> IMO, the only way to verify authenticity of stuff like this is to have hardware on the device (camera) which adds a signature/timestamp/etc to the data.
The reason it's hard to fake RAW files isn't because one can't convert images to RAW files, but because RAW files contain lots of additional information that would be difficult to fake. For example, RAW files include mosaiced sensor data which has flaws that are unique to a particular sensor.¹ A digital forensics expert can evaluate a hundred aspects of RAW files to see if anything smells fishy.
Cameras have been doing that for at least a decade, but that's not foolproof either. For example, Canon's Original Decision Data was cracked in 2010. https://photographybay.com/2010/11/30/canon-original-data-se...
The reason it's hard to fake RAW files isn't because one can't convert images to RAW files, but because RAW files contain lots of additional information that would be difficult to fake. For example, RAW files include mosaiced sensor data which has flaws that are unique to a particular sensor.¹ A digital forensics expert can evaluate a hundred aspects of RAW files to see if anything smells fishy.
¹ https://www.labmanager.com/sensor-imperfections-are-perfect-...