How to read EXIF metadata, and what it can and cannot prove

A field guide from ChronoVerify, written by a 25-year intelligence analyst.

EXIF is the data a camera writes into a photo: the date and time, the device, the settings, and sometimes GPS coordinates. You can read it with your device's file details, a free EXIF viewer, or ChronoVerify. It is informative, but it can be edited or stripped, so treat it as a lead, not proof.

What EXIF contains

EXIF, short for Exchangeable Image File Format, is a block of metadata embedded inside JPEG and many other image files. Common fields include:

Capture time (DateTimeOriginal), the moment the shutter fired.
Device make and model, and the software that last saved the file.
Camera settings such as exposure, aperture, ISO, and focal length.
GPS coordinates, when location was enabled on the device.

How to read it

Device file details. Phones and computers show some EXIF (date taken, dimensions, sometimes location) in a photo's properties or info panel.
An EXIF viewer. Free tools display the full set of fields, including settings and GPS.
ChronoVerify. It reads the EXIF, presents a plain-language summary of when and on what device a photo was taken, and reports whether the values are internally consistent.

What it reveals, including about privacy

EXIF can expose more than people expect. GPS coordinates can pin a photo to a home or workplace, and device and timestamp data can link images together. If you share photos publicly and want to avoid revealing location, strip the metadata first, which many platforms already do on your behalf.

What EXIF cannot prove

This is the part that matters most for verification:

It is editable. Any EXIF field, including the capture time and GPS, can be changed with free software. A value is a claim by the file, not a guarantee.
It is easily stripped. Social and messaging apps routinely remove EXIF, so its absence says nothing about authenticity.
It does not describe the scene. EXIF records how and when a file was made, not whether the depicted event is real.

For a tamper-evident record, look for Content Credentials, which are cryptographically signed so changes are detectable. EXIF and Content Credentials work best together: EXIF for breadth, Content Credentials for integrity.

Want a plain-language read of a photo's EXIF and capture time?

Check a photo now

Common questions

What does EXIF metadata contain?

EXIF can include the capture date and time, the device make and model, camera settings such as exposure and ISO, the software used, and GPS coordinates when location was enabled.

How do I read a photo's EXIF data?

Use your device's file details, a free EXIF viewer, or ChronoVerify, which reads the metadata and returns a plain-language summary along with a verdict.

Can EXIF data be edited or faked?

Yes. EXIF can be edited or removed with free tools, so it is a useful lead but not proof. For a tamper-evident record, look for signed Content Credentials.

Why is my photo's EXIF missing?

Social platforms and messaging apps often strip EXIF on upload or download for privacy and size, and screenshots never carry capture EXIF. Missing data is common and not a sign of tampering.

Sources and further reading: an EXIF viewer such as Jimpl; the C2PA Content Credentials standard at contentcredentials.org.