Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 10 Recovering Graphics Files

Published byHadi Susman Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 10 Recovering Graphics Files"— Presentation transcript:

1 Chapter 10 Recovering Graphics Files
Guide to Computer Forensics and Investigations Fourth Edition Chapter 10 Recovering Graphics Files

2 Guide to Computer Forensics and Investigations
Objectives Describe types of graphics file formats Explain types of data compression Explain how to locate and recover graphics files Describe how to identify unknown file formats Explain copyright issues with graphics Guide to Computer Forensics and Investigations

3 Recognizing a Graphics File
Contains digital photographs, line art, three-dimensional images, and scanned replicas of printed pictures Bitmap images: collection of dots Vector graphics: based on mathematical instructions Metafile graphics: combination of bitmap and vector Types of programs Graphics editors Image viewers Guide to Computer Forensics and Investigations

4 Understanding Bitmap and Raster Images
Bitmap images Grids of individual pixels Raster images Pixels are stored in rows Better for printing Image quality Screen resolution Software Number of color bits used per pixel Guide to Computer Forensics and Investigations

5 Understanding Vector Graphics
Characteristics Lines instead of dots Store only the calculations for drawing lines and shapes Smaller size Preserve quality when image is enlarged CorelDraw, Adobe Illustrator Guide to Computer Forensics and Investigations

6 Understanding Metafile Graphics
Combine raster and vector graphics Example Scanned photo (bitmap) with text (vector) Share advantages and disadvantages of both types When enlarged, bitmap part loses quality Guide to Computer Forensics and Investigations

7 Understanding Graphics File Formats
Standard bitmap file formats Graphic Interchange Format (.gif) Joint Photographic Experts Group (.jpeg, .jpg) Tagged Image File Format (.tiff, .tif) Window Bitmap (.bmp) Standard vector file formats Hewlett Packard Graphics Language (.hpgl) Autocad (.dxf) Guide to Computer Forensics and Investigations

8 Understanding Graphics File Formats (continued)
Nonstandard graphics file formats Targa (.tga) Raster Transfer Language (.rtl) Adobe Photoshop (.psd) and Illustrator (.ai) Freehand (.fh9) Scalable Vector Graphics (.svg) Paintbrush (.pcx) Search the Web for software to manipulate unknown image formats Guide to Computer Forensics and Investigations

9 Understanding Digital Camera File Formats
Witnesses or suspects can create their own digital photos Examining the raw file format Raw file format Referred to as a digital negative Typically found on many higher-end digital cameras Sensors in the digital camera simply record pixels on the camera’s memory card Raw format maintains the best picture quality Guide to Computer Forensics and Investigations

10 Understanding Digital Camera File Formats (continued)
Examining the raw file format (continued) The biggest disadvantage is that it’s proprietary And not all image viewers can display these formats The process of converting raw picture data to another format is referred to as demosaicing Examining the Exchangeable Image File format Exchangeable Image File (EXIF) format Commonly used to store digital pictures Developed by JEIDA as a standard for storing metadata in JPEG and TIFF files Guide to Computer Forensics and Investigations

11 Understanding Digital Camera File Formats (continued)
Examining the Exchangeable Image File format (continued) EXIF format collects metadata Investigators can learn more about the type of digital camera and the environment in which pictures were taken EXIF file stores metadata at the beginning of the file Guide to Computer Forensics and Investigations

12 Understanding Digital Camera File Formats (continued)
Guide to Computer Forensics and Investigations

13 Understanding Digital Camera File Formats (continued)
Guide to Computer Forensics and Investigations

14 Understanding Digital Camera File Formats (continued)
Guide to Computer Forensics and Investigations

15 Understanding Digital Camera File Formats (continued)
Examining the Exchangeable Image File format (continued) With tools such as ProDiscover and Exif Reader You can extract metadata as evidence for your case Guide to Computer Forensics and Investigations

16 Guide to Computer Forensics and Investigations

17 Understanding Data Compression
Some image formats compress their data GIF, JPEG, PNG Others, like BMP, do not compress their data Use data compression tools for those formats Data compression Coding of data from a larger to a smaller form Types Lossless compression and lossy compression Guide to Computer Forensics and Investigations

18 Lossless and Lossy Compression
Lossless compression Reduces file size without removing data Based on Huffman or Lempel-Ziv-Welch coding For redundant bits of data Utilities: WinZip, PKZip, StuffIt, and FreeZip Lossy compression Permanently discards bits of information Vector quantization (VQ) Determines what data to discard based on vectors in the graphics file Utility: Lzip Guide to Computer Forensics and Investigations

19 Locating and Recovering Graphics Files
Operating system tools Time consuming Results are difficult to verify Computer forensics tools Image headers Compare them with good header samples Use header information to create a baseline analysis Reconstruct fragmented image files Identify data patterns and modified headers Guide to Computer Forensics and Investigations

20 Identifying Graphics File Fragments
Carving or salvaging Recovering all file fragments Computer forensics tools Carve from slack and free space Help identify image files fragments and put them together Guide to Computer Forensics and Investigations

21 Repairing Damage Headers
Use good header samples Each image file has a unique file header JPEG: FF D8 FF E Most JPEG files also include JFIF string Exercise: Investigate a possible intellectual property theft by a contract employee of Exotic Mountain Tour Service (EMTS) Guide to Computer Forensics and Investigations

22 Searching for and Carving Data from Unallocated Space
Guide to Computer Forensics and Investigations

23 Searching for and Carving Data from Unallocated Space (continued)
Guide to Computer Forensics and Investigations

24 Searching for and Carving Data from Unallocated Space (continued)
Steps Planning your examination Searching for and recovering digital photograph evidence Use ProDiscover to search for and extract (recover) possible evidence of JPEG files False hits are referred to as false positives Guide to Computer Forensics and Investigations

25 Guide to Computer Forensics and Investigations

26 Searching for and Carving Data from Unallocated Space (continued)
Guide to Computer Forensics and Investigations

27 Searching for and Carving Data from Unallocated Space (continued)
Guide to Computer Forensics and Investigations

28 Searching for and Carving Data from Unallocated Space (continued)
Guide to Computer Forensics and Investigations

29 Searching for and Carving Data from Unallocated Space (continued)
Guide to Computer Forensics and Investigations

30 Searching for and Carving Data from Unallocated Space (continued)
Guide to Computer Forensics and Investigations

31 Rebuilding File Headers
Try to open the file first and follow steps if you can’t see its content Steps Recover more pieces of file if needed Examine file header Compare with a good header sample Manually insert correct hexadecimal values Test corrected file Guide to Computer Forensics and Investigations

32 Rebuilding File Headers (continued)
Guide to Computer Forensics and Investigations

33 Guide to Computer Forensics and Investigations

34 Guide to Computer Forensics and Investigations

35 Rebuilding File Headers (continued)
Guide to Computer Forensics and Investigations

36 Rebuilding File Headers (continued)
Guide to Computer Forensics and Investigations

37 Reconstructing File Fragments
Locate the starting and ending clusters For each fragmented group of clusters in the file Steps Locate and export all clusters of the fragmented file Determine the starting and ending cluster numbers for each fragmented group of clusters Copy each fragmented group of clusters in their proper sequence to a recovery file Rebuild the corrupted file’s header to make it readable in a graphics viewer Guide to Computer Forensics and Investigations

38 Reconstructing File Fragments (continued)
Guide to Computer Forensics and Investigations

39 Reconstructing File Fragments (continued)
Guide to Computer Forensics and Investigations

40 Reconstructing File Fragments (continued)
Guide to Computer Forensics and Investigations

41 Reconstructing File Fragments (continued)
Guide to Computer Forensics and Investigations

42 Reconstructing File Fragments (continued)
Remember to save the updated recovered data with a .jpg extension Sometimes suspects intentionally corrupt cluster links in a disk’s FAT Bad clusters appear with a zero value on a disk editor Guide to Computer Forensics and Investigations

43 Reconstructing File Fragments (continued)
Guide to Computer Forensics and Investigations

44 Reconstructing File Fragments (continued)
Guide to Computer Forensics and Investigations

45 Identifying Unknown File Formats
The Internet is the best source Search engines like Google Find explanations and viewers Popular Web sites Guide to Computer Forensics and Investigations

46 Analyzing Graphics File Headers
Necessary when you find files your tools do not recognize Use hex editor such as Hex Workshop Record hexadecimal values on header Use good header samples Guide to Computer Forensics and Investigations

47 Analyzing Graphics File Headers (continued)
Guide to Computer Forensics and Investigations

48 Analyzing Graphics File Headers (continued)
Guide to Computer Forensics and Investigations

49 Tools for Viewing Images
Use several viewers ThumbsPlus ACDSee QuickView IrfanView GUI forensics tools include image viewers ProDiscover EnCase FTK X-Ways Forensics iLook Guide to Computer Forensics and Investigations

50 Understanding Steganography in Graphics Files
Steganography hides information inside image files Ancient technique Can hide only certain amount of information Insertion Hidden data is not displayed when viewing host file in its associated program You need to analyze the data structure carefully Example: Web page Guide to Computer Forensics and Investigations

51 Guide to Computer Forensics and Investigations

52 Understanding Steganography in Graphics Files (continued)
Guide to Computer Forensics and Investigations

53 Understanding Steganography in Graphics Files (continued)
Substitution Replaces bits of the host file with bits of data Usually change the last two LSBs Detected with steganalysis tools Usually used with image files Audio and video options Hard to detect Guide to Computer Forensics and Investigations

54 Understanding Steganography in Graphics Files (continued)
Guide to Computer Forensics and Investigations

55 Understanding Steganography in Graphics Files (continued)
Guide to Computer Forensics and Investigations

56 Using Steganalysis Tools
Detect variations of the graphic image When applied correctly you cannot detect hidden data in most cases Methods Compare suspect file to good or bad image versions Mathematical calculations verify size and palette color Compare hash values Guide to Computer Forensics and Investigations

57 Identifying Copyright Issues with Graphics
Steganography originally incorporated watermarks Copyright laws for Internet are not clear There is no international copyright law Check Guide to Computer Forensics and Investigations

58 Guide to Computer Forensics and Investigations
Summary Image types Bitmap Vector Metafile Image quality depends on various factors Image formats Standard Nonstandard Digital camera photos are typically in raw and EXIF JPEG formats Guide to Computer Forensics and Investigations

59 Guide to Computer Forensics and Investigations
Summary (continued) Some image formats compress their data Lossless compression Lossy compression Recovering image files Carving file fragments Rebuilding image headers Software Image editors Image viewers Guide to Computer Forensics and Investigations

60 Guide to Computer Forensics and Investigations
Summary (continued) Steganography Hides information inside image files Forms Insertion Substitution Steganalysis Finds whether image files hide information Guide to Computer Forensics and Investigations

Download ppt "Chapter 10 Recovering Graphics Files"

Similar presentations

Introduction to Computer Graphics Raster Vs. Vector COMMUNICATION TECHNOLOGY.

Introduction to Computer Graphics Raster Vs. Vector COMMUNICATION TECHNOLOGY.
Chapter 10 Recovering Graphics Files

Chapter 10 Recovering Graphics Files
Chapter 8 Recovering Graphics Files

Chapter 8 Recovering Graphics Files
Multimedia for the Web: Creating Digital Excitement Multimedia Element -- Graphics.

Multimedia for the Web: Creating Digital Excitement Multimedia Element -- Graphics.
Graphics CS 121 Concepts of Computing II. What is a graphic? n A rectangular image. n Stored in a file of its own, or … … embedded in another data file.

Graphics CS 121 Concepts of Computing II. What is a graphic? n A rectangular image. n Stored in a file of its own, or … … embedded in another data file.
COS/PSA 413 Day 18. Agenda Lab 9 write-up grades –2 A’s, 1 B, 1 D and 1 F –Answer the questions with a minimal amount of BS –I will start taking off points.

COS/PSA 413 Day 18. Agenda Lab 9 write-up grades –2 A’s, 1 B, 1 D and 1 F –Answer the questions with a minimal amount of BS –I will start taking off points.
Chapter 10 Recovering Graphics Files Guide to Computer Forensics and Investigations Third Edition.

Chapter 10 Recovering Graphics Files Guide to Computer Forensics and Investigations Third Edition.
2.01 Understand Digital Raster Graphics

2.01 Understand Digital Raster Graphics
COS 413 Day 15. Agenda Assignment 4 corrected –2 A’s, 5 B’s, 1 C and 1 non-submit Assignment 5 Due Assignment 6 will be assigned next week Lab 4 write-up.

COS 413 Day 15. Agenda Assignment 4 corrected –2 A’s, 5 B’s, 1 C and 1 non-submit Assignment 5 Due Assignment 6 will be assigned next week Lab 4 write-up.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Ann Ware Digital Imaging 101. Digital Image Categories BITMAPVECTOR A bitmap is an image created with pixels (small squares of color) The number of pixels.

Ann Ware Digital Imaging 101. Digital Image Categories BITMAPVECTOR A bitmap is an image created with pixels (small squares of color) The number of pixels.
Image and Sound Editing Raed S. Rasheed 2012. Image Image. Digital image. – Raster images. – Vector Images. – Stereo Images. – Image File Formats Lossless.

Image and Sound Editing Raed S. Rasheed Image Image. Digital image. – Raster images. – Vector Images. – Stereo Images. – Image File Formats Lossless.
File Formats By Jack Turner. Raster (Bitmap) Raster or bitmap is a dot matrix data structure, containing columns of dots and rows, of a graphics image.

File Formats By Jack Turner. Raster (Bitmap) Raster or bitmap is a dot matrix data structure, containing columns of dots and rows, of a graphics image.
SAK INTRODUCTION TO COMPUTER FORENSICS Chapter 7 Image Files Forensics

SAK INTRODUCTION TO COMPUTER FORENSICS Chapter 7 Image Files Forensics
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.
Web Design, 4 th Edition 5 Typography and Images.

Web Design, 4 th Edition 5 Typography and Images.
File Formats Different applications (programs) store data in different formats. Applications support some file formats and not others. Open…, Save…, Save.

File Formats Different applications (programs) store data in different formats. Applications support some file formats and not others. Open…, Save…, Save.
Week 6 Digital Photography File Formats October 14, 2005.

Week 6 Digital Photography File Formats October 14, 2005.
Graphics.

Graphics.
Chapter 10 Recovering Graphics Files Guide to Computer Forensics and Investigations Third Edition.

Chapter 10 Recovering Graphics Files Guide to Computer Forensics and Investigations Third Edition.

Similar presentations

Ads by Google