{"title":"使用缩略图亲和性对JPEG文件进行碎片点检测","authors":"Brandon Birmingham, R. Farrugia, Mark Vella","doi":"10.1109/EUROCON.2017.8011068","DOIUrl":null,"url":null,"abstract":"File carving tools carry out file recovery whenever the file-system meta-data is not available, which makes them a valuable addition to the cyber crime investigator's toolkit. Existing file carvers either cannot handle fragmented files or require a probabilistic model derived using a number of training images. This training data may not always be feasible to aggregate or its sheer size could undermine practicality. Similar to existing techniques, our method exploits both the JPEG syntax and semantic-based analysis steps in order to distinguish the correct fragments required for recovering images. The thumbnail affinity-based semantic analysis constitutes the novel aspect of this approach. Comparative evaluation using three widely used benchmark test sets show that our carver compares with the state-of-the-art commercial tool that requires an a-priori model while beating a number of popular forensic tools. This outcome demonstrates the successful replacement of the probabilistic model with thumbnail affinity, rendering this technique the right complement for existing carvers in situations where thumbnail information is readily available.","PeriodicalId":114100,"journal":{"name":"IEEE EUROCON 2017 -17th International Conference on Smart Technologies","volume":"276 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Using thumbnail affinity for fragmentation point detection of JPEG files\",\"authors\":\"Brandon Birmingham, R. Farrugia, Mark Vella\",\"doi\":\"10.1109/EUROCON.2017.8011068\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"File carving tools carry out file recovery whenever the file-system meta-data is not available, which makes them a valuable addition to the cyber crime investigator's toolkit. Existing file carvers either cannot handle fragmented files or require a probabilistic model derived using a number of training images. This training data may not always be feasible to aggregate or its sheer size could undermine practicality. Similar to existing techniques, our method exploits both the JPEG syntax and semantic-based analysis steps in order to distinguish the correct fragments required for recovering images. The thumbnail affinity-based semantic analysis constitutes the novel aspect of this approach. Comparative evaluation using three widely used benchmark test sets show that our carver compares with the state-of-the-art commercial tool that requires an a-priori model while beating a number of popular forensic tools. This outcome demonstrates the successful replacement of the probabilistic model with thumbnail affinity, rendering this technique the right complement for existing carvers in situations where thumbnail information is readily available.\",\"PeriodicalId\":114100,\"journal\":{\"name\":\"IEEE EUROCON 2017 -17th International Conference on Smart Technologies\",\"volume\":\"276 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE EUROCON 2017 -17th International Conference on Smart Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EUROCON.2017.8011068\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE EUROCON 2017 -17th International Conference on Smart Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EUROCON.2017.8011068","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Using thumbnail affinity for fragmentation point detection of JPEG files
File carving tools carry out file recovery whenever the file-system meta-data is not available, which makes them a valuable addition to the cyber crime investigator's toolkit. Existing file carvers either cannot handle fragmented files or require a probabilistic model derived using a number of training images. This training data may not always be feasible to aggregate or its sheer size could undermine practicality. Similar to existing techniques, our method exploits both the JPEG syntax and semantic-based analysis steps in order to distinguish the correct fragments required for recovering images. The thumbnail affinity-based semantic analysis constitutes the novel aspect of this approach. Comparative evaluation using three widely used benchmark test sets show that our carver compares with the state-of-the-art commercial tool that requires an a-priori model while beating a number of popular forensic tools. This outcome demonstrates the successful replacement of the probabilistic model with thumbnail affinity, rendering this technique the right complement for existing carvers in situations where thumbnail information is readily available.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
