Guide to Computer Forensics and Investigations, Second Edition Chapter 11 Recovering Image Files.

Slides:



Advertisements
Similar presentations
Raster Graphics 2.01 Investigate graphic image design.
Advertisements

Introduction to Computer Graphics Raster Vs. Vector COMMUNICATION TECHNOLOGY.
Chapter 10 Recovering Graphics Files
Chapter 8 Recovering Graphics Files
Multimedia for the Web: Creating Digital Excitement Multimedia Element -- Graphics.
Graphics CS 121 Concepts of Computing II. What is a graphic? n A rectangular image. n Stored in a file of its own, or … … embedded in another data file.
COS/PSA 413 Day 18. Agenda Lab 9 write-up grades –2 A’s, 1 B, 1 D and 1 F –Answer the questions with a minimal amount of BS –I will start taking off points.
Chapter 10 Recovering Graphics Files Guide to Computer Forensics and Investigations Third Edition.
2.01 Understand Digital Raster Graphics
COS 413 Day 15. Agenda Assignment 4 corrected –2 A’s, 5 B’s, 1 C and 1 non-submit Assignment 5 Due Assignment 6 will be assigned next week Lab 4 write-up.
Image and Sound Editing Raed S. Rasheed Image Image. Digital image. – Raster images. – Vector Images. – Stereo Images. – Image File Formats Lossless.
File Formats By Jack Turner. Raster (Bitmap) Raster or bitmap is a dot matrix data structure, containing columns of dots and rows, of a graphics image.
Introduction to Computer Graphics Raster Vs. Vector TGJ 2OI St. Christopher C.S.S. 4 Introduction to Computer Graphics.ppt.
SAK INTRODUCTION TO COMPUTER FORENSICS Chapter 7 Image Files Forensics
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.
Web Design, 4 th Edition 5 Typography and Images.
File Formats Different applications (programs) store data in different formats. Applications support some file formats and not others. Open…, Save…, Save.
Hands-on: Capturing an Image with AccessData FTK Imager
Graphics.
File Formats COM 366 Web Design & Layout. Native file format –Format native to software program –.psd > PhotoShop default Preserves layers –Use “Save.
File Formats About graphic file formats And image compression.
Chapter 10 Recovering Graphics Files Guide to Computer Forensics and Investigations Third Edition.
Module Code: CU0001NI Technical Information on Digital Images Week -2.
SOFTWARE TYPES Word processing Page layout Paint Draw.
8 Using Web Graphics Section 8.1 Identify types of graphics Identify and compare graphic formats Describe compression schemes Section 8.2 Identify image.
HTML presentation Graphics H format H data compression H size H creating or finding H publishing.
Computer Concepts 2014 Chapter 8 Digital Media. 8 Digital Audio Basics  Sampling a sound wave Chapter 8: Digital Media 2.
Section 8.1 Create a custom theme Design a color scheme Use shared borders Section 8.2 Identify types of graphics Identify and compare graphic formats.
Information Processes and Technology Multimedia: Graphics.
File Formats Different applications (programs) store data in different formats. Applications support some file formats and not others. Open…, Save…, Save.
10 | Graphics COM 366 Web Design & Production. Native file format –Format native to software program –psd > PhotoShop default Preserves layers –Use “Save.
2D Graphics Theory & Principles. Single Point Smallest addressable area on screen or digital image.
File Formats and Vector Graphics. File Types Images and data are stored in files. Each software application uses different native file types and file.
Chapter 2 File Format Objectives (1 of 2) Identify the difference between vector based graphics and bitmap-based graphics Clarify bitmap and vector graphic.
Unit 1: Task 1 By Abbie Llewellyn. Vector Graphic Software (Corel Draw) Computer graphics can be classified into two different categories: raster graphics.
Chapter 3 Image Files © 2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website,
Raster Graphics 2.01 Investigate graphic image design.
Chapter 8 Recovering Graphics Files
Image File Formats. What is an Image File Format? Image file formats are standard way of organizing and storing of image files. Image files are composed.
Graphics Concepts Presentation
Introduction to Images & Graphics JMA260. Objectives Images introduction Photoshop.
21 st Century Technology. Painting Uses Pixels Quality of image Changes Drawing Uses Vectors or Lines Quality of Image Does NOT Change.
Digital Graphics for Computer Games Pixels Types of Digital Graphics (Raster and Vector) Compression.
Chapter 1 Definitions & Basics of Digital Image 1.Image 2.Digital Image 3.Raster 4. Vector 5.Image Editing 1.
13 June – Session : Graphics Different types of Graphics for the web Features of image editing software Good practice for image editing.
Section 8.1 Section 8.2 Create a custom theme Design a color scheme
2.01 Understand Digital Raster Graphics
File Formats Different applications (programs) store data in different formats. Applications support some file formats and not others. Open…, Save…, Save.
2.01 Understand Digital Raster Graphics
DIGITAL MEDIA FOUNDATIONS
Digital Illustration Chapter 6 File format.
Chapter 3 Image Files © 2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website,
2.01 Understand Digital Raster Graphics
2.01 Investigate graphic image design.
Digital Forensics 2 Lecture 2: Understanding steganography in graphic files Presented by : J.Silaa Lecture: FCI Based on Guide to Computer Forensics and.
Bitmap vs. Vector.
Graphics Basics Ellen Eyth.
Chapter 3 Image Files © 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
1.01 Investigate graphic types and file formats.
Graphics Basic Concepts.
2.01 Understand Digital Raster Graphics
Chapter 10 Recovering Graphics Files
Terms 1 Terms 2 Terms 3 Terms 4 Terms 5 1pt 1 pt 1 pt 1pt 1 pt 2 pt
2.01 Investigate graphic image design.
2.01 Understand Digital Raster Graphics
2.01 Investigate graphic image design.
Building an Online Store
2.01 Investigate graphic image design.
1 Guide to Computer Forensics and Investigations Sixth Edition Chapter 8 Recovering Graphics Files.
Presentation transcript:

Guide to Computer Forensics and Investigations, Second Edition Chapter 11 Recovering Image Files

Guide to Computer Forensics and Investigations, 2e2 Objectives Recognize image files Understand data compression Locate and recover image files Analyze image file headers Identify copyright issues with graphics

Guide to Computer Forensics and Investigations, 2e3 Recognizing an Image File Contains graphics –Bitmap: collection of dots –Vector: mathematical instructions –Metafile: combination of bitmap and vector Types of programs –Graphics editor –Image viewers

Guide to Computer Forensics and Investigations, 2e4 Understanding Bitmap and Raster Images Bitmap images –Grids of individual pixels Raster images –Pixels are stored in rows –Better for printing Image quality –Screen resolution –Software –Number of color bits used per pixel

Guide to Computer Forensics and Investigations, 2e5 Understanding Vector Images Characteristics –Use lines –Store only the mathematics for drawing lines and shapes –Smaller size –Preserve quality when image is enlarged CorelDraw, Adobe Illustrator You can save vector images as bitmap images –Do not save bitmap images as vector images

Guide to Computer Forensics and Investigations, 2e6 Understanding Metafile Graphics Combine raster and vector graphics Example: scanned photo (bitmap) with text (vector) Share advantages and disadvantages of both types –When enlarged, bitmap part loses quality

Guide to Computer Forensics and Investigations, 2e7 Understanding Image File Formats Standard bitmap image file formats –Graphic Interchange Format (.gif) –Joint Photographic Experts Group (.jpeg,.jpg) –Tagged Image File Format (.tiff,.tif) –Window Bitmap (.bmp) Standard vector image file formats –Hewlett Packard Graphics Language (.hpgl) –Autocad (.dxf)

Guide to Computer Forensics and Investigations, 2e8 Understanding Image File Formats (continued) Nonstandard image file formats –Targa (.tga) –Raster Transfer Language (.rtl) –Adobe Photoshop (.psd) and Illustrator (.ai) –Freehand (.fh9) –Scalable Vector Graphics (.svg) –Paintbrush (.pcx) Search the Web for software to manipulate unknown image formats

Guide to Computer Forensics and Investigations, 2e9 Understanding Data Compression Some image formats compress their data –GIF, JPEG, PNG Others, like BMP, do not compress their data Use data compression tools for those formats Data compression –Coding of data from a larger to a smaller size

Guide to Computer Forensics and Investigations, 2e10 Reviewing Lossless and Lossy Compression Lossless compression –Reduces file size without removing data –Based on Huffman or Lempel-Ziv-Welch coding For redundant bits of data –WinZip, PKZip, FreeZip Lossy compression –Permanently discards bits of information –Vector quantization (VQ) –Lzip

Guide to Computer Forensics and Investigations, 2e11 Locating and Recovering Image Files OS tools –Time consuming –Results are difficult to verify Computer forensics tools –Image headers Compare them with good header samples –Reconstruct fragmented image files Identify data patterns and modified headers

Guide to Computer Forensics and Investigations, 2e12 Identifying Image File Fragments Carving or salvaging –Recovering all fragments Computer Forensics tools –Carves from slack and free space –Helps identify image file fragments and put them together

Guide to Computer Forensics and Investigations, 2e13 Repairing Damage Headers Use good header samples Each image file has a unique file header –JPEG: FF D8 FF E –Most JPEG files also include JFIF string

Guide to Computer Forensics and Investigations, 2e14 Carving Data from Unallocated Space Steps: –Create a duplicate bit-stream copy –Update your tools to search for image files –Search for images files (or fragments) –Carve for fragments using the results from your search Determine all clusters the image is using –Recover deleted data Determine absolute beginning and ending cluster

Guide to Computer Forensics and Investigations, 2e15 Carving Data from Unallocated Space (continued)

Guide to Computer Forensics and Investigations, 2e16 Carving Data from Unallocated Space (continued)

Guide to Computer Forensics and Investigations, 2e17 Carving Data from Unallocated Space (continued) Steps (continued): –Rebuild image file header Use hex editor to manually insert correct codes –Save as a new file –Test your new image file

Guide to Computer Forensics and Investigations, 2e18 Rebuilding File Headers Try opening the file first and follow steps if you can’t see its content Steps: –Recover more pieces of file if needed –Examine file header Compare with a good header sample Manually insert correct hexadecimal values –Test corrected file

Guide to Computer Forensics and Investigations, 2e19 Rebuilding File Headers (continued)

Guide to Computer Forensics and Investigations, 2e20 Rebuilding File Headers (continued)

Guide to Computer Forensics and Investigations, 2e21 Rebuilding File Headers (continued)

Guide to Computer Forensics and Investigations, 2e22 Reconstructing File Fragments Bad clusters appear with a zero value on a disk editor Steps: –Determine clusters of possible header –Find if other fragments are linked to header DriveSpy CFE command –Find linked fragments on unallocated clusters DriveSpy GFE command Copy all sectors after a nonlinked cluster

Guide to Computer Forensics and Investigations, 2e23 Reconstructing File Fragments (continued)

Guide to Computer Forensics and Investigations, 2e24 Reconstructing File Fragments (continued)

Guide to Computer Forensics and Investigations, 2e25 Reconstructing File Fragments (continued) Steps (continued): –Save linked fragments on unallocated clusters to valid clusters Create a script file to use with DriveSpy SaveSect Group contiguous blocks and find absolute beginning and ending sector numbers Combine all saved sectors into a file –Rebuild file header if needed –Save new file and test it

Guide to Computer Forensics and Investigations, 2e26 Reconstructing File Fragments (continued)

Guide to Computer Forensics and Investigations, 2e27 Reconstructing File Fragments (continued)

Guide to Computer Forensics and Investigations, 2e28 Reconstructing File Fragments (continued)

Guide to Computer Forensics and Investigations, 2e29 Identifying Unknown File Formats The Internet is the best source –Search engines like Google –Find explanations and viewers Popular Web sites: – – –

Guide to Computer Forensics and Investigations, 2e30 Analyzing Image File Headers For files your tools do not recognize Use hex editor like Hex Workshop –Record hexadecimal values on header Update your forensics tools –DriveSpy.ini Use good header samples

Guide to Computer Forensics and Investigations, 2e31 Analyzing Image File Headers (continued)

Guide to Computer Forensics and Investigations, 2e32 Analyzing Image File Headers (continued)

Guide to Computer Forensics and Investigations, 2e33 Tools for Viewing Images Use several viewers –ThumbsPlus –ACDSee –QuickView –IrfanView GUI forensics tools include image viewers –EnCase –FTK –iLook

Guide to Computer Forensics and Investigations, 2e34 Understanding Steganography in Image Files Steganography hides information inside image files –Ancient technique –Can hide only certain amount of information Insertion –Hidden data is not displayed when viewing host file in its associated program –Web page

Guide to Computer Forensics and Investigations, 2e35 Understanding Steganography in Image Files (continued)

Guide to Computer Forensics and Investigations, 2e36 Understanding Steganography in Image Files (continued)

Guide to Computer Forensics and Investigations, 2e37 Understanding Steganography in Image Files (continued) Substitution –Replaces bits of the host file with bits of data –Usually change the last two LSB –Detected with steganalysis tools Usually used with image files –Audio and video options Hard to detect

Guide to Computer Forensics and Investigations, 2e38 Understanding Steganography in Image Files (continued)

Guide to Computer Forensics and Investigations, 2e39 Understanding Steganography in Image Files (continued)

Guide to Computer Forensics and Investigations, 2e40 Using Steganalysis Tools Detect variations of the graphic image –When applied correctly you cannot detect hidden data Methods –Compare suspect file to good or bad image versions –Mathematical calculations verify size and palette color –Compare hash values

Guide to Computer Forensics and Investigations, 2e41 Identifying Copyright Issues with Graphics Steganography originally incorporated watermarks Copyright laws for Internet are not clear –There is no international copyright law Check

Guide to Computer Forensics and Investigations, 2e42 Summary Image types –Bitmap –Vector –Metafile Image quality depends on various factors Image formats –Standard –Nonstandard

Guide to Computer Forensics and Investigations, 2e43 Summary (continued) Some image formats compress their data –Lossless compression –Lossy compression Recovering image files –Carving file fragments –Rebuilding image headers Software –Image editors –Image viewers

Guide to Computer Forensics and Investigations, 2e44 Summary (continued) Steganography –Hides information inside image files –Insertion –Substitution Steganalysis –Finds whether image files hide information

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.