0% found this document useful (0 votes)
477 views15 pages

Digital Forensics

The document discusses digital forensics, including the process, types of analysis, and advantages and disadvantages. It covers four main areas of digital forensic analysis: storage media, hardware/operating systems, networks, and applications. The scientific process involves data collection, examination/analysis, and reporting. Digital forensics can be used to investigate cybercrimes, corporate fraud, and other legal cases involving computers, networks, and mobile devices. While it provides a way to retrieve deleted or damaged evidence, it also faces challenges such as ensuring evidence admissibility and analyzing large amounts of data.

Uploaded by

Co Vid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
477 views15 pages

Digital Forensics

The document discusses digital forensics, including the process, types of analysis, and advantages and disadvantages. It covers four main areas of digital forensic analysis: storage media, hardware/operating systems, networks, and applications. The scientific process involves data collection, examination/analysis, and reporting. Digital forensics can be used to investigate cybercrimes, corporate fraud, and other legal cases involving computers, networks, and mobile devices. While it provides a way to retrieve deleted or damaged evidence, it also faces challenges such as ensuring evidence admissibility and analyzing large amounts of data.

Uploaded by

Co Vid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 15

Cyber stalking

Cyber terrorism

Data theft

Specialized tools

Capture

Analysis

Presentation

4 areas of analysis

Storage media

Hardware and operating systems

Networks

Applications

Digital forensics scientific process

1. Data collection

-obtain search authority

-document chain custody

-hash and duplicate all evidence

2. Examination and Analysis

-validate your tools

-perform analysis

-reproduce for assurance

3. Reporting

-Make conclusions

-Present expert testimony


Computer system, Networks and mobile device

-can all be utilized in or fall victim for cyber attack.

Computer Forensics

Network Forensics

Mobile Devices –

Preserve and Maintain Evidence

Without digital forensics evidence can go unnoticed or become uncompromised

Pros and Cons


The exchange of information is taking place everyday over the internet. Although this
may be convenient for us, it can also pose as an opportunity for criminals. Phishing,
corporate fraud, intellectual property disputes, theft, breach of contract and asset
recovery are some of the situations wherein computer forensics can be used.

Apart from the technical aspect, legal issues are also involved. Computer forensic
analysts make their investigation in such a way that the electronic evidence will be
admissible in court.

There are advantages and disadvantages when it comes to computer forensics. This
field is relatively new and criminal matters usually dealt with physical evidences. This
makes electronic evidence something very new. Fortunately it has been a helpful tool
wherein important data needed for a case that has been lost, deleted or damaged can
be retrieved.

Computer forensics’ main advantage is its ability to search and analyze a mountain of
data quickly and efficiently. They can search keywords in a hard drive in different
languages which is beneficial since cyber crimes can easily cross borders through the
internet.

Valuable data that has been lost and deleted by offenders can be retrieved which
becomes substantial evidence in court. Legal professionals are able to produce data in
court that were previously impossible.

The first setback when using electronic or digital evidence is making it admissible in
court. Data can be easily modified. Analyst must be bale to fully comply with
standards of evidence required in the court of law. The computer forensic analyst must
show that the data is tampered.
His or her own investigation must also be fully documented and accounted for.
Computer forensics must also training of legal standard procedures when handling
evidence.

The main disadvantage is the cost of when retrieving data. Computer forensic experts
hire per hour. Analysis and reporting of data can take as long as 15 hours but it will
also depend on the nature of the case. Another one is that when retrieving data,
analyst may inadvertently disclose privilege documents.
Legal practitioners involved in the case must also have knowledge of computer
forensics. If not they will not be able to cross examine an expert witness. This also
applies to the judge, solicitors and barristers. Computer forensics is still fairly new
and some may not understand it. The analyst must be able to communicate his
findings in a way that everyone will understand.
Although computer forensics has its disadvantage, this can be solved by the party
involved. Evidence on the other hand can only be captured once. The use of
computers and the rise of cyber crimes also call for an equally high the method of
stopping it.

Cyber libel
Raghavan, S. (2013). Digital forensic research: current state of the art. CSI Transactions on ICT, 1(1), 91-
114.

Digital forensics is the process of employing scientific principles and processes to analyze
electronically stored information and determine the sequence of events which led to a particular
incident. In this digital age, it is important for researchers to become aware of the recent
developments in this dynamic field and understand scope for the future. The past decade has
witnessed significant technological advancements to aid during a digital investigation. Many
methodologies, tools and techniques have found their way into the field designed on forensic
principles. Digital forensics has also witnessed many innovative approaches that have been
explored to acquire and analyze digital evidence from diverse sources. In this paper, we review
the research literature since 2000 and categorize developments in the field into four major
categories. In recent years the exponential growth of technological has also brought with it some
serious challenges for digital forensic research which is elucidated. Within each category,
research is sub-classified into conceptual and practical advancements. We highlight the
observations made by previous researchers and summarize the research directions for the future.

Introduction
Digital forensics is a branch of science that involves the application of scientific principles to the
investigation of artifacts present in one or more digital devices in order to understand and
reconstruct the sequence of events that must have transpired in generating the said artifacts.
Digital forensics pertains to acquiring, examining, analyzing, and possibly documenting and
presenting these artifacts and the reconstructed sequence of events as evidence in a court of law.
Digital forensics developed as an independent field in the late 1990s and early 2000s when
computer based crime started growing with the increasing usage of computers and more so, the
Internet. In early days, it was called computer forensics since the evidence collected was
restricted to computers. However, in recent years, with several technological advances, this
restriction is no longer true. Consequently, the process of conducting forensic investigations
involving contemporary digital evidence has become more challenging.

Computer forensics developed as an independent field in late 1990s and early 2000 when
computer based crime started growing with the increasing popularity of computers and especially
the Internet. Of the approximately half of respondents who experienced at least one security
incident last year, fully 45.6 percent of them reported they’d been the subject of at least one
targeted attack. According to the 2010/11 CSI Computer Crime Survey [60], almost 46 % of the
respondents were affected by at least one form of computer crime. According to 2010 Gallup
Computer Crime survey [73], 11 % of American adults report that they were a victim of a
computer or Internet crime on their home computer in the past year, up from the 6 to 8 % levels
found in the previous 7 years. The 2012 Indian Risk survey [71] indicates that Computer and
Internet crime remains the single largest source of national threat at 10.81 % closely followed by
terrorism at 10.43 %. The 2006 Australian Computer Crime Survey [12] has estimated computer
facilitated financial fraud and proprietary information breaches at over A$ 2,000,000 in lost
revenue. With the recent proliferation of newer digital devices in the markets and the increasing
frequency of discovering such devices in investigations, a new term called digital forensics was
coined. This new term now refers to investigating any type of media capable of storing digital
information as part of a forensic investigation. The Digital Forensic Research Workshop
(DFRWS) Technical committee [63] has defined digital forensic science as below:

The use of scientifically derived and proven methods toward the preservation, collection,
validation, identification, analysis, interpretation, documentation and presentation of digital
evidence derived from digital sources for the purpose of facilitating or furthering the
reconstruction of events found to be criminal, or helping to anticipate unauthorized actions
shown to be disruptive to planned operations.

Digital forensics: the process


Digital forensics is multi-staged process starting with the identification of digital media from a
scene (possible criminal) as potential evidence to the stage where it is presented as evidence by
an expert witness in a court of law. The sequence of activities is illustrated at a high level in
Fig. 1.

Fig. 1

Illustrating the digital forensic multi-staged process

Full size image

The very first stage of the digital forensic process is the identification of relevant digital
evidence. This involves the identification of one or more sources of digital storage capable of
storing digital information associated with the investigation at hand. Some examples of hardware
that can provide digital evidence include hard disks on computer systems, random access
memory cards, USB and other external sources of secondary storage, mobile phones, PDAs and
so on. Once identified, evidence is acquired from the devices and forensically preserved.

By acquisition, we refer to the process of obtaining a binary bitwise copy of the entire contents
of all digital media that are identified. The evidence thus acquired is preserved and standard hash
signatures like MD5 or SHA1 is used to verify integrity of the digital evidence.
In a digital forensics investigation, investigators deal with acquiring digital records for
examination. Digital records can vary in form and type. Documents on a computer, telephone
contact list, lists of all phone calls made, trace of signal strength from the base station of a
mobile phone, recorded voice and video files, email conversations, network traffic patterns and
virus intrusions and detections are all examples of different types of digital records. In short,
digital evidence encompasses:

1. a.

User data

2. b.

Metadata associated with user data

3. c.

Activity logs; and possibly

4. d.

System logs
User data pertains to data directly created or modified or accessed by one or more users involved
in an investigation. Metadata pertains to data providing context of how, when, who and in what
form the user data was created or modified or accessed. Activity logs are records of user activity
by a system or application or both detailing specific actions conducted by one or more users and
system logs pertain to variations in system behavior from the normal based on one or more
actions conducted by the users.

Once the digital evidence is acquired, it is always necessary to make copies and conduct all
forensic tests on such read-only copies, lest any activity tamper the data stored within the
original sources [58, 59]. The digital evidence is then examined using one or more forensic tools.
These forensic tools generally provide some form of file system abstraction to the digital
evidence, such that their contents may be examined for trace of evidence. This stage is
called evidence examination where the digital evidence sources are examined for their contents
and possibly indexed for conducting searches. This definition is in accordance with Casey’s view
of the digital forensic examination process. Casey [44] defines forensic examination as the
process of extracting information from digital evidence and making it available for analysis. In
some cases, the examination of digital evidence may reveal some hidden or otherwise not
explicit information which has to be extracted and subsequently analyzed. The act of identifying
such information is termed evidence discovery.

After evidence examination and discovery, forensic analysis begins where the evidence sources
and the discovered data are analyzed to determine the sequence of events leading to the reported
crime under investigation. Casey [44] defines forensic analysis as the application of scientific
methods and critical thinking to address the fundamental questions in an investigation: what,
who, why, how, when and where. The individual stages are thoroughly documented and
this documentation is presented in a court of law. Oftentimes, the presentation of digital evidence
in court may be accompanied by an expert witness for testifying.

Research challenges
In a digital investigation, investigators deal with acquiring digital records for examination.
Digital records can vary in forms and types. Documents on a computer, telephone contact list,
list of all phone calls made, trace of signal strengths from base station of a mobile phone,
recorded voice and video files, email conversations, network traffic patterns and virus intrusions
and detections are all examples of different types of digital records. In the last decade, a large
number of new digital devices have been introduced with advancements in digital technology.
Lalis et al.’s [115] article on wearable computing provides a flavor for this changing digital
scenario. These advances in digital technology and the relatively gradual progress in digital
forensics have resulted in five major challenges [34, 74, 169]. They are:

1. 1.

Complexity problem

2. 2.

Diversity problem

3. 3.

Consistency and correlation;

4. 4.

Quantity or volume problem; and

5. 5.

Unified time-lining problem


Digital forensics has developed primarily a reactive field [74] which is a prime cause for these
challenges, viz., advancements in digital forensics were triggered by crime first being committed
on a computer or any digital device. Consequently, the field apparently seems to follows the
trend rather than leading it.

Primarily, digital evidence is acquired in raw binary form which is too difficult for humans to
understand and this leads to the complexity problem [34]. Forensic tools are hence used to
interpret the raw digital evidence to address this problem. But currently, there is abundance in
the number of forensic tools to interpret binary data in digital evidence and consequently,
complexity has taken a backseat.
Of late, the amount of data collected during investigations has been steadily growing and it is
becoming ineffective to analyze every single byte. The volumes and the heterogeneity of digital
evidence have called for the application of data reduction techniques by grouping data into larger
chunks or by removing known and irrelevant data prior to analysis. Garfinkel [74] also
acknowledges the growing volumes of storage devices and makes an additional observation that
in the presence of the multiple operating systems, file formats and devices, there is no standard
way to examine and analyze all types of digital evidence—this has led to the diversity problem.
Besides, with digital investigations often having to deal with multiple sources, investigators are
required to examine consistency and correlate the evidence discovered across these sources
leading to the consistency and correlation challenge. Garfinkel [74] observes that as there are no
standards in data representation across these devices, many of which are proprietary, forensic
examination and analysis become a significant challenge. Besides, the forensic tools currently in
existence are designed to find pieces of digital evidence but not assist in investigations [78];
hence, majority of the analysis is conducted manually. Since different sources require different
forensic tools, this has resulted in the diversity problem.

Despite this seemingly common structure of many file systems, these file systems are customized
in the manner in which they store and process files. As a result, a file system partition which is
defined as NTFS cannot process an EXT or a HFS partition. Another example of such a
seemingly common structure for potential evidence sources is among logs; all log files have a set
of fields and corresponding set of values, and they are used to record activities to tracking system
behavior or users’ activities. Nevertheless, not all logs can be interpreted the same way. Each log
is customized to track specific activities and hence the events of a system log and a network can
never be merged together. In other words, the semantics of the log is embedded in the log type
which is lost when they are merged. Moreover, when multiple sources of digital evidence are
identified for investigation, not only is it essential to analyze them, it is also essential to
corroborate and correlate the data between these sources for consistency. For instance, if a user
has visits a webpage, the visit creates a record in the user’s browser history as well as the
cookies. If the user accessed the webpage via a proxy, the proxy will also contain an entry
corresponding to the visit. Hence, multiple logs may require to be corroborated during forensic
analysis. This is the consistency and correlation problem.

With the rapid increase in the sizes of storage media, the volumes of digital evidence collected
these days are tremendously large [36]. Investigators are required to analyze enormous volumes
of data in any given investigation and in the absence of sufficient automation, it is tedious work.
Richard and Roussev [169] and Garfinkel [74] have also separately acknowledged the growing
volume of digital evidence as a major concern. This growing volume of digital evidence is
known simply as the volume problem. Marziale et al. [125] recognize the need to have efficient
computing systems to run forensic tools, especially in distributed computing scenarios and
propose a multi-threaded solution to carveFootnote1 data from digital evidence. Liebrock et al. [122]
propose a preliminary design for a terabyte dataset framework to accommodate the growing
volumes of digital evidence by storing them in RAID arrays. The XIRAF architecture [6]
automatically indexes content in digital evidence allowing investigators to query evidence.
Generating such a unified timeline across multiple sources of digital evidence presents many
challenges [25, 30, 116, 182, 198]. Broadly speaking, some of these challenges are:
1. 1.

Time zone reference and timestamp interpretation

2. 2.

Clock skew, clock drift and synchronization; and

3. 3.

Syntax aspects
We refer to this as the unified time-lining problem. Coutaz et al. [61] argue that capturing
contextual information retains the key to integrating different technology services. Context
would allow the system to decide the most relevant evidence to be retained. The aim is to limit
the investigation space by drawing boundaries on the evidence categories to restrict the tests
conducted on these classes of evidence.

An increasing number of digital systems are getting integrated and there is a need to access and
interpret the data from these systems in a uniform and consistent manner. Fundamentally, owing
to the variety that the current digital systems exhibit, it is integral to identify or establish a
common platform for digital data integration and analysis. Given the ever growing volumes of
digital investigation cases, the success of this approach hinges on the ability to automate the
process. The paper is organized as follows. In Sect. 2, we classify digital forensic research
literature into 4 main categories and each subsequent section explores the details of the published
works. We conclude in Sect. 7 with a brief summary and in Sect. 8, take a look at some areas
which hold much promise.

Classification of research literature


In this section, we review the broad area of digital forensics to inform us of the state of the art
developments and best practices in the field and with an aim of identifying unresolved research
challenges in the field. Hosmer [99] calls for the need to standardize the concept of digital
evidence to provide a common platform for investigators to perform forensic analysis. Drawing
parallel from physical evidence acquisition process, Hosmer suggests adopting a methodology
that is similar to how physical evidence are stored and organized. However, since digital
evidences can be altered, copied or erased, he proposes the 4-point principles of authentication,
integrity, access control and non-repudiation while handing digital evidence. Mercuri [131]
outlines some of the major challenges facing the field of digital forensics:

1. i.

scaling technology and the need to adapt scalable architectures

2. ii.

need to adopt uniform certification programs and courses in digital forensics


3. iii.

need for changes in the digital evidence permissibility laws in courts


Casey [45] discusses recent challenges set by network intrusions and suggests steps to manage
security breaches. He calls for sophisticated digital evidence acquisition techniques, efficient
methods to preserve evidence over long periods of time, effective tools for analysis and
development of forensic theories to lay a stronger foundation for future analysis. Adelstein [1]
presents an argument for the need to adopt new acquisition and analysis techniques for the
growing number of live memory forensic analysis. Trends indicate that it is infeasible to always
bring down a system to image the system and often investigators must rely on their ability to
reliably image the memory and available storage drives for examination during an investigation.
Increasingly, it appears that forensics must quickly learn to bridge the gap between what is
necessary and what is available. However, in order to tackle such dynamic variety in digital data,
there is need to abstract the evidence model and analyze its characteristics before further
challenges can be identified.

Turner [202] states that when devices become more specialized, forensic examiners will require
acquaintance with as many different processing tools to interpret the data they contain. This is
owing to the fact that forensics is limited today as it can process captured information only as a
single entity. Existing digital forensic tools are typically fine-tuned to capture and extract data
from specific storage media. Some tools like EnCase and the Forensic Toolkit have sufficient
intelligence built-into understand and interpret a few different types but there is no tool in
existence to date that can interpret all types of data. The common digital evidence storage format
working group [58] has re-iterated the drawbacks with current forensic analysis tools in terms of
not being able to cope with multiple proprietary image formats. The group emphasizes the need
for introducing a common digital evidence storage format that is common to variety of evidence
sources including hard disk images, network logs, proxy cache data, memory dumps, etc.

Current research in digital forensics can be classified into 4 major categories, viz. evidence
acquisition and representation, evidence discovery and examination, digital forensic analysis and
digital forensic process modeling. Evidence acquisition is concerned with identifying and
acquiring digital data in a forensically secure manner from a variety of digital devices. This
branch examines the forensic scope of data from different devices and presents new techniques
and tools (both hardware and software) to acquire data from the field. The data so acquired is
then carefully imaged into secure drives for data discovery and examination. Evidence
examination and discovery deals with techniques to discover relevant data within the acquired
sources and the software support needed to examine the contents using one or more forensic
tools. Evidence examination deals with the extraction of information from digital evidence and
makes it available of analysis [44]. The different forensic tools used generally provide some
form of file system or schema support to the digital evidence sources enabling investigators to
navigate through the sources examining their contents. Digital forensic analysis is the
application of the scientific method and critical thinking to address the fundamental questions in
an investigation: who, what, where, when, how and why [44]. The process involves the analysis
of artifacts from one or more sources of digital evidence to determine the sequence of events and
answer these fundamental questions in order to solve the crime that is being investigated.
Forensic analysis also involves using the fundamental principles underpinning the creation,
modification, tamper and deletion of digital data on storage media and coming up with a logical
sequence of events to explain the state of data in acquired evidence. Digital forensic process
modeling deals with establishing theoretical backgrounds on the forensic process and defining
procedures and processes that must be in place while guaranteeing integrity of evidence
throughout an investigation. The modeling process also defines fundamental forensic principles
for the development of new tools in forensics examination and analysis. In the following
sections, we will deal with each category separately identifying the different published research
in them.

Evidence acquisition and representation


Evidence acquisition, being the first step in a digital investigation has been thoroughly studied to
understand where there is scope for data (potential digital evidence) and how it can be extracted.
Several national governmental agencies have recognized the need to deal with increasing use of
digital data and participated in efforts to define guidelines for their use and handling.

Standards and guidelines


The National Institute of Justice (NIJ) and the Department of Justice (DoJ) in the United States
of America have laid down principles for first responders, where to search for evidence in a
crime scene and how to go about acquiring data. The National Institute of Standards and
Technology (NIST) has supported many such initiatives and has provided both tools and tool
testing capability [147, 150–154] for evidence acquisition. The Association of Chief Police
Officers (ACPO) [11] has published the Good Practice Guide for Computer based Electronic
Evidence in the United Kingdom and Standards Australia [196] has laid down guidelines for the
management of IT evidence in Australia. While there has been a general growth in awareness for
acquiring digital evidence and different national standards have been published, the underlying
principle in evidence acquisition remains the same. Typically, when a hard disk must be
acquired, it is connected to a forensic system via a write-blocker and a binary image of the entire
disk is taken. A write blocker is a hardware device or software tool that allows read-only access
to the suspect disk to avoid tampering evidence and maintains data integrity. While it is a safe
and secure method for hard disk acquisition and is applicable to all disk formats, the sheer
volumes of hard disks today render the process tedious. Further, if a disk was purchased in a
secondary market, as in many cases, often investigators acquire and analyze far too much data
than necessary which amounts to precious lost time in an investigation. This can be attributed to
the fact that such disks could contain irrelevant data, deleted, lost or otherwise, which would be
captured by the acquisition tool. In such cases, improper formatting of secondary disks and
possibly improper magnetization in the disks could result because of aging. Since in most cases
the data are acquired in raw binary format, there are no reliable means to compress the size of the
acquired data which renders the process cumbersome. Since then, however, several proprietary
formats have been engineered to compress these images and manage size of data [59].

Since initially recognizing the need to acquire digital data and use it in digital investigations,
research has paved the way for several new acquisition techniques and tools in the public domain
for evidence in different types of devices. Lyle [123] describes the functions of a hardware write
blocker and describes how the NIST had come up with testing tools to validate their
functionality. Garfinkel [79, 80] notes in many cases often investigators acquire and analyze far
too much data than necessary which amounts to precious lost time in an investigation. This can
be attributed to the fact that certain sources of digital evidence could contain irrelevant or deleted
data which would be captured by the acquisition tool.

Since initially recognizing the need to acquire digital data and use it in digital investigations,
research has paved the way for several new acquisition techniques and tools in the public domain
for evidence in different types of devices. While acquisition was recognized as a straightforward
process, it involved gathering a variety of different devices and data in several different formats,
viz., raw binary format, expert witness format (EWF), advanced forensic format (AFF), Encase
image file format and so on. The raw binary format is a purely binary image of the source. The
EWF is the basis of the image file format created by EnCase. The Encase image file format is
relatively compressed but proprietary image format used by Encase forensic tools.

Digital image forensics is a brand new research field which aims at validating the
authenticity of images by recovering information about their history. Two main problems
are addressed: the identification of the imaging device that captured the image, and the
detection of traces of forgeries.
RRL

Based on the study conducted by Raghavan, S. (2013). Digital forensic research:


current state of the art. CSI Transactions on ICT, 1(1), 91-114. process of using
scientific methods and principles to examine electronically stored data and ascertain the
series of events that lead to a certain occurrence is known as digital forensics. It is
crucial for researchers in the digital era to be aware of the most recent advancements in
this dynamic sector and to comprehend the potential for the future. Significant
technology breakthroughs that can help with a digital inquiry have occurred during the
last ten years.
Numerous forensically based procedures, tools, and techniques have entered the
sector. Innovative methods have been explored in digital forensics to gather and
examine digital evidence from a variety of sources. We evaluate the research literature
published since 2000 and divide field advancements into four main areas in this work.
The current exponential advancement in technology has also presented some
significant difficulties for digital forensic research, which are explained. Research is
divided into conceptual and practical advancements within each topic. We draw
attention to the findings reported by earlier scholars and list the future study directions.
https://link.springer.com/article/10.1007/s40012-012-0008-7

According to the study of Sadeghi, S., Dadkhah, S., Jalab, H. A., Mazzola, G., &
Uliyan, D. (2018). State of the Art in Passive Digital Image forgery detection: copy-move
image forgery. Pattern Analysis and Applications, 21(2), 291-306. Digital photos can
contain valuable information and are frequently used as crucial pieces of evidence in
legal proceedings, it is becoming more and more critical to authenticate them.
Nowadays, it is challenging to authenticate digital photographs because, thanks to
sophisticated image processing software and human understanding, changing them has
become simple. Numerous researchers have developed various strategies for detection
in picture forensics as a result of the significance and relevance of digital image
forensics. Passive picture forgery detection is the main field of image forensics.
Copy-move digital image forgery, which includes copying one section of the
image onto another area of the same image, is one of the most significant passive
forgeries that affect the originality of the image. Numerous strategies have been
suggested to recognize several kinds of modifications used in copy-move fraud. This
study aims to evaluate the best copy-move forgery detection techniques for various
image properties, including JPEG compression, scaling, and rotation. Each method's
benefits and downsides are also mentioned. Thus, the most cutting-edge methods for
detecting image forgeries are explored, together with their benefits and shortcomings.
https://doi.org/10.1007/s10044-017-0678-8

Based on the study of Bayram, S., Sencar, H. T., & Memon, N. (2008,
September). A survey of copy-move forgery detection techniques. In IEEE Western
New York Image Processing Workshop (pp. 538-542). The best image faking
techniques offer no clear signs of alteration. In order to detect image forgery the
researchers have proposed digital approaches to distinguish unnoticeable tampering in
reply to such strict conditions. In this study, they conducted a steerable pyramid
decomposition approach and copulas ensemble-based blind picture forgery detection
system. The smallest size with perfect precision described in the literature is 16 pixels,
and this technology can identify fraud there.
The novel aspects of the suggested approach are as follows: first it can be
applied to both colored and grayscale images; second, the image similarity (or
dissimilarity), which denotes image forgery, is calculated using copula functions; and
third, the idea was inspired by the accuracy of the copula results on the image steerable
pyramid bands they choose the band with the fewest number of elements to represent
the block or blocks in the image, in our case 16 elements. Since testing is done on such
a small number of pixels, the idea of utilizing the fewest elements possible to represent
the blocks can considerably speed up the approach. Lastly, this method can be used to
detect other types of image forgeries with similar outcomes. We tested the proposed
method using 5123 different database image variations on the well-known Copy Move
Forgery Detection database (CoMoFoD) to confirm its effectiveness. Additionally, we
contrasted our findings with five previously published algorithms and discovered that the
suggested approach beat them even after post-processing the faked photos.
https://link.springer.com/article/10.1007/s11042-020-09502-4
The Steerable Pyramid is a linear multi-scale, multi-orientation image decomposition that
provides a useful front-end for image-processing and computer vision applications

You might also like