Forensight

Forensight is an advanced image OSINT and video-call inspection toolkit built for investigative and analytical workflows. It allows you to extract metadata, perform reverse searches, detect objects and faces, run OCR, inspect image integrity, and analyze suspicious full-screen video calls directly from the command line.

What's New in Version 2.0

Version 2.0 introduces Fake Video Call Detection (FVCD) as a major feature.

This update adds a real-time workflow for inspecting suspicious video calls by:

• calibrating against a good-quality real video baseline
• analyzing audio and visual anomalies
• detecting suspicious freeze / repeat / motion inconsistency patterns
• producing a readable final assessment
• explaining why a call was flagged as real, uncertain, suspicious, or likely fake

Forensight v2.0 is now both an image OSINT engine and a real-time fake video call inspection tool.

---

Features

Forensight is a comprehensive OSINT toolkit designed for investigators, analysts, and researchers. Its features include:

1. Fake Video Call Detection (New in v2.0)

• Inspect full-screen video calls in real time.
• Calibrate the detector using a clear real video before detection starts.
• Analyze audio and video behavior for suspicious deviations from the real baseline.
• Detect:
  • freeze-like visual behavior
  • repeated frame patterns
  • unnatural motion consistency
  • severe video anomalies
• Produce readable result labels such as:
  • LIKELY REAL
  • UNCERTAIN / NO SIGNAL
  • UNCERTAIN
  • SUSPICIOUS
  • POSSIBLE FAKE
  • LIKELY FAKE
  • LIKELY FAKE (VIDEO OVERRIDE)
• Display a human-readable explanation of what made the call look real or fake.

2. Core Image Handling

• Read, write, and manipulate images in multiple formats, including advanced formats like AVIF.
• Resize, crop, rotate, and convert images.
• Compute image hashes for duplicate detection or similarity analysis.

3. Metadata & Reverse Search

• Extract and analyze EXIF/XMP metadata from images.
• Attempt best-effort recovery of missing or stripped metadata.
• Perform automated reverse image searches.
• Retrieve geolocation, timestamps, and other embedded information.

4. AI-Powered Analysis (Optional)

• Detect objects and people in images.
• Recognize scenes and generate descriptive captions.
• Classify images and extract visual features.
• Supports GPU acceleration for faster processing (optional).

5. Face Recognition

• Detect and locate faces in images.
• Count faces and highlight them with bounding boxes.
• Compare faces against reference datasets where configured.

6. OCR (Optical Character Recognition)

• Extract printed and handwritten text from images.
• Recognize multi-language text depending on configuration.

7. Data Handling & Visualization

• Analyze numeric and tabular data associated with images.
• Map geolocated images and generate interactive visualizations.
• Create detailed investigation reports.

8. Security, Signing & Encryption

• Sign investigation data for integrity verification.
• Encrypt sensitive files to protect investigation materials.
• Validate signatures to ensure authenticity.

9. CLI Utilities

• User-friendly command-line interface for workflow automation.
• Display progress, logs, and status updates in the terminal.
• Combine multiple operations in a single run.
• Flexible argument parsing for customized workflows.

---

How Fake Video Call Detection Works

The Fake Video Call Detector in Forensight v2.0 is heuristic-based and works in two stages:

Stage 1: Calibration

Before detection begins, the user is asked to switch to a good-quality real video with:

• a clear visible face
• decent lighting
• a stable image
• the video filling as much of the screen as possible

During this stage, the detector measures what a normal real baseline looks like.

It records:

• audio baseline
• video baseline

This allows the detector to compare future signals against a known real reference instead of blindly guessing.

Stage 2: Detection

After calibration is complete, the detector pauses and asks the user to switch to the full-screen video call they want to inspect.

Once detection resumes, it analyzes:

Audio behavior

The detector looks at:

• spectral flatness
• peak distribution
• energy stability

This helps it estimate whether the audio behavior is natural or suspicious.

Video behavior

The detector looks at:

• repeated frame behavior
• freeze-like frame similarity
• motion consistency using optical flow
• moiré / texture instability
• face visibility and face size on screen

These signals are fused into a final anomaly score.

Final Result

The detector combines audio and video evidence and produces:

• a label
• a confidence score
• a signal summary
• a readable explanation of why the session looked real or suspicious

Important Notes

The detector works best when:

• the calibration video is genuinely real
• the face is clearly visible
• the target video call remains full-screen
• the user does not switch away from the call screen during detection

The detector may return UNCERTAIN / NO SIGNAL if:

• the face is not visible
• the video call is too small
• the screen changes during detection
• signal quality is too weak to judge reliably

---

Screenshots & Workflow

Screenshot

Example of Forensight running a metadata extraction and OCR workflow.

Workflow GIF

Demonstrates a full workflow: metadata extraction → OCR → face detection → mapping.

Installation for windows

Step 1: Open PowerShell as Administrator

Press Win + X → Windows Terminal (Admin) or search for PowerShell, right-click → Run as administrator.

Step 2: Install Git via winget

winget install --id Git.Git -e --source winget

--id Git.Git → Specifies the official Git package -e → Exact match

--source winget → Ensures it uses the official repository

Step 3: Verify Installation

git --version

You should see something like:

git version 2.41.0.windows.1

Download Python (3.11 is recommended)

Step 1: Go to the official Python website:

https://www.python.org/downloads/windows/

Click Download Python 3.11

Step 2: Run the Installer

1. Open the downloaded .exe file.

2. Important: Check “Add Python 3.11 to PATH” at the bottom.

3. Click Install Now.

4. Wait for the installation to complete and click Close.

Cloning repository

Step 1: Open Git Bash and clone the repository

Press Win, type Git Bash, and open it.

git clone https://github.com/spider863644/Forensight.git
cd Forensight

Step 2: Set up a Python environment

python -m venv venv
venv\Scripts\activate          

Step 3: Install dependencies

pip install pycryptodome
pip install -r requirements.txt

Important for Windows users: Installing face_recognition on Windows can be tricky because it depends on dlib. Follow these steps carefully:

1. Install Visual Studio Build Tools 2019 or 2022 (ensure "Desktop development with C++" workload is selected).

2. Download the precompiled wheel for dlib that matches your Python version from https://www.lfd.uci.edu/~gohlke/pythonlibs/#dlib.

3. Install the wheel manually, e.g.:

pip install path\to\dlib-19.24.0-cp311-cp311-win_amd64.whl

4. Finally, install face_recognition:

pip install face_recognition

Installation for Linux

Step 1: Install Git and Python3

sudo apt update && sudo apt upgrade

sudo apt install git

sudo apt install python3

Step 2: Clone the repository

git clone https://github.com/spider863644/Forensight.git
cd Forensight

Step 3: Set up a Python environment

python -m venv venv
source venv/bin/activate 

Step 4: Install dependencies

sudo apt update

sudo apt install tesseract-ocr -y

pip install pycryptodome
pip install -r requirements.txt

Step 5: Install Face_recognition

sudo apt install -y cmake g++ make python3-dev
sudo apt install -y libboost-all-dev

Now simply run

pip install face_recognition

Usage:

python3 main.py --help       #Linux

python main.py --help    #Winndows

Contributing

Forensight is for personal and educational purposes. Please do not redistribute, modify, or use it commercially without permission. Credit must always be given to the original author.

Author & Credits

Forensight was conceptualized, developed, and maintained by Spider Anongreyhat.

All core code, workflows, and OSINT techniques implemented in this project are the work of the author.

Special thanks to the developers of the libraries used: Pillow, OpenCV, face_recognition, YOLOv8, BLIP, pytesseract, and others that made this toolkit possible.

“Built for investigative and educational OSINT. Always give credit where it’s due.”