Carving JPEG images and thumbnails using image pattern matching

Kamaruddin Malik Mohamad, Ahmed Patel, Mustafa Mat Deris

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    2 Citations (Scopus)

    Abstract

    Digital forensics is a branch of forensic science to monitor, analyze and examine digital media or devices. File carving is the art of recovering files from digital data storage with corrupted or unavailable file system metadata and it is very useful in a digital forensics investigation. However, earlier generation file carver like Scalpel and Foremost only deals with non-fragmented files. We proposed an automatic image and thumbnail carving tool called myKarve which is useful in digital forensics investigation and presentation of evidential information that is able to carve contiguous and linearly fragmented images caused by garbage. myKarve is designed on a new architecture to deal with thumbnail and fragmentation issues. The tool is tested with images obtained from the Internet. myKarve is found to be a more efficient automated image and thumbnail carver compared to the original Scalpel with the following advantages: detects more headers using validated headers; carves more images and thumbnails by using the newly introduced image patterns; and is able to discard garbage from linearly fragmented images. The results from myKarve are invaluable in the field work of digital forensic analysis that can produce technical evidence against cybercrime activities to prosecution cases.

    Original languageEnglish
    Title of host publicationISCI 2011 - 2011 IEEE Symposium on Computers and Informatics
    Pages78-83
    Number of pages6
    DOIs
    Publication statusPublished - 2011
    Event2011 IEEE Symposium on Computers and Informatics, ISCI 2011 - Kuala Lumpur
    Duration: 20 Mar 201122 Mar 2011

    Other

    Other2011 IEEE Symposium on Computers and Informatics, ISCI 2011
    CityKuala Lumpur
    Period20/3/1122/3/11

    Fingerprint

    Pattern matching
    Digital storage
    Digital devices
    Metadata
    Internet
    Digital forensics

    Keywords

    • digital forensics
    • file carving
    • hidden information
    • myKarve
    • side channels

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Information Systems

    Cite this

    Mohamad, K. M., Patel, A., & Deris, M. M. (2011). Carving JPEG images and thumbnails using image pattern matching. In ISCI 2011 - 2011 IEEE Symposium on Computers and Informatics (pp. 78-83). [5958888] https://doi.org/10.1109/ISCI.2011.5958888

    Carving JPEG images and thumbnails using image pattern matching. / Mohamad, Kamaruddin Malik; Patel, Ahmed; Deris, Mustafa Mat.

    ISCI 2011 - 2011 IEEE Symposium on Computers and Informatics. 2011. p. 78-83 5958888.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Mohamad, KM, Patel, A & Deris, MM 2011, Carving JPEG images and thumbnails using image pattern matching. in ISCI 2011 - 2011 IEEE Symposium on Computers and Informatics., 5958888, pp. 78-83, 2011 IEEE Symposium on Computers and Informatics, ISCI 2011, Kuala Lumpur, 20/3/11. https://doi.org/10.1109/ISCI.2011.5958888
    Mohamad KM, Patel A, Deris MM. Carving JPEG images and thumbnails using image pattern matching. In ISCI 2011 - 2011 IEEE Symposium on Computers and Informatics. 2011. p. 78-83. 5958888 https://doi.org/10.1109/ISCI.2011.5958888
    Mohamad, Kamaruddin Malik ; Patel, Ahmed ; Deris, Mustafa Mat. / Carving JPEG images and thumbnails using image pattern matching. ISCI 2011 - 2011 IEEE Symposium on Computers and Informatics. 2011. pp. 78-83
    @inproceedings{a96de794b4e5451f9894616d9332e07b,
    title = "Carving JPEG images and thumbnails using image pattern matching",
    abstract = "Digital forensics is a branch of forensic science to monitor, analyze and examine digital media or devices. File carving is the art of recovering files from digital data storage with corrupted or unavailable file system metadata and it is very useful in a digital forensics investigation. However, earlier generation file carver like Scalpel and Foremost only deals with non-fragmented files. We proposed an automatic image and thumbnail carving tool called myKarve which is useful in digital forensics investigation and presentation of evidential information that is able to carve contiguous and linearly fragmented images caused by garbage. myKarve is designed on a new architecture to deal with thumbnail and fragmentation issues. The tool is tested with images obtained from the Internet. myKarve is found to be a more efficient automated image and thumbnail carver compared to the original Scalpel with the following advantages: detects more headers using validated headers; carves more images and thumbnails by using the newly introduced image patterns; and is able to discard garbage from linearly fragmented images. The results from myKarve are invaluable in the field work of digital forensic analysis that can produce technical evidence against cybercrime activities to prosecution cases.",
    keywords = "digital forensics, file carving, hidden information, myKarve, side channels",
    author = "Mohamad, {Kamaruddin Malik} and Ahmed Patel and Deris, {Mustafa Mat}",
    year = "2011",
    doi = "10.1109/ISCI.2011.5958888",
    language = "English",
    isbn = "9781612846903",
    pages = "78--83",
    booktitle = "ISCI 2011 - 2011 IEEE Symposium on Computers and Informatics",

    }

    TY - GEN

    T1 - Carving JPEG images and thumbnails using image pattern matching

    AU - Mohamad, Kamaruddin Malik

    AU - Patel, Ahmed

    AU - Deris, Mustafa Mat

    PY - 2011

    Y1 - 2011

    N2 - Digital forensics is a branch of forensic science to monitor, analyze and examine digital media or devices. File carving is the art of recovering files from digital data storage with corrupted or unavailable file system metadata and it is very useful in a digital forensics investigation. However, earlier generation file carver like Scalpel and Foremost only deals with non-fragmented files. We proposed an automatic image and thumbnail carving tool called myKarve which is useful in digital forensics investigation and presentation of evidential information that is able to carve contiguous and linearly fragmented images caused by garbage. myKarve is designed on a new architecture to deal with thumbnail and fragmentation issues. The tool is tested with images obtained from the Internet. myKarve is found to be a more efficient automated image and thumbnail carver compared to the original Scalpel with the following advantages: detects more headers using validated headers; carves more images and thumbnails by using the newly introduced image patterns; and is able to discard garbage from linearly fragmented images. The results from myKarve are invaluable in the field work of digital forensic analysis that can produce technical evidence against cybercrime activities to prosecution cases.

    AB - Digital forensics is a branch of forensic science to monitor, analyze and examine digital media or devices. File carving is the art of recovering files from digital data storage with corrupted or unavailable file system metadata and it is very useful in a digital forensics investigation. However, earlier generation file carver like Scalpel and Foremost only deals with non-fragmented files. We proposed an automatic image and thumbnail carving tool called myKarve which is useful in digital forensics investigation and presentation of evidential information that is able to carve contiguous and linearly fragmented images caused by garbage. myKarve is designed on a new architecture to deal with thumbnail and fragmentation issues. The tool is tested with images obtained from the Internet. myKarve is found to be a more efficient automated image and thumbnail carver compared to the original Scalpel with the following advantages: detects more headers using validated headers; carves more images and thumbnails by using the newly introduced image patterns; and is able to discard garbage from linearly fragmented images. The results from myKarve are invaluable in the field work of digital forensic analysis that can produce technical evidence against cybercrime activities to prosecution cases.

    KW - digital forensics

    KW - file carving

    KW - hidden information

    KW - myKarve

    KW - side channels

    UR - http://www.scopus.com/inward/record.url?scp=80052122480&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=80052122480&partnerID=8YFLogxK

    U2 - 10.1109/ISCI.2011.5958888

    DO - 10.1109/ISCI.2011.5958888

    M3 - Conference contribution

    SN - 9781612846903

    SP - 78

    EP - 83

    BT - ISCI 2011 - 2011 IEEE Symposium on Computers and Informatics

    ER -