원문정보
초록
영어
Header and footer are important in digital investigation for JPEG file detection as only 16% of files are fragmented. The use of efficient algorithm to detect them is vital to reduce time taken for analyzing ever increasing data in hard drive or physical memory. Even though there are few applications developed for file carving that rely on header and footer e.g. Foremost, Scalpel; however the algorithm used for header detection is not much discussed. In this paper, we introduce three novel algorithms; single-byte-marker, dual-byte-marker and 20-point-reference for JPEG File Interchange Format (JFIF) header detection using a newly introduced FORHEADER model. Three experiments have been carried out using an image from hard disk and physical memory; and raw data from Digital Workshop Forensics Research Workshop 2006 (DFRWS 2006) challenge. The results obtained showed that dual-byte-marker algorithm provides better performance in terms of processing time for JFIF header detection.
목차
1. Introduction
2. Related Work
3. FORHEADER Model
4. JFIF
5. JFIF header detection algorithms
5.1. Single-Byte-Marker Algorithm
5.2. Dual-Byte-Marker Algorithm
5.3. 20-Point-Reference Algorithm
6. Experimentations
6.1. FORHEADER Model for JFIF Header Detection
6.2. Preparing Resources for Experiments using FORHEADER
6.3. First experiment : input data from memory image mem.dd
6.4. Second Experiment : input data from hard disk image hdd.dd
6.5. Third Experiment : input data from DFRWS 2006 Data Set
7. Result and Discussion
8. Conclusion
References