Guide to Computer Forensics and Investigations Third Edition. Chapter 10 Chapter 10 Recovering Graphics Files

Similar documents
Digital Imaging & Photoshop

Specific structure or arrangement of data code stored as a computer file.

Factors to Consider When Choosing a File Type

Topics. 1. Raster vs vector graphics. 2. File formats. 3. Purpose of use. 4. Decreasing file size

INTRODUCTION TO COMPUTER GRAPHICS

Raster Image File Formats

Scientific Working Group on Digital Evidence

Understanding Image Formats And When to Use Them

Bitmap Image Formats

IMAGE SIZING AND RESOLUTION. MyGraphicsLab: Adobe Photoshop CS6 ACA Certification Preparation for Visual Communication

Digital imaging or digital image acquisition is the creation of digital images, typically from a physical scene. The term is often assumed to imply

Lecture - 3. by Shahid Farid

A raster image uses a grid of individual pixels where each pixel can be a different color or shade. Raster images are composed of pixels.

MOTION GRAPHICS BITE 3623

CMPT 165 INTRODUCTION TO THE INTERNET AND THE WORLD WIDE WEB

15110 Principles of Computing, Carnegie Mellon University

PCCLUB.ORG.UK Tuesday, 3 rd May 2005 Stuart Crump. Picture Editing, Printing & Publishing Tutorial 1 of 2

apt solutions, inc. Tips Graphics - An Introduction Vector vs. Raster Graphics Vector Graphics

Digital Images: A Technical Introduction

Multimedia. Graphics and Image Data Representations (Part 2)

CGT 211 Sampling and File Formats

HTTP transaction with Graphics HTML file + two graphics files

How to Avoid Landmines: Managing your Motion Graphics Projects

CGT 511. Image. Image. Digital Image. 2D intensity light function z=f(x,y) defined over a square 0 x,y 1. the value of z can be:

LECTURE 03 BITMAP IMAGE FORMATS

LECTURE 02 IMAGE AND GRAPHICS

CHAPTER 3 I M A G E S

Image is a spatial representation of an object or a scene. (image of a person, place, object)

Graphics for Web. Desain Web Sistem Informasi PTIIK UB

Raster (Bitmap) Graphic File Formats & Standards

Fundamentals of Multimedia

BEST PRACTICES FOR SCANNING DOCUMENTS. By Frank Harrell

15110 Principles of Computing, Carnegie Mellon University

1. Using Images on Web Pages 2. Image Formats 3. Bitmap Image Formats

What You ll Learn Today

Coreldraw Crash Course

Introduction to Photography

4 Images and Graphics

This report provides a brief look at some of these factors and provides guidelines to making the best choice from what is available.

Color, graphics and hardware Monitors and Display

Digital Asset Management 2. Introduction to Digital Media Format

Elements of Design. Basic Concepts

Developing Multimedia Assets using Fireworks and Flash

WordPress Users Group Manchester, NH July 13, Preparing Images for the Web. Daryl Johnson SvenGrafik

The next table shows the suitability of each format to particular applications.

Pros and Cons for Each Type of Image Extensions

NXPowerLite Technology

LSB Encoding. Technical Paper by Mark David Gan

Colored Digital Image Watermarking using the Wavelet Technique

Digital Imaging and Image Editing

Digital Images. Digital Images. Digital Images fall into two main categories

Glossary Unit 1: Hardware/Software & Storage Media

B.Digital graphics. Color Models. Image Data. RGB (the additive color model) CYMK (the subtractive color model)

Images and Graphics. 4. Images and Graphics - Copyright Denis Hamelin - Ryerson University

Indexed Color. A browser may support only a certain number of specific colors, creating a palette from which to choose

GUIDELINES & INFORMATION

STANDARD ST.67 MAY 2012 CHANGES

Digital photo sizes and file formats

UNIT 7C Data Representation: Images and Sound

Unit 4.4 Representing Images

Welcome Back to Fundamentals of Multimedia (MR412) Fall, 2012 Chapter 3. ZHU Yongxin, Winson

TEST INFORMATION: 40 questions 50 minutes 70% minimum required to pass. Score is based on a 1000 pt system so passing will be a 700.

2015 Athens-Clarke County Library

Digital Image Processing Introduction

Bitmap Vs Vector Graphics Web-safe Colours Image compression Web graphics formats Anti-aliasing Dithering & Banding Image issues for the Web

MULTIMEDIA SYSTEMS

Scanning. Records Management Factsheet 06. Introduction. Contents. Version 3.0 August 2017

Module 4 Build a Game

Scanned Images With MECCA 2000

Information Hiding: Steganography & Steganalysis

An Analytical Study on Comparison of Different Image Compression Formats

CS101 Lecture 19: Digital Images. John Magee 18 July 2013 Some material copyright Jones and Bartlett. Overview/Questions

Image Optimization for Print and Web

Photoshop CS6. Table of Contents. Image Formats! 3. GIF (Graphics Interchange Format)! 3. JPEG or JPG (Joint Photographic Experts Group)!

UNIVERSITY OF CALICUT INTRODUCTION TO MULTIMEDIA QUESTION BANK

Photoshop 01. Introduction to Computer Graphics UIC / AA/ AD / AD 205 / F05/ Sauter.../documents/photoshop_01.pdf

The Need for Data Compression. Data Compression (for Images) -Compressing Graphical Data. Lossy vs Lossless compression

Resolution: The Peanut Butter Analogy


Detection of Steganography using Metadata in Jpeg Files

Vector VS Pixels Introduction to Adobe Photoshop

Computers & Philately Overview

Adobe Illustrator CS6

CATEGORY SKILL SET REF. TASK ITEM

Chapter 3 LEAST SIGNIFICANT BIT STEGANOGRAPHY TECHNIQUE FOR HIDING COMPRESSED ENCRYPTED DATA USING VARIOUS FILE FORMATS

raw format format for capturing maximum continuous-tone color information. It preserves all information when photograph was taken.

Digital Imaging - Photoshop

Starting a Digitization Project: Basic Requirements

CSC 170 Introduction to Computers and Their Applications. Lecture #3 Digital Graphics and Video Basics. Bitmap Basics

4/9/2015. Simple Graphics and Image Processing. Simple Graphics. Overview of Turtle Graphics (continued) Overview of Turtle Graphics

UNIT 7C Data Representation: Images and Sound Principles of Computing, Carnegie Mellon University CORTINA/GUNA

Photoshop Elements. Lecturer: Ivan Renesto. Course description and objectives. Audience. Prerequisites. Duration

Image Size Variation Influence on Corrupted and Non-viewable BMP Image

Using Adobe Photoshop

COMPSCI 111 / 111G Mastering Cyberspace: An introduction to practical computing. Digital Images Vector Graphics

Bit Depth. Introduction

Ch. 3: Image Compression Multimedia Systems

CS 262 Lecture 01: Digital Images and Video. John Magee Some material copyright Jones and Bartlett

Dr. Shahanawaj Ahamad. Dr. S.Ahamad, SWE-423, Unit-06

Portfolio Primer University of Minnesota School of Architecture College of Design

Transcription:

Guide to Computer Forensics and Investigations Third Edition Chapter 10 Chapter 10 Recovering Graphics Files

Objectives Describe types of graphics file formats Explain types of data compression Explain how to locate and recover graphics files Describe how to identify unknown file formats Explain copyright issues with graphics Guide to Computer Forensics and Investigations 2

Recognizing a Graphics File Contains digital photographs, line art, threedimensional images, and scanned replicas of printed pictures Bitmap images: collection of dots Vector graphics: based on mathematical instructions Metafile graphics: combination of bitmap and vector Types of programs Graphics editors Image viewers Guide to Computer Forensics and Investigations 3

Understanding Bitmap and Raster Bitmap images Images Grids of individual pixels Raster images Pixels are stored in rows Better for printing Image quality Screen resolution Software Number of color bits used per pixel Guide to Computer Forensics and Investigations 4

Understanding Vector Graphics Characteristics Lines instead of dots Store only the calculations l for drawing lines and shapes Smaller size Preserve quality when image is enlarged CorelDraw, Adobe Illustrator Guide to Computer Forensics and Investigations 5

Understanding Metafile Graphics Combine raster and vector graphics Example Scanned photo (bitmap) with text (vector) Share advantages and disadvantages of both types When enlarged, bitmap part loses quality Guide to Computer Forensics and Investigations 6

Understanding Graphics File Formats Standard bitmap file formats Graphic Interchange Format (.gif) Joint Photographic Experts Group (.jpeg,.jpg) Tagged Image File Format (.tiff,.tif) Window Bitmap (.bmp) Standard vector file formats Hewlett Packard Graphics Language (.hpgl) Autocad (.dxf) Guide to Computer Forensics and Investigations 7

Understanding Graphics File Formats (continued) Nonstandard graphics file formats Targa (.tga) Raster Transfer Language g (.rtl) Adobe Photoshop (.psd) and Illustrator (.ai) Freehand (.fh9) Scalable Vector Graphics (.svg) Paintbrush (.pcx) Search the Web for software to manipulate unknown image formats Guide to Computer Forensics and Investigations 8

Understanding Digital Camera File Formats Witnesses or suspects can create their own digital photos Examining the raw file format Raw file format Referred to as a digital it negative Typically found on many higher-end digital cameras Sensors in the digital camera simply record pixels on the camera s memory card Raw format maintains the best picture quality Guide to Computer Forensics and Investigations 9

Understanding Digital Camera File Formats (continued) Examining the raw file format (continued) The biggest disadvantage is that it s proprietary And not all image viewers can display these formats The process of converting raw picture data to another format is referred to as demosaicing Examining the Exchangeable Image File format Exchangeable Image File (EXIF) format Commonly used to store digital pictures Developed by JEIDA as a standard for storing metadata t in JPEG and TIFF files Guide to Computer Forensics and Investigations 10

Understanding Digital Camera File Formats (continued) Examining the Exchangeable Image File format (continued) EXIF format collects metadata Investigators can learn more about the type of digital camera and the environment in which pictures were taken EXIF file stores metadata at the beginning of the file Guide to Computer Forensics and Investigations 11

Understanding Digital Camera File Formats (continued) Guide to Computer Forensics and Investigations 12

Understanding Digital Camera File Formats (continued) Guide to Computer Forensics and Investigations 13

Understanding Digital Camera File Formats (continued) Guide to Computer Forensics and Investigations 14

Understanding Digital Camera File Formats (continued) Examining the Exchangeable Image File format (continued) With tools such as ProDiscover and Exif Reader You can extract metadata as evidence for your case Guide to Computer Forensics and Investigations 15

Guide to Computer Forensics and Investigations 16

Understanding Data Compression Some image formats compress their data GIF, JPEG, PNG Others, like BMP, do not compress their data Use data compression tools for those formats Data compression Coding of data from a larger to a smaller form Types Lossless compression and lossy compression Guide to Computer Forensics and Investigations 17

Lossless and Lossy Compression Lossless compression Reduces file size without removing data Based on Huffman or Lempel-Ziv-Welch coding For redundant bits of data Utilities: WinZip, PKZip, StuffIt, and FreeZip Lossy compression Permanently discards bits of information Vector quantization (VQ) Determines what data to discard based on vectors in the graphics file Utility: Lzip Guide to Computer Forensics and Investigations 18

Locating and Recovering Graphics Files Operating system tools Time consuming Results are difficult to verify Computer forensics tools Image headers Compare them with good header samples Use header information to create a baseline analysis Reconstruct fragmented image files Identify data patterns and modified headers Guide to Computer Forensics and Investigations 19

Identifying Graphics File Fragments Carving or salvaging Recovering all file fragments Computer forensics tools Carve from slack and free space Help identify image files fragments and put them together Guide to Computer Forensics and Investigations 20

Repairing Damage Headers Use good header samples Each image file has a unique file header JPEG: FF D8 FF E0 00 10 Most JPEG files also include JFIF string Exercise: Investigate a possible intellectual property theft by a contract employee of Exotic Mountain Tour Service (EMTS) Guide to Computer Forensics and Investigations 21

Searching for and Carving Data from Unallocated Space Guide to Computer Forensics and Investigations 22

Searching for and Carving Data from Unallocated Space (continued) Guide to Computer Forensics and Investigations 23

Searching for and Carving Data from Unallocated Space (continued) Steps Planning your examination Searching for and recovering digital photograph evidence Use ProDiscover to search for and extract (recover) possible evidence of JPEG files False hits are referred to as false positives Guide to Computer Forensics and Investigations 24

Guide to Computer Forensics and Investigations 25

Searching for and Carving Data from Unallocated Space (continued) Guide to Computer Forensics and Investigations 26

Searching for and Carving Data from Unallocated Space (continued) Guide to Computer Forensics and Investigations 27

Searching for and Carving Data from Unallocated Space (continued) Guide to Computer Forensics and Investigations 28

Searching for and Carving Data from Unallocated Space (continued) Guide to Computer Forensics and Investigations 29

Searching for and Carving Data from Unallocated Space (continued) Guide to Computer Forensics and Investigations 30

Rebuilding File Headers Try to open the file first and follow steps if you can t see its content Steps Recover more pieces of file if needed Examine file header Compare with a good header sample Manually insert correct hexadecimal values Test corrected file Guide to Computer Forensics and Investigations 31

Rebuilding File Headers (continued) Guide to Computer Forensics and Investigations 32

Guide to Computer Forensics and Investigations 33

Guide to Computer Forensics and Investigations 34

Rebuilding File Headers (continued) Guide to Computer Forensics and Investigations 35

Rebuilding File Headers (continued) Guide to Computer Forensics and Investigations 36

Reconstructing File Fragments Locate the starting and ending clusters For each fragmented group of clusters in the file Steps Locate and export all clusters of the fragmented file Determine the starting and ending cluster numbers for each fragmented group of clusters Copy each fragmented group of clusters in their proper sequence to a recovery file Rebuild the corrupted file s header to make it readable in a graphics viewer Guide to Computer Forensics and Investigations 37

Reconstructing File Fragments (continued) Guide to Computer Forensics and Investigations 38

Reconstructing File Fragments (continued) Guide to Computer Forensics and Investigations 39

Reconstructing File Fragments (continued) Guide to Computer Forensics and Investigations 40

Reconstructing File Fragments (continued) Guide to Computer Forensics and Investigations 41

Reconstructing File Fragments (continued) Remember to save the updated recovered data with a.jpg extension Sometimes suspects intentionally corrupt cluster links in a disk s FAT Bad clusters appear with a zero value on a disk editor Guide to Computer Forensics and Investigations 42

Reconstructing File Fragments (continued) Guide to Computer Forensics and Investigations 43

Reconstructing File Fragments (continued) Guide to Computer Forensics and Investigations 44

Identifying Unknown File Formats The Internet is the best source Search engines like Google Find explanations and viewers Popular Web sites www.digitek-asi.com/file_formats.html www.wotsit.org http://whatis.techtarget.comtechtarget com Guide to Computer Forensics and Investigations 45

Analyzing Graphics File Headers Necessary when you find files your tools do not recognize Use hex editor such as Hex Workshop Record hexadecimal values on header Use good header samples Guide to Computer Forensics and Investigations 46

Analyzing Graphics File Headers (continued) Guide to Computer Forensics and Investigations 47

Analyzing Graphics File Headers (continued) Guide to Computer Forensics and Investigations 48

Tools for Viewing Images Use several viewers ThumbsPlus ACDSee QuickView IrfanView GUI forensics tools include image viewers ProDiscover EnCase FTK X-Ways Forensics ilook Guide to Computer Forensics and Investigations 49

Understanding Steganography in Graphics Files Steganography hides information inside image files Ancient technique Can hide only certain amount of information Insertion Hidden data is not displayed when viewing host file in its associated program You need to analyze the data structure carefully Example: Web page Guide to Computer Forensics and Investigations 50

Guide to Computer Forensics and Investigations 51

Understanding Steganography in Graphics Files (continued) Guide to Computer Forensics and Investigations 52

Understanding Steganography in Graphics Files (continued) Substitution Replaces bits of the host file with bits of data Usually change the last two LSBs Detected with steganalysis tools Usually used with image files Audio and video options Hard to detect Guide to Computer Forensics and Investigations 53

Understanding Steganography in Graphics Files (continued) Guide to Computer Forensics and Investigations 54

Understanding Steganography in Graphics Files (continued) Guide to Computer Forensics and Investigations 55

Using Steganalysis Tools Detect variations of the graphic image When applied correctly you cannot detect hidden data in most cases Methods Compare suspect file to good or bad image versions Mathematical calculations verify size and palette color Compare hash values Guide to Computer Forensics and Investigations 56

Identifying Copyright Issues with Graphics Steganography originally incorporated watermarks Copyright laws for Internet are not clear There is no international copyright law Check www.copyright.gov Guide to Computer Forensics and Investigations 57

Image types Summary Bitmap Vector Metafile Image quality depends on various factors Image formats Standard Nonstandard Digital camera photos are typically in raw and EXIF JPEG formats Guide to Computer Forensics and Investigations 58

Summary (continued) Some image formats compress their data Lossless compression Lossy compression Recovering image files Carving file fragments Rebuilding image headers Software Image editors Image viewers Guide to Computer Forensics and Investigations 59

Summary (continued) Steganography Hides information inside image files Forms Insertion Substitution Steganalysis Finds whether image files hide information Guide to Computer Forensics and Investigations 60

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback