Skip to main content
SpringerLink
Log in
Book cover

International Conference on Future Generation Information Technology

FGIT 2009: Future Generation Information Technology pp 173–180Cite as

Fragmentation Point Detection of JPEG Images at DHT Using Validator

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 5899))

Abstract

File carving is an important, practical technique for data recovery in digital forensics investigation and is particularly useful when filesystem metadata is unavailable or damaged. The research on reassembly of JPEG files with RST markers, fragmented within the scan area have been done before. However, fragmentation within Define Huffman Table (DHT) segment is yet to be resolved. This paper analyzes the fragmentation within the DHT area and list out all the fragmentation possibilities. Two main contributions are made in this paper. Firstly, three fragmentation points within DHT area are listed. Secondly, few novel validators are proposed to detect these fragmentations. The result obtained from tests done on manually fragmented JPEG files, showed that all three fragmentation points within DHT are successfully detected using validators.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. http://www.korelogic.com/Resources/Projects/dfrws_challenge_2006/DFRWS_2006_File_Carving_Challenge.pdf

  2. Digital Forensics Research Workshop, DFRWS (2007)

    Google Scholar 

  3. Garfinkel, S.: Carving contiguous and fragmented files with fast object validation. In: Proceedings of the 2007 digital forensics research workshop, DFRWS, Pittsburg (2007)

    Google Scholar 

  4. Pal, A., Memon, N.: Evolution of file carving. IEEE Signal Processing Magazine, 59–71 (2009)

    Google Scholar 

  5. Pal, A., Shanmugasundaram, K., Memon, N.: Automated Reassembly of Fragmented Images. AFOSR Grant F49620-01-1-0243 (2003)

    Google Scholar 

  6. Richard III, G.G., Roussev, V., Marzial, L.: In-Place File Carving. In: National Science Foundation under grant # CNS-0627226 (2007)

    Google Scholar 

  7. Hall, G.A., Davis, W.P.: Sliding Window Measurement for File Type Identification (2006)

    Google Scholar 

  8. Shannon, M.: Forensic Relative Strength Scoring: ASCII and Entropy Scoring. International Journal of Digital Evidence 2(4) (Spring 2004)

    Google Scholar 

  9. Li, W., Wang, K., Stolfo, S.J., Herzog, B.: Fileprints: Identifying File Types by n-gram Analysis. IEEE, Los Alamitos (2005)

    Google Scholar 

  10. Wallace, G.K.: The JPEG Still Picture Compression Standard. IEEE Transactions on Consumer Electronics (1991)

    Google Scholar 

  11. ITU T.81, CCITT: Information Technology – Digital Compression and Coding of Continuous-Tone Still Images –Requirements and Guideline (1992)

    Google Scholar 

  12. Hamilton, E.: JPEG file interchange format v1.02. Technical report, C-Cube Microsystems (1992)

    Google Scholar 

  13. Pal, A., Sencar, H.T., Memon, N.: Detecting File Fragmentation Point Using Sequential Hypothesis Testing. Journal of Digital Investigations, s2–s13 (2008)

    Google Scholar 

  14. Karresand, M., Shahmehri, N.: Reassembly of Fragmented JPEG Images Containing Restart Markers. In: Proceeding of European Conference on Computer Network Defense. IEEE, Los Alamitos (2008)

    Google Scholar 

  15. http://www.verytools.com

  16. http://www.foundstone.com/us/resources/proddesc/bintext.htm

Download references

Author information

Authors and Affiliations

  1. Faculty of Information Technology and Multimedia, Universiti Tun Hussein Onn Malaysia (UTHM), 86400, Parit Raja, Batu Pahat, Johor, Malaysia

    Kamaruddin Malik Mohamad & Mustafa Mat Deris

Authors
  1. Kamaruddin Malik Mohamad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mustafa Mat Deris
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Sogang University, South Korea

    Young-hoon Lee

  2. Hannam University, Daejeon, South Korea

    Tai-hoon Kim

  3. National Chiao Tung University, Hsinchu, Taiwan

    Wai-chi Fang

  4. University of Warsaw & Infobright Inc., Poland

    Dominik Ślęzak

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mohamad, K.M., Deris, M.M. (2009). Fragmentation Point Detection of JPEG Images at DHT Using Validator. In: Lee, Yh., Kim, Th., Fang, Wc., Ślęzak, D. (eds) Future Generation Information Technology. FGIT 2009. Lecture Notes in Computer Science, vol 5899. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10509-8_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10509-8_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10508-1

  • Online ISBN: 978-3-642-10509-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation