DOCSLIB.ORG

Downloaded 2021-09-27T13:07:33Z

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Downloaded 2021-09-27T13:07:33Z Provided by the author(s) and University College Dublin Library in accordance with publisher policies. Please cite the published version when available. Title Investigation and Automating Extraction of Thumbnails Produced by Image viewers Authors(s) Meer, Wybren van der; Choo, Kim-Kwang Raymond; Le-Khac, Nhien-An; Kechadi, Tahar Publication date 2017-08-04 Publication information Proceedings of the TrustCom 2017, BigDataSE 2017, & ICESS 2017 Conferences Conference details TrustCom 2017, BigDataSE 2017, & ICESS 2017, Sydney, Australia, 1-4 August 2017 Publisher IEEE Item record/more information http://hdl.handle.net/10197/9057 Publisher's statement © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works Publisher's version (DOI) 10.1109/Trustcom/BigDataSE/ICESS.2017.355 Downloaded 2021-09-27T13:07:33Z The UCD community has made this article openly available. Please share how this access benefits you. Your story matters! (@ucd_oa) © Some rights reserved. For more information, please see the item record link above. Investigation and Automating Extraction of Thumbnails Produced by Image viewers Wybren van der Meer Kim-Kwang Raymond Choo Nhien-An Le-Khac, M-Tahar School of Computer Science Department of Information Systems, Kechadi University College Dublin, University of Texas at San Antonio, School of Computer Science Belfield, Dublin 4, Ireland San Antonio, TX 78258, USA University College Dublin, wybren.van-der- [email protected] Belfield, Dublin 4, Ireland [email protected] {an.lekhac,tahar.kechadi}@ucd.ie Abstract— Data carving is generally used to recover deleted challenges. The first challenge is the storage locations for the images in digital investigations, but carving time can be databases containing the thumbnails differ between image significant and the deleted images may have been overwritten. viewer [5], and there are many image viewers in the market Thus, thumbnails of (deleted) images are an alternative evidence, [6]. When a database containing thumbnails is located, another and can often be found within databases created by either challenge is to extract available relevant information. These operating systems or image viewers. Existing literature generally databases often have their own way of storing thumbnails. focus on the extraction of thumbnails from databases created by Consequently, traditional ways of extracting information could the operating system. Understanding thumbnails created by not be applied. One traditional way of extracting information is image reviewers is relatively understudied. Therefore, in this to use data carving. Carving tools take into account sector size paper, we propose a new approach of automating extraction of of a hard disk [7]. When a carving tool finds an image, the tool thumbnails produced by image viewers. We then evaluate the utility of our approach using popular image viewers. often skips a certain amount of disk space. The skipping of a certain amount of disk space is performed because partitions on Keywords—thumbnails; image acquisition; thumbnail storage devices have a dedicated minimal storage space for forensics; automate process; each file. Hence, the skipping of this minimal storage space of each file is done to make the carving process faster. Thumbnails within a database can however, ignore these I. INTRODUCTION minimal storage spaces, as the database itself is one file. A Images are a common source of evidence in a typical digital carving program does not know when there are multiple investigation, such as those involving child abusive materials thumbnails within one file and automatically skips the minimal (CAM) [1]. Images once downloaded to a device are usually storage space, a space where other thumbnails may reside. viewed using image viewers. Standard image viewers in operating system do not provide a way to effectively organize A scan of the literature suggests that investigating image and categorize image collections. To effectively organize databases is a relatively unexplored practice. Most information image collections, the users will need to use specialized image found was related to current carving methods, databases and viewers such as Xnview [2] and ACDsee [3]. thumbnails in general. Besides, the large number of thumbnails stored in databases is also a challenge in terms of the amount of To effectively organize and categorize the images, image time required in the investigation. This is referred to as the big viewers normally save information about the images (also forensic data challenge by Quick and Choo [8][9][10][11]. known as image meta-data). The image meta-data may contain thumbnails, dates, EXIF information and other information of Therefore, in this paper, we propose a new approach to forensic interest [4]. The image meta-data is saved in locate and extract thumbnails from image viewers. First, this databases, which reside on the hard disk of the machine with approach is to locate the image databases by examining the the installed image viewer. These databases may also contain image viewers and then to search for changes made on the hard meta-data information of images no longer available (e.g. drive. The changes provided clues to the location of the image images can be deleted, or reside on other sources that are not databases. When the image database is found, we then extract available to access at that time. Eventually, when the source the thumbnails using different techniques described in this image is not available, the databases of image meta-data from paper, based on the three different storage structures observed. image viewers are the only important sources of information Another contribution of this paper is to automate the entire available to investigators. proposed process of investigation, using freely available tools and code to reduce the time needed for the forensic The image meta-data we look at in this paper is the investigation. thumbnails. In the literature, most research and practical focus on the extraction of thumbnails from databases created by the The rest of this paper is organized as follow: Section II operating system. There is little research focusing on reviews related literature. We present the problem statement of thumbnails created by image reviewers due to many investigating the thumbnails from image viewers in Section III. We describe our approach in Section IV. Findings are presented in Section V. Finally, we conclude and discuss future the pattern in the beginning of one other fragment, statistical work in Section VI. tests were conducted in order to validate if the fragments should be stitched together. II. RELEATED WORK Recovering data from databases may not be possible with With the increasing size of images due to advances in carving, as the structure may be different. It is possible to image sensors and capturing capabilities, thumbnails are often retrieve data from databases by other means. In the study of used to expedite the viewing of images and minimize data [24], some work has been done on recovering data from DBMS usage [12]. Thumbnails are often created before a picture has structures. Another subject to consider is compressed data been manipulated. The original picture can then be altered, and within databases. There are methods for extracting the the thumbnail associated to an image would then be different compressed streams, however, errors may occur [25]. compared to the new altered image [13]. Thumbnails also offer a useful source of information about an image if the original is III. PROBLEM STATEMENT no longer available. One good way of investigating an image is When the original images are no longer available, and to reverse search the image. In this manner, the source of the original image can be tracked down [14]. The reverse searching cannot be retrieved by carving files, one has to look for different sources of information. One source may be forensic can also be performed with just the thumbnail. artefacts created when an image is viewed. An image can be For example, Quick, Tassone and Choo conducted a browsed and viewed by the file explorer of an operating forensic analysis of Windows thumbcache files [15]. The system. This may lead to the creation of a thumbnail. Also research provides a blueprint on how to design an automated metadata of the file may be stored. The retrieving of tool for investigated thumbnails. It does, however, focus only thumbnails and metadata from artefacts within the file explorer on thumbnails created by the different Windows operating of an operating system has been researched and will remain an systems. Thumbnails made by individual programs were not ongoing research area, due to constant updates in operating investigated. systems. Information is however not stored within the database of the operating system if the image was viewed by other In [16], the authors focus on when Windows thumbnails are means. When an image is viewed by a specialized image created. The authors conclude that sometimes thumbnails are viewer, forensics artefacts may be created by the viewer itself. even produced when the user does not browse related pictures. The method used for storing the information by a viewer may The actually viewing of a picture is a parameter and has been differ between different brands, and can change with each new taken into account during the choice of the method to version. The viewer, like the operating system, can store investigate thumbnails generated by image viewers. information within a database. The storing of the information Thumbnails produced by Android were also previously in a database has different purposes. One main consideration investigated [17]. In this research, the authors focus on for storing thumbnails is the speed increase for showing many extracting thumbnails and the file information of the original pictures within a gallery mode.
Load more

Recommended publications
  • Acdsee 11 Freeware
    Acdsee 11 freeware click here to download ACDSee is a great picture viewer, graphic converter and digital image management tool. With ACDSee you can find, organize, and preview images and media files on your computer, and efficiently acquire images from digital cameras, scanners and other devices. ACDSee's image viewer and media player generates. Not sure which product is best for you? Try the full version of any of our products for up to 30 days, and fall in love with the management and editing capabilities of ACDSee. ACDSee for Mac 4. DAM Icon. Digital Asset Management. DAM Icon. RAW Editing. BUY · FREE TRIAL. $ FULL PRICE $ LEARN MORE. Offer ends 12/20/ Max 4 keys / customer. System requirements. To activate your software, to validate your subscriptions, or to access online services, you will need a valid email address and an internet connection. Hardware. Intel® Pentium® III / AMD Athlon processor or equivalent (Intel® Pentium® 4 / AMD Athlon XP or equivalent recommended); MB RAM (1. ACDSee Photo Studio Professional v Manage, view, process and share your best digital images. Download ACDSee Free for Windows now from Softonic: % safe and virus free. More than downloads this month. Download ACDSee Free latest version ACDSee Free, free and safe download. ACDSee Free latest version: View and print your photos quickly. ACDSee Free is a lightweight image viewer for Windows. AcdSee 18 is a great photo management application that provides organizational, viewing, and editing tools, as well as the ability to easily upload and share. Put ACDSee's legendary viewing speed to work for your photos.
    [Show full text]
  • Freeware Irfanview Windows 10 Latest Version Download Freeware Irfanview Windows 10 Latest Version Download
    freeware irfanview windows 10 latest version download Freeware irfanview windows 10 latest version download. Advantages of IrfanView 64-bit over 32-bit version: It can load VERY large files/images (image RAM size over 1.3 GB, for special users) Faster for very large images (25+ Megapixels, loading or image operations) Runs 'only' on a 64-bit Windows (Vista, Win7, Win8, Win10) Advantages of IrfanView 32-bit over 64-bit version: Runs on a 32-bit and 64-bit Windows Loads all files/images for normal needs (max. RAM size is about 1.3 GB) Needs less disc space All PlugIns will work: not all PlugIns are ported (yet) to 64-bit (like OCR) and some 32-bit PlugIns must be still used in the 64-bit version, some with limitations (see the "Plugins32" folder) Some old 32-bit PlugIns (like RIOT and Adobe 8BF PlugIn) work only in compatilibilty mode in IrfanView-64 ( only 32-bit 8BF files/effects can be used ) Command line options for scanning (/scan etc.) work only in 32-bit (because no 64-bit TWAIN drivers ) Notes: You can install both versions on the same system, just use different folders . For example: install the 32-bit version in your "Program Files (x86)" folder and the 64-bit version in your "Program Files" folder (install 32-bit PlugIns to IrfanView-32 and 64-bit PlugIns to IrfanView-64, DO NOT mix the PlugIns and IrfanView bit versions) The program name and icon have some extra text in the 64-bit version for better distinguishing. Available 64-bit downloads.
    [Show full text]
  • Digital Photo Editing
    Digital Photo Editing Digital Photo Editing There are two main catagories of photo editing software. 1. Photo Organizers - Programs that help you find your pictures. May also do some editing, and create web pages and collages. Examples: Picasa, XNView, ACDsee, Adobe Photoshop Elements 2. Photo Editors - Work on one picture file at a time. Usually more powerful editing features. Examples: Adobe Photoshop, Gimp, Paint.Net, Corel Paint Shop Photo Organizers Organizers tend to have a similar look and functionality to each other. Thumb nail views, a directory tree of your files and folders, and a slightly larger preview of the picture currently selected. A selection of the most used editing tools, and batch editing for making minor corrections to multiple pictures at once. The ability to create slide shows, contact sheets, and web pages are also features you can expect to see. XNView Picasa ACDsee Some of the editing features included in Photo Organizer software are: Red Eye Reduction, Rotate, Resize, Contrast, Color Saturation, Sharpen Focus and more. Many of these can be done in batch mode to as many pictures as you select. Picasa has added Picnik to it's tool set allowing you to upload your photo to the Picnik website for added editing features. Here is an example of Redeye removal in Picasa. Crop, Straighten, and Fill Light are often needed basic fixes. Saving and converting your picture file. In Xnview you can import about 400 file formats and export in about 50. For the complete list goto http://www.xnview. com/en/formats.html . Here is a list of some of the key file formats your likely to use and / or come across often.
    [Show full text]
  • 1 Bilder Bearbeiten
    1 Bilder bearbeiten Im Internet finden Sie viele gute Tutorials für die Bildbearbeitung mit Photoshop oder Lightroom, aber mittlerweile sind viele Anwender auf der Suche nach Alternativen. In diesem Skript gehe ich deshalb einen etwas anderen Weg und zeige Ihnen die Gemeinsamkeiten aber auch die Unterschiede unterschiedlicher Software-Produkte. Diese Veröffentlichung wurde nicht von Software-Herstellern gesponsert. Ich habe die Programme nach freiem Ermessen ausgewählt und die kostenlosen Testversionen 30 Tage lang parallel genutzt. Mein Fazit: Im Amateurbereich kann man wunderbar ohne Adobe-Produkte auskommen. Zunächst erhalten Sie einen kurzen Überblick über die grundlegenden Bearbeitungskonzepte. Bei den Anleitungen für die wichtigsten Bearbeitungsschritte verwende ich ganz bewusst Screenshots aus verschiedenen Programmen. Es mag anfangs verwirrend erscheinen, wenn Sie nicht jeden Schritt sofort 1:1 nachmachen können, aber Ihr Verständnis für das Prinzip der Bildbearbeitung wird sich schärfen. Dadurch wird ein Wechsel zu einem anderen Software-Anbieter einfacher. Wenn Sie meine Arbeit unterstützen wollen, freue ich mich über eine Spende auf meinen Paypal-Account. Für Lob oder Kritik erreichen Sie mich per Mail: . Und nun viel Spaß beim Lesen! 1 © Jacqueline Esen | www.fotonanny.de Inhalt 1 Bilder bearbeiten 1 1.1 Welche Software ist die richtige für mich? 3 1.1.1 Unterschiedliche Behandlung von RAW und JPEG 4 1.1.2 Das Konzept von Lightroom und Darktable 6 1.1.3 Klassische Bildbearbeitungsprogramme 10 1.1.4 Das Grundprinzip der Bildbearbeitung
    [Show full text]
  • Acdsee 6 Download
    Acdsee 6 download click here to download ACDSee Screenshots. upload screenshot; upload screenshot; upload screenshot; upload screenshot; upload screenshot; upload screenshot. Product support for ACDSee Pro 6. Download the ACDSee Pro 6 User Guide (build ), /07/16, MB, Download from User Portal. (build. Support Documents. Click here to view the online help · Download the ACDSee Photo Editor 6 User Guide. System Requirements. Hardware. Intel Pentium. Sep 20, Enter a search term here. Home › ACDSee › Download problem with ACDSee P.. ACDSee Pro 6 English ACDSee Pro 6 bit · ACDSee Pro. Nov 28, Download ACDSee Pro. Speed up your image processing and zoom through your workflow tasks, thanks to ACDSee Pro 6's native bit. ACDSee Free, free and safe download. ACDSee Free latest version: View and print your photos quickly. Nov 25, ACDSee is a Photo & Image software developed by ACD Systems International Inc.. After our trial and test, the software is proved to be official. Download, it's % FREE! A complete kit for your digital photos, ACDSee PowerPack Deluxe combines ACDSee with ACDSee PowerPack is a software program developed by ACD Systems Ltd. The most common release is . Sep 27, Hello Friends,today i'm sharing amazing photo editing software ACDSee Photo Editor 6 for your Windows www.doorway.ru Photo Editor 6 makes it. ACDSee has everything you need to manage, edit and share your digital images. Get total photography control with powerful editing features, innovative tools. Sep 25, ACDSee Ultimate 8 offers pro photography features like workflow management, cataloging, and archiving. It also sends email and creates CDs.
    [Show full text]
  • Competitive Advantages of Zoner Photo Studio
    www.zoner.com Competitive Advantages of Zoner Photo Studio Zoner Photo Studio—For every step in a picture’s life cycle Pictures can be brought in from nearly any source Fast and easy browsing and viewing Advanced photo manager supports searches & sorting for keywords, GPS, and more Convenient yet powerful RAW processing with 16-bit-color support Countless selection and editing tools Easy-to-use photo functions and a wide range of effects Savable/reloadable settings Filters to serve every need from touchups to creative work Color management and 16-bit-color support All metadata is stored directly inside or beside pictures (not a database—no risk of corruption, etc.) Leverages existing standards and formats—EXIF, IPTC, Adobe XMP, PDF, HTML, and more ACDSee Photo Manager Limited RAW processing options Limited batch processing Basic photo edits and retouching only No color management No way to do more than one thing at once—user can only either edit or browse No way to copy and paste or insert one picture into another ACDSee Pro Photo Manager Limited batch processing Basic photo edits and retouching only No way to do more than one thing at once—user can only either edit or browse No way to copy and paste or insert one picture into another Manage Edit Share www.zoner.com Adobe Lightroom Resource-hungry, slows down most machines Not very useful for directly browsing pictures—designed to work mainly through its own private database, the Catalog Awkward extra work needed to keep pictures’ information free for use in other
    [Show full text]
  • User Guide Acdsee 15 User Guide
    User Guide ACDSee 15 User Guide Contents CHAPTER 1: GETTING STARTED ...................................................... 1 Welcome to ACDSee 15 ................................................................................................... 1 About the ACDSee Pro User Interface ............................................................................. 1 Manage mode ................................................................................................................ 2 View mode .................................................................................................................... 2 Edit mode ..................................................................................................................... 2 Online mode .................................................................................................................. 2 Switching Modes in ACDSee 15 ....................................................................................... 2 Using Manage Mode ........................................................................................................ 3 About the Manage mode panes ........................................................................................ 3 Manage mode drop-down menus ...................................................................................... 4 Working with Manage mode panes .................................................................................... 4 Moving panes ...............................................................................................................
    [Show full text]
  • Create Club Pdis Using Lightroom
    Create Club PDIs Using Lightroom Ian Whiting - 9th January 2015 Table of Contents Introduction ............................................................................................................................................ 2 PDI Requirements ............................................................................................................................... 2 MAC Users ........................................................................................................................................... 2 Ratio .................................................................................................................................................... 2 Exporting an Image ............................................................................................................................. 4 Method 1 - Export to Edit in Image Editor .............................................................................................. 5 Method 2 - Export to JPG ........................................................................................................................ 6 Method 3 - Print to JPG ......................................................................................................................... 10 Page Setup ........................................................................................................................................ 10 Layout Style ......................................................................................................................................
    [Show full text]
  • Support for TIFF Format in Popular Image Viewers and Converters
    Support for TIFF format in popular image viewers and converters Dmitry Moshkin, Chief Researcher, fCoder Research Lab Constantine Melnikov, fCoder Research Lab Our task was to compare how popular image viewers and converters support TIFF file format basing on image collection prepared with the help of Adobe Photoshop CS3 software. We reviewed only raster contents of TIFF format. The research of nonstandard variants of TIFF format was performed separately. Causes and goals of research TIFF format is one of most widely used graphics file formats. The main sphere of application for this format is archiving documents and images, due to its lossless compression features, ability to save images in different color spaces as well as store detailed satellite metadata. Data arhiving means preserving high information accessibility. Your documents should open even after many years of storage. Providing this support is very easy with uniform format specification. Today the format uses the sixth version of its specification. Regretfully, different software titles support different features of the format. Will modern software be able to read any TIFF file created within last ten years? The main goal of our research is to find out how well popular image viewers and converters support TIFF format. Exploratory procedure The main idea of the research is very simple: viewing/converting a batch of sample images with the help of different image viewers/converters. Support for TIFF format in the application by the study is expressed as the ratio of files opened or converted by the application to the general number of sample images, i.e N N K= all tested damaged 100% N all tested ,where Ê is the value of support for TIFF format in the application, Nall tested is the number of tested files, Ndamaged is the number of wrongly converted or displayed files.
    [Show full text]
  • Windows Software Linux Alternative Windows
    Windows Software Linux Alternative Windows Software Linux Alternative Windows Software Linux Alternative 3D Home Architect Sweet Home 3D Cdex Sound Juicer Google Desktop Search Google Desktop (http://sweethome3d.sourceforge.net/index.html) (http://www.burtonini.com/blog/computers/sound-juicer) (http://desktop.google.com/linux/index.html) 3D Studio Max K-3D (http://www.k-3d.org/) Rubyripper Beagle (http://beagle-project.org/) (http://wiki.hydrogenaudio.org/index.php?title=Rubyripper) Wings 3D (http://www.wings3d.com/) Guitar Pro TuxGuitar (http://www.tuxguitar.com.ar/home.html) ripperX (http://ripperx.sourceforge.net/) Art of Illusion (http://www.artofillusion.org/) DGuitar (http://sourceforge.net/projects/dguitar/) Grip (http://nostatic.org/grip/) Blender (http://www.blender.org/) kguitar (http://sourceforge.net/projects/kguitar/) KaudioCreator ACDSee KuickShow (http://kuickshow.sourceforge.net/) (http://www.icefox.net/programs/?program=KAudioCreator) Itunes Banshee (http://banshee-project.org/Main_Page) ShowImg (http://www.jalix.org/projects/showimg/) Collectorz aviManager (http://avimanager.sourceforge.net/) aTunes (http://www.atunes.org/) Gwenview (http://gwenview.sourceforge.net/) GCstar (http://www.gcstar.org/) Quod Libet (http://www.sacredchao.net/quodlibet) GQview (http://gqview.sourceforge.net/) Tellico (http://periapsis.org/tellico/) SongBird (http://www.songbirdnest.com) Eye of GNOME Alexandria (http://alexandria.rubyforge.org/) Exaile (http://www.exaile.org/) (http://www.gnome.org/projects/eog/) Griffith (http://griffith.vasconunes.net/)
    [Show full text]
  • Scanning and Photo Management & Photo Editing Software Options
    Digital Conversion Unit University of Michigan Library 837 Greene St. Room 3212 http://www.lib.umich.edu/node/19943 Scanning and Photo Management & Photo Editing Software Options (many free) Windows Scanning (& Camera) Wizard- A Windows utility for PC users. An easy alternative to the software included with most scanners. Available for free download if not already installed. It has a VERY simple interface for single page scanning, but it might be too simple if you are an advanced user. Gimp- http://www.gimp.org/ Free image editor Photoscape- http://www.photoscape.org Free image editor and simple animator Paint.net- http://www.getpaint.net Free image editor Picasa-http://picasa.google.com/ Free image manager & includes some image editing and tagging ability. Picnic- http://www.picnik.com/ Free basic image editor. (associated with image display website-www.flickr.com) Irfanview- http://www.irfanview.com/ Free image manager/viewer/tagger Aviary-http://aviary.com/ Free online suite of tools for all sorts of creative content including images and audio. (for advanced users) Polyview- http://www.polybytes.com/ Image manager, viewer and printing utility Cost- $30 ACDsee- http://www.acdsee.com/ Image manager, viewer, printing utility, simple fixes editor Cost- $70 Corel Paint Shop Photo Pro- http://www.corel.com Photoshop alternative image editor Cost- $80-100 Adobe Photoshop Elements- http://www.adobe.com This is basically Photoshop light and contains the tools to do most image touch-ups. Cost- $80-100 Digital Conversion Unit May 5, 2010 University of Michigan Page 1 .
    [Show full text]
  • Acdsee Photo Studio Professional 2020 Manual
    Acdsee photo studio professional 2020 manual Continue ACDSee Photo Studio ProfessionalAndrea Minter2020-09-24T19:17:15-00:00 ACDSee Photo Studio UltimateAndrea Minter2020-2020-00 2010-02T17:58:49-00:00 Photo Studio Professional 2020-0 Issue NotesAndrea Minter2019-12-10T0 0:59:48-00:00 1Dscription2ACDSee Photo Studio Professional 20203Face Detection and Recognition4Digital Asset Management5Raw Editing 6 Additional editing ByIng Tools ACDSee Photo Studio Professional 2020 OverviewComprising universal editing capabilities along with useful digital asset management tools, ACDSee Photo Studio Professional 2020 by ACD Systems is a post-production solution for Windows operating systems. This version of 2020 sees updates for the Blended Clone tool, for intuitive removal and replacement of items in the image, along with extended LUT color support to fine-tune the look of the images. In addition, unprocessed image processing is supported for more than 500 different camera models for non-destructive image enhancement. In terms of file management, Face Detection and Facial Recognition makes it easier to organize people's photos, while the complex DAM system allows you to edit metadata, as well as apply tags, ratings, tags, and keywords to help quickly find files in an extensive image library. The Blended Clone tool can replicate pixels from the source area to the target area, automatically mixing in the target area for a seamless look. Color class images, applying LUTs as non-destructive filters for creative color effects and different looks. In addition to image files, you can scroll through PDF documents and rank digital assets based on importance. Integrated Dropbox and OneDrive support for cloud file storage or additional access to cloud sync root drives is available in Manage mode.
    [Show full text]