Document Forensics

Metadata Fraud Detection

Read between the bytes: what metadata reveals about document and image authenticity.

Fraud and risk analystsInsurance claims handlersLegal and compliance reviewersAnyone investigating a suspicious file
4.9·132+ reviews

Check a document instantly

Upload a file to start verification.

Drag & drop your document

or click to browse

PNG, JPG, WebP, PDF · Max 10MB

Your file stays in your browser until you create an account and confirm your email. Originals are deleted after analysis.

Advanced Verification
Originals Deleted
Redacted Reports

TrueDoc ROI and performance stats

<120sForensic report
10× fasterFraud review
40+Fraud signals
8+ hrsSaved / 100 docs

Estimated savings based on replacing a 10–15 minute manual document review with automated TrueDoc analysis.

Built on Trusted AI Infrastructure
Google Cloud
Gemini
OpenAI
Anthropic
Google Cloud
Gemini
OpenAI
Anthropic
Google Cloud
Gemini
OpenAI
Anthropic
Google Cloud
Gemini
OpenAI
Anthropic
Google Cloud
Gemini
OpenAI
Anthropic
Google Cloud
Gemini
OpenAI
Anthropic
Google Cloud
Gemini
OpenAI
Anthropic
Google Cloud
Gemini
OpenAI
Anthropic
Google Cloud
Gemini
OpenAI
Anthropic
Google Cloud
Gemini
OpenAI
Anthropic
Google Cloud
Gemini
OpenAI
Anthropic
Google Cloud
Gemini
OpenAI
Anthropic

Multi-layer forensic logic

Proprietary detection scans template variance, metadata drift, pixel-level retouching, and structural anomalies the human eye misses.

▸ Document Analysis · LiveID: 8829-XQ
Risk score: High · 94%Signals matched: 12,042

Metadata deep-dive

Inspects EXIF, software signatures, edit history, and structural fingerprints.

SoftwareAdobe Photoshop 2024
ModifiedDetected
Geo-tagMismatch

Privacy-first by design

Originals are processed in encrypted memory and removed after analysis. Reports stay redacted by default.

No training on your data
Team & admin controls
▸ 01 · The Problem

Why eyeballing a document no longer works

Most fake documents carry metadata that contradicts the story they tell — creator tools that shouldn't have produced the file, edit timestamps after the claimed date, or edit traces from image editors.

TrueDoc surfaces these signals as part of every verdict, and exposes the raw metadata for analysts who want to dig in.

▸ 02 · Fraud Signals

What we look for

Cross-checked across 5+ vectors
▸ Primary signal

PDF creator tools that don't match the claimed source (e.g., screenshot editor producing a 'bank statement')

Detected at pixel + metadata + structural layers

Timestamps that post-date the document's claimed date

Image editor signatures embedded in EXIF / XMP

Multiple incremental updates indicating later edits

Stripped or scrubbed metadata used to hide edits

What gets checked

PDFs (creator, producer, modification history, incremental updates)
Images (EXIF, XMP, software fingerprints)
Office documents where metadata is present
▸ 03 · Workflow

From upload to verdict

01

Upload the file

PDF or image.

02

Extract metadata

Creator tools, timestamps, edit traces, and embedded fingerprints.

03

Reconcile with content

Cross-check metadata against the document's claimed origin and date.

04

Decide

Use metadata findings alongside forensic and AI signals — never in isolation.

Limitations to keep in mind

Metadata can be stripped or rewritten by determined actors. A clean metadata block does not prove authenticity.

Use metadata as a soft signal alongside visual forensics, structural analysis, and AI-generation detection — not as the sole basis for a decision.

How the metadata fraud detection differs from a generic AI check

Most "AI detector" tools look at one signal — usually a perplexity score on extracted text. The metadata fraud detection runs that as one layer of many. It also evaluates metadata lineage (software, edit history, geo), pixel-level forensics (ELA, font kerning, retouching regions), and structural anomalies in the underlying PDF or image container.

The reason: pdf creator tools that don't match the claimed source (e.g., screenshot editor producing a 'bank statement') rarely leaves only one fingerprint. A convincing forgery usually fails on two or three of those layers, even when one of them looks clean.

What a high-risk report actually shows

A high-risk verdict on PDFs (creator, producer, modification history, incremental updates), Images (EXIF, XMP, software fingerprints), Office documents where metadata is present returns per-field evidence — not just a score. You see the suspicious regions highlighted on the page, the specific metadata fields that triggered the flag (for example, "Timestamps that post-date the document's claimed date"), and the layer each finding came from.

That structure is what makes the verdict actionable: fraud and risk analysts can read why a document was flagged before deciding to reject, request a reupload, or escalate.

Common false positives and how we suppress them

Scanned originals, mobile-camera shots, and re-exported PDFs are the three most common sources of benign anomalies. The metadata fraud detection scores those differently from the patterns associated with deliberate forgery — for example, a recompressed JPEG from a phone is not treated the same as a recompressed JPEG with a font substitution.

When a document is flagged, the report tells you which signal triggered it. If the only signal is a low-confidence compression artifact, the verdict is downgraded rather than counted as fraud.

Run a real document. Get a forensic verdict.

No credit card. Redacted report in under a minute.

▸ FAQ

Frequently asked questions