Abstract
File carving is an important, practical technique for data recovery in digital forensics investigation and is particularly useful when filesystem metadata is unavailable or damaged. The research on reassembly of JPEG files with RST markers, fragmented within the scan area have been done before. However, fragmentation within Define Huffman Table (DHT) segment is yet to be resolved. This paper analyzes the fragmentation within the DHT area and list out all the fragmentation possibilities. Two main contributions are made in this paper. Firstly, three fragmentation points within DHT area are listed. Secondly, few novel validators are proposed to detect these fragmentations. The result obtained from tests done on manually fragmented JPEG files, showed that all three fragmentation points within DHT are successfully detected using validators.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Digital Forensics Research Workshop, DFRWS (2007)
Garfinkel, S.: Carving contiguous and fragmented files with fast object validation. In: Proceedings of the 2007 digital forensics research workshop, DFRWS, Pittsburg (2007)
Pal, A., Memon, N.: Evolution of file carving. IEEE Signal Processing Magazine, 59–71 (2009)
Pal, A., Shanmugasundaram, K., Memon, N.: Automated Reassembly of Fragmented Images. AFOSR Grant F49620-01-1-0243 (2003)
Richard III, G.G., Roussev, V., Marzial, L.: In-Place File Carving. In: National Science Foundation under grant # CNS-0627226 (2007)
Hall, G.A., Davis, W.P.: Sliding Window Measurement for File Type Identification (2006)
Shannon, M.: Forensic Relative Strength Scoring: ASCII and Entropy Scoring. International Journal of Digital Evidence 2(4) (Spring 2004)
Li, W., Wang, K., Stolfo, S.J., Herzog, B.: Fileprints: Identifying File Types by n-gram Analysis. IEEE, Los Alamitos (2005)
Wallace, G.K.: The JPEG Still Picture Compression Standard. IEEE Transactions on Consumer Electronics (1991)
ITU T.81, CCITT: Information Technology – Digital Compression and Coding of Continuous-Tone Still Images –Requirements and Guideline (1992)
Hamilton, E.: JPEG file interchange format v1.02. Technical report, C-Cube Microsystems (1992)
Pal, A., Sencar, H.T., Memon, N.: Detecting File Fragmentation Point Using Sequential Hypothesis Testing. Journal of Digital Investigations, s2–s13 (2008)
Karresand, M., Shahmehri, N.: Reassembly of Fragmented JPEG Images Containing Restart Markers. In: Proceeding of European Conference on Computer Network Defense. IEEE, Los Alamitos (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mohamad, K.M., Deris, M.M. (2009). Fragmentation Point Detection of JPEG Images at DHT Using Validator. In: Lee, Yh., Kim, Th., Fang, Wc., Ślęzak, D. (eds) Future Generation Information Technology. FGIT 2009. Lecture Notes in Computer Science, vol 5899. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10509-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-10509-8_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10508-1
Online ISBN: 978-3-642-10509-8
eBook Packages: Computer ScienceComputer Science (R0)