1 / 11

Digital Forensics

Digital Forensics. Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic Files October 1, 2008. Outline. Topics fir Lecture #12 What data to collect and analyze Validating forensics data

harry
Download Presentation

Digital Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic Files October 1, 2008

  2. Outline • Topics fir Lecture #12 • What data to collect and analyze • Validating forensics data • Data hiding techniques • Remote acquisitions • Recovering Graphic files • Data compression • Locating and recovering graphic files • Stgenaography and Steganalysis • Reference: Chapter 9 am 10 of Textbook • Topics for Lecture Number #13

  3. What data to collect and analyze • Depends on the type of investigation • Email investigation will involve network logs, email server backups • Industrial espionage may include collecting information from cameras, keystrokes • Scope creep: Investigation extends beyond the original description due to unexpected evidence

  4. Validating forensic data • Validating with hexadecimal editors • Provides support such as hashing files and sectors • Discriminating functions • Selecting suspicious data from normal data • Validating with forensics programs • Use message digests, hash values

  5. Data Hiding • Data hiding is about changing or manipulating a file to conceal information • Hiding partitions: Create partitions and use disk editor to delete reference to it, then recreate links to find the partition • Marking bad clusters: Placing sensitive or incriminating data in free space; use disk editors to mark good clusters as bad clusters • But shifting: Change bit patterns or alter byte values • Using Stereography to hide data (Lecture 13) • Encrypt files to prevent access • Recover passwords using passwords recovery tools

  6. Remote Acquisitions • Tools are available for acquiring data remotely • E.g., Diskexplorer for FAT • Diskexporer for NTFS • Steps to follow • Prepare the tool for remote acquisition • Make remote connection • Acquire the data

  7. Recovering Graphic Files • What are graphic files • Bitmaps and Raster images • Vector graphics • Metafile graphics • Graphics file formats • Standards and Specialized • Digital camera file formats • Raw and Inage file format

  8. Data Compression • Lossless compression • Reduce file size without removing data • Lossy compression • Reduces file size but some bits are removed • JPEG • Techniques are taught in Image processing courses

  9. Locating and Recovering Graphic Files • Identify the graphic file fragments • If the file is fragmented, need to recover all the fragments carving or salvaging) • Repair damage headers • If header data is partially overwritten need to figure out what the missing pieces are • Procedures also exist form recovering digital photograph evidence • Steps to follow • Identify file • Recover damage headers • Reconstruct file fragments • Conduct exam

  10. Steganography • Steganography is the art of covered or hidden writing. • The purpose of steganography is covert communication to hide a message from a third party. • This differs from cryptography, the art of secret writing, which is intended to make a message unreadable by a third party but does not hide the existence of the secret communication.

  11. Topics for Lecture #13 • Steganography • Null Ciphers • Digital Image and Audio • Digital Carrier Methods • Detecting Steganography • Tools • Reference: • http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2004_03_research01.htm • http://en.wikipedia.org/wiki/Steganography • http://en.wikipedia.org/wiki/Digital_watermarking • http://www.garykessler.net/library/steganography.html • http://www.spectrum.ieee.org/aug08/6593

More Related