# How to Tell If a Photo Has Been Edited or Photoshopped (2026) > How to tell if a photo is edited or photoshopped: check the EXIF Software tag, run Error Level Analysis, read visual tells, and verify content credentials. *Published: 2026-06-16* ยท *6 min read* Canonical URL: https://timestampcamera.net/photo-guides/how-to-tell-if-a-photo-has-been-edited **Quick answer:** Four practical signals tell you a photo has likely been edited. (1) **Metadata**: open a free [EXIF viewer](/exif-viewer) and read the Software tag. A value like "Adobe Photoshop 26.0" or "Adobe Lightroom", or a DateTimeOriginal that disagrees with ModifyDate, points to an edit. (2) **Error Level Analysis (ELA)**: run it in our [Photo Forensics tool](/photo-forensics) to highlight pasted or re-saved regions that compress differently from the rest of the image. (3) **Visual tells**: inconsistent lighting, soft or hard edges around an object, repeating cloned patterns, and warped backgrounds. (4) **C2PA Content Credentials**: a signed manifest that can record the edit chain. No single check is proof on its own; combine them. People reach for photo editing for harmless reasons (brightness, cropping, a quick blemish fix) and for dishonest ones (faking a document, removing a person, inventing damage for a claim). This guide is about telling the two apart. It covers what an edited file looks like in the metadata, what Error Level Analysis can and cannot show you, the visual red flags that survive a careful edit, and the honest limits of every method. If you suspect a fully synthetic image rather than a retouched real one, read [how to detect AI-generated images](/photo-guides/how-to-detect-ai-generated-images) instead, because the signals are different. ## Check the metadata first The fastest check costs nothing and takes under a minute. Open the photo in our [EXIF viewer](/exif-viewer) and look at three things. **The Software tag.** When you open a JPEG or PNG in an editor and save it, the program usually stamps its own name into the EXIF Software field. Real cameras write firmware strings ("1.2.0", "iOS 19.2"). Editors write their product name: "Adobe Photoshop 26.0 (Macintosh)", "Adobe Lightroom Classic 14.3", "GIMP 3.0", "Pixelmator Pro". If a photo claims to come straight off a camera but the Software tag names an editor, the file was processed after capture. That alone does not prove a dishonest edit (Lightroom export is routine), but it tells you the pixels are not the untouched original. **Timestamp mismatch.** A fresh, unedited capture has DateTimeOriginal, CreateDate, and ModifyDate that are nearly identical. When ModifyDate is hours, days, or years later than DateTimeOriginal, the file was saved again after the shutter fired. That is exactly what happens when someone opens an image, edits it, and exports it. A large gap is a flag worth investigating. **Missing camera fields.** Real camera photos carry Make, Model, LensModel, FNumber, ExposureTime, and ISO. Many editors, especially when you "Save for Web" or export a flattened copy, drop most of this. A photo with a recent ModifyDate, an editor Software tag, and no camera fields at all has been through an editing pipeline that stripped the original capture data. For a full tour of these fields, see [how to see when a photo was taken](/photo-guides/how-to-see-when-a-photo-was-taken). ## Error Level Analysis (ELA), explained Error Level Analysis is the classic forensic test for splices and local edits. Open the file in our [Photo Forensics tool](/photo-forensics) and run the ELA view. Here is the idea. JPEG is a lossy format: every time you save, the image loses a predictable amount of detail. ELA re-saves the photo at a known quality and measures the difference between the original and the re-save, pixel by pixel. A photo that was saved once compresses uniformly, so the whole frame shows roughly even ELA brightness. But when someone pastes a region from another image, or clones a patch, or paints over an area, that region has a different compression history. After the re-save, it often glows brighter or darker than its surroundings. Sharp rectangular bright zones, an object that stands out against a flat background, or a face at a different error level than the body are all classic edit signatures. ELA is most reliable on JPEGs that have been saved a small number of times. It is weakest on PNGs (lossless, so the math differs), on heavily compressed social media re-uploads (which flatten everything to a similar level), and on edits where the whole image was re-exported at one quality after editing, which can erase the local difference. Treat a clean ELA as "no splice detected here", not "definitely untouched". ## Visual red flags Some tells survive even a careful edit, because they come from physics the editor did not reconcile. **Lighting and shadows.** Light in a real scene has one or a few consistent directions. If an inserted person is lit from the left while everything behind them is lit from the right, or casts a shadow that points the wrong way (or casts none at all), the object was probably added. **Edges and halos.** Look closely at the boundary of any suspicious object. A faint bright or dark halo, an unnaturally crisp cutout against a soft background, or smudged "liquify" warping near a waistline or jaw are signs of local manipulation. **Repeating patterns.** The clone and healing tools copy texture. Identical leaves, duplicated bricks, a repeated cloud shape, or a stretch of grass that tiles too perfectly suggest something was painted out and covered over. **Warped backgrounds.** Removing an object often bends the straight lines behind it. Door frames, tiles, railings, and horizons that gently curve where they should be straight are a strong tell that something was erased. ## Content credentials (C2PA) C2PA Content Credentials are a cryptographically signed manifest embedded in the file that can record the editing chain: which tool touched the image and what kind of change was made. Adobe Photoshop and Lightroom can attach these credentials, and when they are intact you can read the edit history at [contentcredentials.org/verify](https://contentcredentials.org/verify) or learn more in [how to check content credentials (C2PA)](/photo-guides/how-to-check-content-credentials-c2pa). The catch is that credentials are opt-in and easy to lose. A screenshot, a re-upload through a platform that strips metadata, or an export from a tool that does not write C2PA will all leave nothing to verify. So C2PA is strong evidence of editing when present, but its absence proves nothing. ## The limits Be honest about what these methods can and cannot do. A skilled editor working at a consistent JPEG quality, matching lighting carefully and re-exporting the whole frame once, can produce an edit that passes ELA and looks clean. A simple re-save, a format conversion to PNG, or a trip through a messaging app can wipe the Software tag, flatten ELA, and erase content credentials, hiding the traces of even a crude edit. And many flags have innocent explanations: an editor Software tag often just means the photo was color-corrected, and a timestamp gap can come from a routine export. The most important rule in forensics applies here. Absence of proof is not proof of innocence, and a single suspicious signal is a reason to look harder, not a verdict. When the stakes are real, combine all four checks, seek the original file from the source, and weigh the metadata, the pixels, and the story together.