DOCSLIB.ORG

Digital Forensics

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Digital Forensics View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Calhoun, Institutional Archive of the Naval Postgraduate School Calhoun: The NPS Institutional Archive Faculty and Researcher Publications Faculty and Researcher Publications 2013 Digital Forensics Garfinkel, Simson L. American Scientist, Volume 101, September - October 2013 http://hdl.handle.net/10945/46063 A reprint from American Scientist the magazine of Sigma Xi, The Scientific Research Society This reprint is provided for personal and noncommercial use. For any other use, please send a request to Permissions, American Scientist, P.O. Box 13975, Research Triangle Park, NC, 27709, U.S.A., or by electronic mail to [email protected]. ©Sigma Xi, The Scientific Research Society and other rightsholders NOTE: The views expressed in this article are those of the author and do not reflect the official policy or position of the Naval Postgraduate School, the Department of the Navy, the Department of Defense or the U.S. Government Feature Article Digital Forensics Modern crime often leaves an electronic trail. Finding and preserving that evidence requires careful methods as well as technical skill. Simson L. Garfinkel ince the 1980s, computers have counts by using an IBM AS/400 mini- data that were created weeks, months or had increasing roles in all aspects computer from the 1980s. The age of the even years before. Such contemporane- of human life—including an in- computer helped perpetuate his crime, ous records can reveal an individual’s volvement in criminal acts. This because few people on Wall Street have state of mind or intent at the time the Sdevelopment has led to the rise of digital experience with 25-year-old technology, crime was committed. forensics, the uncovering and examina- and it created an added complication But whereas pre-computer evidence, tion of evidence located on all things after Madoff was arrested, because in- such as handwritten letters and photo- electronic with digital storage, including vestigators had few tools with which to graphs, could be reproduced and given computers, cell phones, and networks. make sense of his data. to attorneys, judges, and juries, comput- Digital forensics researchers and practi- Today personal computers are so ubiq- erized evidence requires special han- tioners stand at the forefront of some of uitous that the collection and use of digi- dling and analysis. Electronic data are the most challenging problems in com- tal evidence has become a common part easily changed, damaged, or erased if puter science, including “big data” anal- ysis, natural language processing, data visualizations, and cybersecurity. Information on a computer system can be Compared with traditional forensic science, digital forensics poses signifi- changed without a trace, the scale of data cant challenges. Information on a com- puter system can be changed without to be analyzed is vast, and the variety of a trace, the scale of data that must be analyzed is vast, and the variety of data data types is enormous. types is enormous. Just as a traditional forensic investigator must be prepared to analyze any kind of smear or frag- of many criminal and civil investigations. handled improperly. Simply turning on ment, no matter the source, a digital Suspects in murder cases routinely have a consumer GPS may cause the device investigator must be able to make sense their laptops and cell phones examined to delete critical evidence. Additionally, of any data that might be found on any for corroborating evidence. Corporate computers frequently harbor hidden ev- device anywhere on the planet—a very litigation is also dominated by electronic idence that may be revealed only when difficult proposition. discovery of incriminating material. specialized tools are used—for example, From its inception, digital forensics The second class of digital forensics a digital camera may appear to have has served two different purposes, each cases are those in which the crime was 30 photos, but expert examination may with its own difficulties. First, in many inherently one involving computer sys- show another 300 deleted photos that cases computers contain evidence of tems, such as hacking. In these instanc- can be recovered. (When a device “eras- a crime that took place in the physical es, investigators are often hampered es” a file, it doesn’t clear the memory world. The computer was all but inci- by the technical sophistication of the space, but notes that the space is avail- dental—except that computerization has systems and the massive amount of evi- able; the file may not be really deleted made the evidence harder for investiga- dence to analyze. until a new one is written over it.) tors to analyze than paper records. For Digital forensics is powerful because Because they can look into the past example, financial scam artist Bernard computer systems are windows into and uncover hidden data, digital fo- Madoff kept track of his victims’ ac- the past. Many retain vast quantities rensics tools are increasingly employed of information—either intentionally, in beyond the courtroom. Security pro- the form of log files and archives, or in- fessionals routinely use such tools to Simson L. Garfinkel is an associate professor at the Naval Postgraduate School. He holds six advertently, as a result of software that analyze network intrusions—not to U.S. patents for computer-related research and does not cleanly erase memory and files. convict the attacker but to understand has written 14 books, including Database Na- As a result, investigators can frequently how the perpetrator gained access and tion: The Death of Privacy in the 21st Century recover old email messages, chat logs, to plug the hole. Data recovery firms (O’Reilley, 2000). Internet: http://simson.net Google search terms, and other kinds of rely on similar tools to resurrect files 370 American Scientist, Volume 101 © 2013 Sigma Xi, The Scientific Research Society. Reproduction with permission only. Contact [email protected]. Craig Cunningham High-tech crime fighting is now needed everywhere, as shown in this lab belonging to the tried to create a consistent but flexible West Virginia State Police Digital Forensics Unit. Police these days typically use powerful approach for performing investigations, computers and software to copy, analyze, and decrypt data from a suspect’s electronic devices. despite policy variations. Several such digital forensic models have been pro- from drives that have been inadver- could have viewed the laptop files with- posed, but most have common elements. tently reformatted or damaged. Forensic out modifying those timestamps, so the Before data can be analyzed, they tools can also detect the unintentional investigators really determined only that are collected from the field (the “scene disclosures of personal information. In the files had not been opened by con- of the crime”), stabilized, and pre- 2009 the Inspector General of the U.S. ventional means. served to create a lasting record. Un- Department of Defense issued a report These examples emphasize that derstanding the inner workings of stating that many hard drives were not the possibilites of digital forensics are how computers store data is key to properly wiped of data before leaving bounded not by technology but by what accurate extraction and retention. Al- government service. is cost-effective for a particular case. though computers are based entirely Digital evidence can even be exam- Convictions are frequently the measure on computations involving the bi- ined to show that something did not of success. In practice there is a consider- nary digits 0 and 1, more commonly happen. Here they are less powerful, able gap between what is theoretically known as bits, modern computers do for the well-known reason that the ab- possible and what is necessary; even most of their work on groups of eight sence of evidence is not the evidence though there may be an intellectual de- bits called bytes. A byte can represent of absence. In May 2006 a laptop and sire to analyze every last byte, there is the sequences 00000000, 00000001, external hard drive containing sensitive rarely a reason to do so. 00000010, through 11111111, which personal information of 26.5 million corresponds to the decimal numbers veterans and military personnel was Following Procedures 0 through 255 (there are two options, 0 stolen from an employee at the U.S. De- Digital forensics relies on a kit of tools and 1, with eight combinations, so 28 = partment of Veterans Affairs. After the and techniques that can be applied 256). One common use for bytes inside laptop was recovered in June 2006, fo- equally to suspects, victims, and by- the computer is to store written text, rensic investigators analyzed the media standers. A cell phone found on a dead where each letter is represented by a and determined that the sensitive files body without identification would al- specific binary code. UTF-8, a com- probably had not been viewed. most certainly be subjected to analysis, mon representation, uses the binary One way to make such a judgment is but so would a phone dropped during sequence 00100001 to represent the let- by examining the access and modifica- a house burglary. How the analysis is ter A, 00100010 for the letter B, and so tion times associated with each file on performed is therefore more a matter of on. (Computers often use hexadecimal the hard drive. But someone taking ad- legal issues than technological ones. As codes in memory as well; see figure on vantage of the same forensic techniques the field has grown, practitioners have page 373.) www.americanscientist.org © 2013 Sigma Xi, The Scientific Research Society. Reproduction 2013 September–October 371 with permission only. Contact [email protected]. When recorded on a hard drive or Major Convictions, and a Few memory card, these bytes are grouped in blocks called sectors that are typically Gaffes, with Digital Data 512 or 4,096 bytes in length.
Load more

Recommended publications
  • Hany Farid [email protected]
    Hany Farid [email protected] APPOINTMENTS University of California, Berkeley 2019 – Professor, Electrical Engineering and Computer Sciences (50%) Professor, School of Information (50%) Member, Berkeley Artificial Intelligence Lab Member, Center for Innovation in Vision and Optics Member, Vision Science Program Dartmouth College, Department of Computer Science 1999 – 2019 Albert Bradley 1915 Third Century Professor 2016 – 2019 Professor 2011 – 2016 William H. Neukom 1964 Distinguished Professor of Computational Science 2008 – 2011 David T. McLaughlin Distinguished Professor of Computer Science 2007 – 2008 Professor 2006 – 2007 Associate Professor 2004 – 2006 Assistant Professor 1999 – 2004 Dartmouth College, Tuck School of Business 2016 – 2019 Adjunct Professor of Business Administration Dartmouth College, Neukom Institute for Computational Science 2008 – 2011 Director PROFESSIONAL AI Foundation 2019 – present Board of Directors & Global AI Council Center for Investigative Reporting 2020 – present Advisory Committee Counter Extremism Project 2016 – present Senior Advisor Cyber Civil Rights Initiative 2019 – present Advisory Committee Fourandsix Technologies, Inc. 2011 – 2018 Chief Technology Officer & Co-founder Human Rights Center, University of California, Berkeley, School of Law 2019 – present Advisory Board Office of the Prosecutor, International Criminal Court 2018 – present Technology Advisory Board TikTok 2020 – present Content Advisory Council Truepic, Inc. 2018 – present Senior Advisor & Board of Advisors EDUCATION Massachusetts Institute of Technology 1997 – 1999 Postdoctoral Fellow, Brain and Cognitive Sciences (advisor: Ted Adelson) University of Pennsylvania 1993 – 1997 Ph.D., Computer Science (advisor: Eero Simoncelli) State University of New York at Albany 1990 – 1992 M.S., Computer Science University of Rochester 1984 – 1988 B.S., Computer Science with Applied Mathematics AWARDS National Academy of Inventors (NAI), Fellow, 2016 John Simon Guggenheim Fellowship, 2006 Alfred P.
    [Show full text]
  • (Literary) Special Effect: (Inter)Mediality in the Contemporary US-American Novel and the Digital Age
    The (Literary) Special Effect: (Inter)Mediality in the Contemporary US-American Novel and the Digital Age Dissertation zur Erlangung des philosophischen Doktorgrades an der Philosophischen Fakultät der Georg-August-Universität Göttingen vorgelegt von Bogna Kazur aus Lodz, Polen Göttingen 2018 Contents 1 Introduction ......................................................................................................................... 3 2 The Question of Medium Specificity in the Digital Age .................................................. 29 3 House of Leaves (2000) and the Uncanny Dawn of the Digital........................................ 39 3.1 Digital Paranoia: Arriving on Ash Tree Lane ........................................................... 39 3.2 Writing about House of Leaves ................................................................................. 43 3.3 Intermedial Overabundance: Taming House of Leaves ............................................. 49 3.4 An “Explicit” Approach to the Digital Age ............................................................... 54 3.5 What Kind of Movie is THE NAVIDSON RECORD? ..................................................... 68 4 In the Midst of the Post-Cinematic Age: Marisha Pessl’s Night Film (2013) .................. 88 4.1 Meant for Adaptation: Night Film and the Fallacy of First Impressions ................... 88 4.2 The Post-Cinematic Reception of Film ..................................................................... 96 4.3 The Last Enigma: Cordova’s Underworld ..............................................................
    [Show full text]
  • Attribute-Based, Usefully Secure Email
    Dartmouth College Dartmouth Digital Commons Dartmouth College Ph.D Dissertations Theses and Dissertations 8-1-2008 Attribute-Based, Usefully Secure Email Christopher P. Masone Dartmouth College Follow this and additional works at: https://digitalcommons.dartmouth.edu/dissertations Part of the Computer Sciences Commons Recommended Citation Masone, Christopher P., "Attribute-Based, Usefully Secure Email" (2008). Dartmouth College Ph.D Dissertations. 26. https://digitalcommons.dartmouth.edu/dissertations/26 This Thesis (Ph.D.) is brought to you for free and open access by the Theses and Dissertations at Dartmouth Digital Commons. It has been accepted for inclusion in Dartmouth College Ph.D Dissertations by an authorized administrator of Dartmouth Digital Commons. For more information, please contact [email protected]. Attribute-Based, Usefully Secure Email A Thesis Submitted to the Faculty in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science by Christopher P. Masone DARTMOUTH COLLEGE Hanover, New Hampshire August, 2008 Examining Committee: (chair) Sean W. Smith, Ph.D. David F. Kotz, Ph.D. Christopher J. Bailey-Kellogg, Ph.D. Denise L. Anthony, Ph.D. M. Angela Sasse, Ph.D. Charles K. Barlowe, PhD Dean of Graduate Studies Abstract A secure system that cannot be used by real users to secure real-world processes is not really secure at all. While many believe that usability and security are diametrically opposed, a growing body of research from the field of Human-Computer Interaction and Security (HCISEC) refutes this assumption. All researchers in this field agree that focusing on aligning usability and security goals can enable the design of systems that will be more secure under actual usage.
    [Show full text]
  • Building Realistic Forensic Corpora to Enable Undergraduate Education and Research
    Building Realistic Forensic Corpora to Enable Undergraduate Education and Research Simson L. Garfinkel Associate Professor, Naval Postgraduate School July 27, 2010 — 9:00am - 9:45am http://digitalcorpora.org/ NSF Award DUE-0919593: "Creating Realistic Forensic Corpora for Undergraduate Education and Research" 1 NPS is the Navyʼs Research University. Location: !Monterey, CA Campus Size: !627 acres Students: 1500 . US Military (All 5 services) . US Civilian (Scholarship for Service & SMART) . Foreign Military (30 countries) Digital Evaluation and Exploitation: . Research computer forensics. Develop “corpora” for use in research & education. Identify limitations of current tools & opportunities for improvement. http://domex.nps.edu/deep/ “The views expressed in this presentation are those of the author and do not necessarily reflect those of the Department of Defense or the US Government.” 2 Digital Forensics Research is at a turning point. Yesterdayʼs work was primarily reverse engineering. Key technical challenges: . Evidence preservation. File recovery (file system support); Undeleting files . Encryption cracking. Keyword search. 3 Digital Forensics Research is at a turning point. Todayʼs work is increasingly scientific. Evidence Reconstruction . Files (fragment recovery carving) . Timelines (visualization) Clustering and data mining Social network analysis Same Community College Drives #74 x #77 25 CCNS in common Same Car Dealership Sense-making Drives #179 & #206 Drives #171 & #172 13 CCNS 13 CCNS in common in common Same Medical Center 4 Science requires the scientific process. Hallmarks of Science: . Controlled and repeatable experiments. No privileged observers. Why repeat some other scientist"s experiment? . Validate that an algorithm is properly implemented. Determine if your new algorithm is better than someone elseʼs old one.
    [Show full text]
  • Systems Science for Physical Geometric Algorithms Final Report for EIA-9802068
    Systems Science for Physical Geometric Algorithms Final Report for EIA-9802068 David Kotz (PI), David Nicol, Bruce Donald, Dan Rockmore dfk AT dartmouth.edu Department of Computer Science, Dartmouth College http://www.cs.dartmouth.edu March 13, 2005 1 Contents 1 Introduction 1 2 Faculty 2 3 Information Retrieval (Javed Aslam, Daniela Rus) 3 3.1 Activities and Findings ....................................... 3 3.1.1 Mobile agents for information retrieval. .......................... 3 3.1.2 Automatic information organization ............................ 3 3.1.3 Metasearch ......................................... 4 3.1.4 Metasearch, Pooling, and System Evaluation ....................... 5 3.2 Products ............................................... 6 3.3 Contributions ............................................ 7 4 Algorithms and Theory (Amit Chakrabarti) 9 4.1 Activities and Findings ....................................... 9 4.1.1 Research .......................................... 9 4.1.2 Teaching .......................................... 9 4.1.3 Outreach Activities ..................................... 9 4.2 Products ............................................... 10 4.3 Contributions ............................................ 10 5 Out-of-Core Computing (Thomas Cormen) 11 5.1 Activities and Findings ....................................... 11 5.2 Products ............................................... 14 5.3 Contributions ............................................ 16 6 Computational Biology (Bruce Donald) 17 6.1 Activities and
    [Show full text]
  • Forensic-Explorer-User-Guide.En.Pdf
    User Manual Published: 25-Jun-20 at 20:37:10 Chapter Contents Published: 25-Jun-20 at 20:36:59 Quick Start Guide ..................................................................................................................... 11 Wibu CodeMeter Activation Dongle ............................................................................................................... 11 System Requirements ..................................................................................................................................... 11 Download ........................................................................................................................................................ 11 Installation ...................................................................................................................................................... 12 Forensic Explorer Module Overview .............................................................................................................. 12 Live Boot ......................................................................................................................................................... 14 1.2 Introducing Forensic Explorer ............................................................................................................ 16 1.3 Supported file formats ....................................................................................................................... 16 1.4 Supported file systems .....................................................................................................................
    [Show full text]
  • Classification and Evaluation of Digital Forensic Tools
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by TELKOMNIKA (Telecommunication Computing Electronics and Control) TELKOMNIKA Telecommunication, Computing, Electronics and Control Vol. 18, No. 6, December 2020, pp. 3096~3106 ISSN: 1693-6930, accredited First Grade by Kemenristekdikti, Decree No: 21/E/KPT/2018 DOI: 10.12928/TELKOMNIKA.v18i6.15295 3096 Classification and evaluation of digital forensic tools Azra Parveen1, Zishan Husain Khan2, Syed Naseem Ahmad3 1,2Department of Applied Sciences and Humanities, Faculty of Engineering and Technology, Jamia Millia Islamia (A Central University), India 3Department of Electronics and Communication Engineering, Faculty of Engineering and Technology, Jamia Millia Islamia (A Central University), India Article Info ABSTRACT Article history: Digital forensic tools (DFTs) are used to detect the authenticity of digital images. Different DFTs have been developed to detect the forgery like (i) Received Jan 24, 2020 forensic focused operating system, (ii) computer forensics, (iii) memory Revised Jun 10, 2020 forensics, (iv) mobile device forensics, and (v) software forensics tools Accepted Aug 4, 2020 (SFTs). These tools are dedicated to detect the forged images depending on the type of the applications. Based on our review, we found that in Keywords: literature of the DFTs less attention is given to the evaluation and analysis of the forensic tools. Among various DFTs, we choose SFTs because it is Digital forensic tools concerned with the detection of the forged digital images. Therefore, the Digital image forgery purpose of this study is to classify the different DFTs and evaluate the Forged images software forensic tools (SFTs) based on the different features which are Image forensic present in the SFTs.
    [Show full text]
  • Digital Forensics: Smart Aid for Digital Evidences
    Special Issue - 2017 International Journal of Engineering Research & Technology (IJERT) ISSN: 2278-0181 ICCCS - 2017 Conference Proceedings Digital Forensics: Smart Aid for Digital Evidences Mukul Kumar Srivastava Devansh Chopra Vaishali HMR Institute of Technology and HMR Institute of Technology and Dept. of Computer Science Management, Hamidpur, Management, Hamidpur HMRITM, Delhi India Delhi India Delhi India Abstract --- In the digital era, most of the users have suffered they just make distance for doing his task. In present time from a loss of data, unauthorized modification of data which led where internet is the one of the common think which share to the origination of Digital Forensics. It is the application of data from hand to hand become faster and more stable in science and technology used to find criminal and obey civil laws. particular Connection in (2G), (3G), (4G) connection [1]. It is mainly used for the investigation of the crime and is Last 7-8 years’ online communication continuously increase governed by certain legal standards of evidence and procedure his marketing. In today market, numbers of Android of crime. This paper contains manually tested tools used for operating system exist Like Google’s Android and Apple’s extraction of data from any storage device (it doesn’t matter if a iOS. These kinds of operating systems create major device is corrupted or blank), after data recovery, the recovery challenges for investigators for extraction data on it just folder contains audit file from the help of this we have summarized the result of all types of data recovery and their because of complexity [2].
    [Show full text]
  • Notes on Digital Image Forensics and Counter-Forensics
    Notes on Digital Image Forensics and Counter-Forensics∗ Matthias Kirchner September 2011 / October 2012 This text is taken from the first part of the author’s dissertation, entitled “Forensic Analysis of Resampled ∗ Digital Signals”, submitted under supervision of Prof. Dr. rer. nat. Andreas Pfitzmann († 23.09.2010) and Prof. Dr. rer. nat. Hermann Härtig to the Department of Computer Science, TU Dresden, Germany, in early September 2011. Hermann Härtig (TU Dresden), Rainer Böhme (WWU Münster), and Hany Farid (Dartmouth College) were members of the doctoral committee. The thesis was supported by a scholarship from Deutsche Telekom Stiftung (Bonn, Germany). Parts of the third chapter were co-authored by Rainer Böhme and have been published as a book chapter “Counter-Forensics: Attacking Image Forensics” in the book “Digital Image Forensics. There is More to a Picture than Meets the Eye”, edited by Husrev T. Sencar and Nasir Nemon (Springer, 2012) [19]. Contents 1 Introduction 5 2 Principles of Digital Image Forensics7 2.1 Forensic Analysis of Digital Images............................7 2.1.1 Formation of Digital Images............................7 2.1.2 Trustworthiness of Digital Images........................8 2.1.3 Digital Image Forensics...............................9 2.1.4 Image Characteristics and Identifying Traces.................. 10 2.1.5 Counter-Forensics.................................. 12 2.2 Variants of Digital Image Forensics............................ 13 2.2.1 Passive vs. Active Image Forensics........................ 13 2.2.2 Blind vs. Non-Blind Image Forensics....................... 14 2.2.3 Passive–Blind Image Forensics........................... 15 2.3 Abstraction Layers in Passive–Blind Image Forensics.................. 16 2.3.1 Signal-Based Analysis................................ 16 2.3.2 Scene-Based Analysis...............................
    [Show full text]
  • Hany Farid, the David T. Mclaughlin Distinguished Professor of Computer Science at Dartmouth College, Has Pioneered the Field of Digital Image Forensics
    Hany Farid, the David T. McLaughlin Distinguished Professor of Computer Science at Dartmouth College, has pioneered the field of digital image forensics. He received his undergraduate degree in Computer Science and Applied Mathematics from the University of Rochester, his Ph.D. in Computer Science from the University of Pennsylvania, and was a post- doctoral fellow in Brain and Cognitive Sciences at MIT. He is the recipient of a National Science Foundation CAREER award, a Sloan Fellowship and a Guggenheim Fellowship. Photography changes what we are willing to believe Early in his career, Southern politician John Calhoun was a strong supporter of slavery. So it is ironic that an iconic portrait of Abraham Lincoln (circa 1860) is a photographic composite of Calhoun’s body and Lincoln’s head, purportedly created because no sufficiently heroic-style portrait of Lincoln had yet been taken. Perhaps what is most remarkable about this composite is that it was created only a few decades after Joseph Nicéphore Niépce created the first permanent photograph in the summer of 1826. Although we may have the impression that photographic tampering is something relatively new – a product of the digital age – the reality is that history is riddled with photographic fakes. Famed civil war photographer Mathew Brady routinely doctored photographs to create more dramatic images. Stalin, Mao, Hitler, Castro, and others, each had their political enemies air-brushed out of official photographs. Some of the most spectacular photographs of World War I aerial combat were only recently exposed as fakes. A doctored photograph of Senator Millard Tydings conversing with Communitst leader Earl Browder contributed to Tydings’ electoral defeat in 1950.
    [Show full text]
  • Briefing: End-To-End Encryption and Child Sexual Abuse Material 5Rights and Professor Hany Farid December 2019
    Briefing: end-to-end encryption and child sexual abuse material 5Rights and Professor Hany Farid December 2019 Summary A plan by Facebook, and others, to implement end-to-end encryption across their services, including on Instagram Direct and Facebook Messenger, is set to be a boon for child predators and abusers. Specifically, it could cripple the global effort to disrupt the online distribution of child sexual abuse material (CSAM). 5Rights Foundation is not opposed to end-to-end encryption. We are simply calling on all companies not to implement changes until they can demonstrate that protections for children will be maintained or improved. Regrettably, most companies have failed to make this commitment. Background In 2018, tech companies flagged 45 million photos and videos as child sexual abuse material, contained within over 18 million reports to the CyberTipline at the National Center for Missing and Exploited Children (NCMEC). Perhaps more startling than this volume of more than 5,000 images and videos per hour is that last year’s reports alone account for 1/3 of all reports received by the CyberTipline since its inception in 1998 -- the global distribution of CSAM is growing exponentially. Many major technology companies have deployed technology that has proven effective at disrupting the global distribution of known CSAM. This technology, the most prominent example being photoDNA, works by extracting a distinct digital signature (a ‘hash’) from known CSAM and comparing these signatures against images sent online. Flagged content can then be instantaneously removed and reported. This type of robust hashing technology is similar to that used to detect other harmful digital content like viruses and malware.
    [Show full text]
  • Digital Image Forensics
    Digital Image Forensics [email protected] www.cs.dartmouth.edu/farid 0. History of Photo Tampering 0.1: History ........................................ ..................4 0.2: Readings ....................................... .................10 1. Format-Based Forensics 1.1: Fourier † ................................................... .....11 1.2: JPEG † ................................................... ......15 1.3: JPEG Header ..................................... ..............17 1.4: Double JPEG ..................................... ..............20 1.5: JPEG Ghost ...................................... ..............24 1.6: Problem Set ..................................... ...............27 1.7: Solutions ...................................... .................28 1.8: Readings ....................................... .................30 2. Camera-Based Forensics 2.1: Least-Squares † .................................................31 2.2: Expectation Maximization † ....................................34 2.3: Color Filter Array ............................... ...............37 2.4: Chromatic Aberration ............................ ..............43 2.5: Sensor Noise .................................... ................47 2.6: Problem Set ..................................... ...............48 2.7: Solutions ...................................... .................49 2.8: Readings ....................................... .................51 3. Pixel-Based Forensics 3.1: Resampling ..................................... ................52
    [Show full text]