Carving JPEG images and thumbnails using image pattern matching
Digital forensics is a branch of forensic science to monitor, analyze and examine digital media or devices. File carving is the art of recovering files from digital data storage with corrupted or unavailable file system metadata and it is very useful in a digital forensics investigation. However, ea...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Subjects: | |
| Online Access: | http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5958888 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5958888 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Digital forensics is a branch of forensic science to
monitor, analyze and examine digital media or devices. File
carving is the art of recovering files from digital data storage
with corrupted or unavailable file system metadata and it is very
useful in a digital forensics investigation. However, earlier
generation file carver like Scalpel and Foremost only deals with
non-fragmented files. We proposed an automatic image and
thumbnail carving tool called myKarve which is useful in digital
forensics investigation and presentation of evidential information
that is able to carve contiguous and linearly fragmented images
caused by garbage. myKarve is designed on a new architecture to
deal with thumbnail and fragmentation issues. The tool is tested
with images obtained from the Internet. myKarve is found to be a
more efficient automated image and thumbnail carver compared
to the original Scalpel with the following advantages: detects
more headers using validated headers; carves more images and
thumbnails by using the newly introduced image patterns; and is
able to discard garbage from linearly fragmented images. The
results from myKarve are invaluable in the field work of digital
forensic analysis that can produce technical evidence against
cybercrime activities to prosecution cases. |
|---|