ContainerForensics¶
Status: Released / Active development
ContainerForensics examines the binary container structure of MP4, MOV, MXF, and AVI video files.
ContainerForensics is an open-source forensic triage instrument designed to support examiner review of video container structure and provenance. It does not issue final authenticity opinions. It identifies technical features, inconsistencies, or artifacts that may warrant further analysis.
What It Examines¶
- The MPEG-4 atom/box hierarchy and the structural layout of the file
- Post-processing and encoder signatures written into container metadata
- Edit list boxes and timestamp consistency across the movie, track, and media headers
- The file's structural profile compared against documented device and software signatures
What It Produces¶
- A SHA-256 hash of the input file, computed before analysis, as a chain-of-custody baseline
- A triage result summary with per-finding severity
- A technical finding summary with the specific value observed and the standard or research it is based on
- A device-class profile comparison against documented device and software profiles
- An atom structure map of the complete box hierarchy
- Tool version, dependency versions, parameters, and analysis timestamp recorded in every report
Scope Limitation¶
This tool supports forensic triage and examiner-led analysis. A finding is not, by itself, an authentication opinion. A clean result does not prove authenticity, and a flagged result does not prove manipulation.
Availability¶
GitHub: github.com/ramikhashmel/ContainerForensics
Install:
Usage:
Note
Container structure analysis is typically the first analytical step on a video evidence file. It establishes a structural provenance baseline before content-level analysis begins.