-mapped twice: once by the original processing pipeline that created the displayed image, and once by the camera that photographed the screen. This doubled tone mapping compresses the image's dynamic range in a characteristic way that differs from single-capture tone curves. Analysis of the tonal distribution, particularly in highlights and shadows, can reveal this doubling.
Focus and depth of field characteristics offer geometric clues. A recaptured image of a landscape will have been photographed at a focus distance of roughly one meter (the distance from camera to screen), yet it depicts a scene with depth extending to infinity. The optical characteristics of near-focus capture, such as the pattern of lens aberrations and the uniformity of focus across the frame, are inconsistent with the scene content. A landscape should show optical behavior corresponding to a focus distance of several meters or infinity, not one meter.
Spectral analysis of the illumination can also distinguish screen light from natural or studio light. LCD backlights and OLED emitters have distinct emission spectra that differ from sunlight, tungsten, or flash. These spectral characteristics influence the color distribution of the captured image in ways that trained models can detect. For a deeper treatment of recapture methods and their forensic signatures, see Detecting Recaptured Images.
Splice detection and compression artifact analysis address different forms of tampering. Splicing, where regions from different images are composited, leaves boundary artifacts and statistical inconsistencies at the splice edges. Double JPEG compression, which occurs when an image is decoded, edited, and re-encoded, leaves periodic artifacts in the DCT coefficient distribution that differ from single-compression images. Both of these tampering indicators are well-studied in the forensic literature and serve as independent verification signals.
The Consensus Model
No single verification check is foolproof. PRNU analysis can be defeated by adding synthetic noise. Structural similarity can be gamed by carefully aligning a fabricated image to a genuine RAW. Metadata can be copied or edited. Each check, taken alone, has known weaknesses.
The strength of the system lies in requiring all checks to pass simultaneously. This is the consensus model. The verification pipeline runs its analyses in parallel, each examining a different dimension of the file pair. Only when every analysis returns positive evidence does the system proceed to sign the JPEG. A failure in any single check blocks certification.
The security analogy is straightforward. A single lock can be picked. A single biometric scanner can be spoofed. A single guard can be deceived. But defeating a lock, a biometric scanner, and a guard at the same time is a qualitatively different problem. Each defense is independent, and compromising one does not help with the others. An attacker who successfully fabricates sensor noise characteristics still needs to produce correct manufacturer-specific metadata, pass structural similarity checks, match histogram statistics, and avoid recapture artifacts.
The output of this process is not a probability score. It is a concrete report documenting which checks were performed, what evidence was found in each, and what the overall result was. This report is legible and auditable. An editor, a contest judge, or a legal examiner can read it and understand what the verification system checked and why it reached its conclusion. This transparency is a design choice. The system's credibility depends on its willingness to show its work.
Edge Cases and Limitations
RAW verification is powerful, but it is not universal. Honest accounting of its limitations is necessary for anyone evaluating whether to adopt it.
Heavy editing is the most common source of verification difficulty. Photographers who perform extensive retouching (composite panoramas stitched from multiple RAW files, heavy frequency separation work on skin, substantial object removal using content-aware fill) push their JPEG far from the original RAW. At some point, the edits are substantial enough that the structural similarity between the two files falls below the verification threshold. The system must reject these submissions because it cannot distinguish heavy legitimate editing from actual manipulation. This is a real constraint for retouchers and composite artists whose work legitimately transforms the source material.
Missing RAW files are a hard limitation. RAW verification requires the source file. A JPEG-only submission cannot be verified through this method. Photographers who shoot JPEG-only, or who have lost or discarded their RAW files, cannot use RAW-based verification. For these cases, other approaches (camera-level C2PA signing, AI detection as a secondary signal) must fill the gap.
Smartphone photography introduces complications. Modern phones from Apple, Samsung, and Google can shoot RAW (Apple ProRAW, Samsung Expert RAW, Android DNG). These files are compatible with RAW verification in principle. In practice, computational photography features complicate the relationship between RAW and JPEG. Night mode captures merge multiple frames. HDR processing combines exposures. The "RAW" file from a phone may itself be the product of significant computational processing, making the RAW-to-JPEG comparison less straightforward than it is with a traditional camera that produces a single, unprocessed sensor readout.
Future threats deserve acknowledgment. As generative AI advances, the possibility of producing synthetic RAW files with plausible sensor characteristics is not permanently excluded. Current generators cannot do this. They would need to simulate Bayer mosaic data, PRNU patterns, manufacturer-specific metadata structures, and file container formats, all consistently and correctly. That is a substantially harder problem than generating a convincing JPEG. But "substantially harder" is not "impossible," and the gap will narrow over time. Camera-level C2PA signing, where the camera itself cryptographically signs the RAW file at the moment of capture (as Sony, Leica, and Nikon have begun implementing), adds an additional layer that does not depend on the difficulty of fabrication. It depends on the security of the camera's signing key.
From Verification to Certification
When all checks pass, the verification system signs the JPEG with a C2PA manifest. This is the final step in the pipeline, and it transforms the verification results from a transient analysis into a permanent, portable credential.
The C2PA manifest records several pieces of information. It includes cryptographic hashes of both the RAW and JPEG files, binding the signed assertion to specific file contents. It records the verification results, documenting which checks were performed and their outcomes. It identifies the signing entity (the organization operating the verification service) and includes a cryptographic timestamp proving when the signing occurred. The manifest is embedded in the JPEG file itself, so the credential travels with the image wherever it goes.
The signed JPEG becomes a self-contained proof of authenticity. Anyone who receives the image can inspect its C2PA manifest using standard tools (such as Adobe's Content Authenticity inspection site or the C2PA open-source verification library) and review the assertions it contains. They can see that the image was verified against a RAW file, that it passed specific forensic checks, and that a named entity signed the result at a recorded time. They do not need access to the RAW file to inspect the credential.
This is the verify-then-sign approach applied to photography. The C2PA standard provides the cryptographic infrastructure for making claims about content. The verification pipeline ensures that the claims being made are backed by evidence. The combination produces a credential that is both cryptographically secure and semantically meaningful.
For downstream consumers, this simplifies trust decisions. An editor receiving a photograph with a Lumethic C2PA manifest knows that the image passed multi-factor RAW verification before it was signed. A contest judge can check the manifest rather than relying on the photographer's word. A stock agency can accept the credential as documentation of authenticity, reducing the burden of manual review.
Frequently Asked Questions
What RAW formats are supported? Most major RAW formats are compatible with verification systems that implement broad format support. This includes Canon CR2 and CR3, Nikon NEF and NRW, Sony ARW, Fujifilm RAF, Olympus/OM System ORF, Panasonic RW2, Leica DNG, and Adobe DNG. Apple ProRAW and Samsung Expert RAW, which use the DNG container, are also supported. The exact list of supported formats varies by implementation and may expand as new camera models are released.
Can RAW verification detect AI-upscaled images? If a photographer applies AI upscaling to a JPEG before submitting it for verification, the upscaled image will differ from the RAW rendering in resolution and pixel-level detail. Structural similarity checks and histogram analysis will detect these differences. Whether the verification fails depends on how substantially the upscaling altered the image content. Minor upscaling may fall within tolerance. Aggressive upscaling that hallucinates new detail (as many AI upscalers do) will likely push the image beyond the verification threshold.
How much editing can I do before verification fails? Standard post-processing operations are expected and tolerated. Exposure correction, white balance adjustment, contrast and saturation changes, sharpening, noise reduction, lens distortion correction, and moderate cropping all fall within the range of normal editing. The system is designed to accommodate these. Verification is most likely to fail when editing changes the content of the image rather than its appearance: removing objects, adding elements, compositing from multiple sources, or applying heavy AI-based retouching that substantially alters the pixel structure.
Is RAW verification the same as AI detection? No. They solve different problems with different methods. AI detection examines a single image and tries to classify it as real or synthetic based on learned statistical patterns. RAW verification examines the relationship between two files (a RAW and a JPEG) and produces a forensic report based on multiple independent analyses. AI detection returns a probability. RAW verification returns documented evidence. The two approaches are complementary: AI detection is useful when no source file is available, while RAW verification provides stronger evidence when the source file exists.
What happens if verification fails? The system does not sign the JPEG. The photographer receives a report indicating which checks failed and, where possible, why. Common causes include a mismatch between the submitted files (the JPEG was not derived from the submitted RAW), editing too extensive for the system to confirm lineage, or anomalies in the RAW file that suggest it may not be a genuine camera capture. The photographer can review the report, address any issues (for instance, by submitting the correct RAW file or reducing the extent of editing), and try again.
Can someone fabricate a RAW file? In theory, yes. In practice, it is extremely difficult to do convincingly. A fabricated RAW file would need to contain a valid Bayer mosaic with correct CFA pattern data, plausible PRNU noise characteristics, internally consistent manufacturer-specific metadata in the correct proprietary format, and a valid file container structure. It would also need to match the submitted JPEG across all verification dimensions simultaneously. No publicly known tools or methods currently produce synthetic RAW files that pass multi-factor forensic verification. As camera manufacturers adopt C2PA signing at the hardware level, the bar rises further: the RAW file itself would need a valid cryptographic signature from a camera's secure signing key.