0% found this document useful (0 votes)

57 views54 pages

Chapter 08

Uploaded by

Bebetski Huerto

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

57 views54 pages

Chapter 08

Uploaded by

Bebetski Huerto

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 54

Guide to Computer Forensics

and Investigations
Sixth Edition

Chapter 8
Recovering Graphics Files

1
Objectives

• Describe types of graphics file formats

• Explain types of data compression
• Explain how to locate and recover graphics files
• Describe how to identify unknown file formats
• Explain copyright issues with graphics

• Graphic files contain digital photographs, line art, three-dimensional images,

text data converted to images, and scanned replicas of printed pictures
• Bitmap images: collection of dots
• Vector graphics: based on mathematical instructions
• Metafile graphics: combination of bitmap and vector
• Types of programs
• Graphics editors
• Image viewers

• Bitmap images
• Grids of individual pixels
• Raster images - also collections of pixels
• Pixels are stored in rows
• Better for printing
• Image quality
• Screen resolution - determines amount of detail
• Software contributes to image quality (drivers)
• Number of color bits used per pixel

• Characteristics of vector graphics

• Uses lines instead of dots
• Store only the calculations for drawing lines and shapes
• Smaller than bitmap files
• Preserve quality when image is enlarged
• CorelDRAW, Adobe Illustrator

• Metafile graphics combine raster and vector graphics

• Example
• Scanned photo (bitmap) with text or arrows (vector)
• Share advantages and disadvantages of both types
• When enlarged, bitmap part loses quality

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-
6
6
protected website for classroom use.
Understanding Graphics File Formats (1 of
2)
• Standard graphics file formats
• Standard bitmap file formats
- Portable Network Graphic (.png)
- Graphic Interchange Format (.gif)
- Joint Photographic Experts Group (.jpeg, .jpg)
- Tagged Image File Format (.tiff, .tif)
- Window Bitmap (.bmp)
• Standard vector file formats
- Hewlett Packard Graphics Language (.hpgl)
- Autocad (.dxf)

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-
7
7
protected website for classroom use.
Understanding Graphics File Formats (2 of
2)
• Nonstandard graphics file formats
• Targa (.tga)
• Raster Transfer Language (.rtl)
• Adobe Photoshop (.psd) and Illustrator (.ai)
• Freehand (.fh11)
• Scalable Vector Graphics (.svg)
• Paintbrush (.pcx)
• Search the Web for software to manipulate unknown image formats

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-
8
8
protected website for classroom use.
Understanding Digital Photograph File
Formats (1 of 8)
• Witnesses or suspects can create their own digital photos
• Examining the raw file format
• Raw file format
- Referred to as a digital negative
- Typically found on many higher-end digital cameras
• Sensors in the digital camera simply record pixels on the camera’s memory card
• Raw format maintains the best picture quality

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-
9
9
protected website for classroom use.
Understanding Digital Photograph File
Formats (2 of 8)
• Examining the raw file format (cont’d)
• The biggest disadvantage is that it’s proprietary
- And not all image viewers can display these formats
• The process of converting raw picture data to another format is referred to as
demosaicing
• Examining the Exchangeable Image File format
• Exchangeable Image File (Exif) format
- Commonly used to store digital pictures
- Developed by JEITA as a standard for storing metadata in JPEG and TIF files

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-
10
10
protected website for classroom use.
Understanding Digital Photograph File
Formats (3 of 8)
• Examining the Exchangeable Image File format (cont’d)
• Exif format collects metadata
- Investigators can learn more about the type of digital device and the environment in
which photos were taken
• Viewing an Exif JPEG file’s metadata requires special programs
- Exif Reader, IrfanView, or Magnet Forensics AXIOM
• Exif file stores metadata at the beginning of the file

• Most graphics file formats compress their data

• GIF and JPEG
• Others, like BMP, do not compress their data
• Use data compression tools for those formats
• Data compression
• Coding data from a larger to a smaller form
• Types
- Lossless compression and lossy compression

• Lossless compression
• Reduces file size without removing data
• Based on Huffman or Lempel-Ziv-Welch coding
- For redundant bits of data
• Utilities: WinZip, PKZip, StuffIt, and FreeZip
• Lossy compression
• Permanently discards bits of information
• Vector quantization (VQ)
- Determines what data to discard based on vectors in the graphics file
• Utility: Lzip

• Operating system tools

• Time-consuming
• Results are difficult to verify
• Digital forensics tools
• Image headers
- Compare them with good header samples
- Use header information to create a baseline analysis
• Reconstruct fragmented image files
- Identify data patterns and modified headers

• Carving or salvaging
• Recovering any type of file fragments
• Digital forensics tools
• Can carve from file slack and free space
• Help identify image files fragments and put them together

• When examining recovered fragments from files in slack or free space

• You might find data that appears to be a header
• If header data is partially overwritten, you must reconstruct the header to make
it readable
• By comparing the hexadecimal values of known graphics file formats with the pattern
of the file header, you found

• Each graphics file has a unique header value

• Example:
• A JPEG file has the hexadecimal header value FFD8, followed by the label JFIF for a
standard JPEG or Exif file at offset 6
• Exercise:
• Investigate a possible intellectual property theft by a new employee of Superior
Bicycles, Inc.

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-
24
24
protected website for classroom use.
Searching for and Carving Data from
Unallocated Space (1 of 6)
• Steps
• Planning your examination
• Searching for and recovering digital photograph evidence
- Use Autopsy for Windows to search for and extract (recover) possible evidence of
JPEG files
- False hits are referred to as false positives

• Before attempting to edit a recovered graphics file

• Try to open the file with an image viewer first
• If the image isn’t displayed, you have to inspect and correct the header values
manually
• Steps
• Recover more pieces of file if needed
• Examine file header
- Compare with a good header sample
- Manually insert correct hexadecimal values
• Test corrected file

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-
36
36
protected website for classroom use.
Reconstructing File Fragments
• Locate the noncontiguous clusters that make up a deleted file
• Steps
• Locate and export all clusters of the fragmented file
• Determine the starting and ending cluster numbers for each fragmented group of
sectors
• Copy each fragmented group of sectors in their correct sequence to a recovery file
• Rebuild the file’s header to make it readable in a graphics viewer
• Add a .txt extension on all the copied sectors

• Knowing the purpose of each format and how it stores data is part of the
investigation process
• The Internet is the best source
• Search engines
• Find explanations and viewers
• Popular Web sites
• FileFormat.info
• Extension Informer
• The Graphics File Formats Page

• Necessary when you find files your tools do not recognize

• Use a hexadecimal editor such as WinHex
• Record hexadecimal values in the header and use them to define a file type
• Example:
• XIF file format is old, little information is available
• The first 3 bytes of an XIF file are the same as a TIF file
• Build your own header search string

• After recovering a graphics file

• Use an image viewer to open and view it
• No one viewer program can read every file format
• Having many different viewer programs is best
• Most GUI forensics tools include image viewers that display common image
formats
• Be sure to analyze, identify, and inspect every unknown file on a drive

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-
42
42
protected website for classroom use.
Understanding Steganography in Graphics
Files (1 of 7)
• Steganography hides information inside image files
• An ancient technique
• Two major forms: insertion and substitution
• Insertion
• Hidden data is not displayed when viewing host file in its associated program
- You need to analyze the data structure carefully
• Example: Web page

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-
45
45
protected website for classroom use.
Understanding Steganography in Graphics
Files (4 of 7)
• Substitution
• Replaces bits of the host file with other bits of data
• Usually change the last two LSBs (least significant bit)
• Detected with steganalysis tools (a.k.a - steg tools)
• You should inspect all files for evidence of steganography
• Clues to look for:
• Duplicate files with different hash values
• Steganography programs installed on suspect’s drive

Table 8-1 Bit breakdown of a secret message

Original Pixel Altered Pixel

1010 1010 1010 1001
1001 1101 1001 1110
1111 0000 1111 0011
0011 1111 0011 1100

• Use steg tools to detect, decode, and record hidden data

• Detect variations of the graphic image
• When done correctly you cannot detect hidden data in most cases
• Check to see whether the file size, image quality, or file extensions have
changed

© 2019 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-
50
50
protected website for classroom use.
Understanding Copyright Issues with
Graphics
• Steganography has been used to protect copyrighted material
• By inserting digital watermarks into a file
• Digital investigators need to aware of copyright laws
• Copyright laws for Internet are not clear
• There is no international copyright law
• Check the U.S. Copyright Office
• U.S. Copyright Office identifies what can and can’t be covered under copyright law in
U.S.
• Fair use
• Another guideline to consider

• Three types of graphics files

• Bitmap
• Vector
• Metafile
• Image quality depends on various factors
• Standard file formats: .gif, .jpeg, .bmp, and .tif
• Nonstandard file formats: .tga, .rtl, .psd, and .svg
• Some image formats compress their data
• Lossless compression
• Lossy compression

• Digital camera photos are typically in raw and EXIF JPEG formats
• Recovering image files
• Carving file fragments
• Rebuilding image headers
• The Internet is best for learning more about file formats and their extensions
• Software
• Image editors
• Image viewers

• Steganography
• Hides information inside image files
• Forms
- Insertion
- Substitution

• Steganalysis
• Finds whether image files hide information
• Fair use allows using copyrighted material for noncommercial or educational
purposes without having to compensate the material’s originator or owner

RTS - 01 PCM Paper (11.05.2025) 10th (A01)
No ratings yet
RTS - 01 PCM Paper (11.05.2025) 10th (A01)
13 pages
CH 08
No ratings yet
CH 08
58 pages
Chapter 9 - Recovering Graphics Files
No ratings yet
Chapter 9 - Recovering Graphics Files
31 pages
Class 10 Science Chapter 1 Previous Year Questions - Chemical Reactions and Equations
No ratings yet
Class 10 Science Chapter 1 Previous Year Questions - Chemical Reactions and Equations
3 pages
11 Sources of Photos and Graphics
No ratings yet
11 Sources of Photos and Graphics
39 pages
Math Chapter 1 Algebra Classified
No ratings yet
Math Chapter 1 Algebra Classified
43 pages
Lecture 2
No ratings yet
Lecture 2
39 pages
Chapter 7
No ratings yet
Chapter 7
7 pages
Unit 4 Updated DIP
No ratings yet
Unit 4 Updated DIP
73 pages
Employee - Attrition - Rate - Jupyter Notebook
No ratings yet
Employee - Attrition - Rate - Jupyter Notebook
62 pages
Continuos Steel Reheating Furnaces: Specification, Design and Equipment
83% (12)
Continuos Steel Reheating Furnaces: Specification, Design and Equipment
68 pages
Bankier Et Al 2024 Fleischner Society Glossary of Terms For Thoracic Imaging
No ratings yet
Bankier Et Al 2024 Fleischner Society Glossary of Terms For Thoracic Imaging
55 pages
11 Sources of Photos and Graphics
No ratings yet
11 Sources of Photos and Graphics
69 pages
Graphics Creation
No ratings yet
Graphics Creation
46 pages
CH 08
No ratings yet
CH 08
42 pages
CH 08
No ratings yet
CH 08
35 pages
Statistika Elementer
No ratings yet
Statistika Elementer
65 pages
Shivansh Rai Project
No ratings yet
Shivansh Rai Project
55 pages
IMAGES IN MULTIMEDIA-1 Sumit Sir
No ratings yet
IMAGES IN MULTIMEDIA-1 Sumit Sir
31 pages
Works With Images and Graphics
No ratings yet
Works With Images and Graphics
29 pages
DLL - SCIENCE 5-3rd Quarter Week 1-9
100% (6)
DLL - SCIENCE 5-3rd Quarter Week 1-9
42 pages
Lecture 10 Recovering Graphic Files
No ratings yet
Lecture 10 Recovering Graphic Files
21 pages
Materials and Design
No ratings yet
Materials and Design
12 pages
Topic04 - Recovering Graphics File
No ratings yet
Topic04 - Recovering Graphics File
44 pages
EE4235 - 2k18 - L04 - Image Processing-File Format
No ratings yet
EE4235 - 2k18 - L04 - Image Processing-File Format
44 pages
Image File Formats
No ratings yet
Image File Formats
10 pages
Pixedit List Over All Supported File Formats 13042018
No ratings yet
Pixedit List Over All Supported File Formats 13042018
14 pages
Introduction To Image
No ratings yet
Introduction To Image
14 pages
Image File Formats 0
No ratings yet
Image File Formats 0
10 pages
Com 215 Handout
No ratings yet
Com 215 Handout
38 pages
Multimedia Unit-3
No ratings yet
Multimedia Unit-3
9 pages
Online Formats For Images and Texts
No ratings yet
Online Formats For Images and Texts
18 pages
File Formats by Khalil
No ratings yet
File Formats by Khalil
15 pages
PSD
No ratings yet
PSD
6 pages
SAT Subject Math Level 1 Practice Test 3
No ratings yet
SAT Subject Math Level 1 Practice Test 3
17 pages
Types of Digital Images
No ratings yet
Types of Digital Images
27 pages
Service Manual: Separation Unit 841
100% (1)
Service Manual: Separation Unit 841
160 pages
Lec8 Image Forensics
No ratings yet
Lec8 Image Forensics
24 pages
The 5 Types of Digital Image Files
No ratings yet
The 5 Types of Digital Image Files
1 page
Image and Graphics
No ratings yet
Image and Graphics
9 pages
Counting Eggs and Larvae
No ratings yet
Counting Eggs and Larvae
5 pages
Chapter 3 - Image and Graphics
No ratings yet
Chapter 3 - Image and Graphics
24 pages
Injection Moulding
No ratings yet
Injection Moulding
155 pages
An Innovative Approach For Detect and Recognize Skin Diseases Using SVM Classifier and Data Mining Technic
No ratings yet
An Innovative Approach For Detect and Recognize Skin Diseases Using SVM Classifier and Data Mining Technic
30 pages
Chapter 3
No ratings yet
Chapter 3
12 pages
Task Performance Os Pre Final
No ratings yet
Task Performance Os Pre Final
3 pages
Van Co Khi VT Series Chanto
No ratings yet
Van Co Khi VT Series Chanto
5 pages
Experimental Study On Bond Slip Relationship of Steel Sleeve
No ratings yet
Experimental Study On Bond Slip Relationship of Steel Sleeve
5 pages
CH 8
No ratings yet
CH 8
17 pages
All About File Formats: Mr. Butler John Jay High School Department of Technology
No ratings yet
All About File Formats: Mr. Butler John Jay High School Department of Technology
29 pages
Brief Introduction and Overview of Visual Media Compression and Processing PDF
No ratings yet
Brief Introduction and Overview of Visual Media Compression and Processing PDF
11 pages
3 Questions On Surds and Indices
No ratings yet
3 Questions On Surds and Indices
7 pages
Infographics: Data Copy Both
No ratings yet
Infographics: Data Copy Both
6 pages
Graphics and Images: September 28, Unit 3
No ratings yet
Graphics and Images: September 28, Unit 3
42 pages
Imaging and Design For Online
No ratings yet
Imaging and Design For Online
55 pages
Service Manual: S4S Diesel Engine
100% (2)
Service Manual: S4S Diesel Engine
15 pages
Single Valued Neutrosophic Sets
No ratings yet
Single Valued Neutrosophic Sets
4 pages
Guide To Computer Forensics and Investigations Fifth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fifth Edition
58 pages
Z Fi BDC Asset Master
No ratings yet
Z Fi BDC Asset Master
23 pages
Digital Graphics File Formats: Katie Hair
No ratings yet
Digital Graphics File Formats: Katie Hair
21 pages
Diode Zener SMD 5v1
No ratings yet
Diode Zener SMD 5v1
4 pages
Empowerment Technologies: Quarter 1 - Module 9 & 10: Sources of Photos and Graphics
No ratings yet
Empowerment Technologies: Quarter 1 - Module 9 & 10: Sources of Photos and Graphics
19 pages
I.T 18 Graphics1 Extension
No ratings yet
I.T 18 Graphics1 Extension
17 pages
Types of Images &dimension of Images
No ratings yet
Types of Images &dimension of Images
26 pages
2.01 Understand Digital Raster Graphics
No ratings yet
2.01 Understand Digital Raster Graphics
11 pages
File Types Pro Forma
No ratings yet
File Types Pro Forma
21 pages
File Format 1
No ratings yet
File Format 1
7 pages
File Name
No ratings yet
File Name
8 pages
Introduction To Images: Image File Formats
No ratings yet
Introduction To Images: Image File Formats
28 pages
Intro Comp Graphics PDF
No ratings yet
Intro Comp Graphics PDF
28 pages
Chapter 1: PIC16F887 Microcontroller - Device Overview
No ratings yet
Chapter 1: PIC16F887 Microcontroller - Device Overview
17 pages
File Formats
No ratings yet
File Formats
3 pages
Chapter 3 - Images File Formats
No ratings yet
Chapter 3 - Images File Formats
21 pages
Report
No ratings yet
Report
14 pages
A Basic Summary of Image Formats
No ratings yet
A Basic Summary of Image Formats
5 pages
Sources of Photos and Graphics
No ratings yet
Sources of Photos and Graphics
10 pages
Ch.6 Projectile Motion
No ratings yet
Ch.6 Projectile Motion
1 page
Teleprotection Terminal Interface
No ratings yet
Teleprotection Terminal Interface
6 pages
Debate Writing
No ratings yet
Debate Writing
4 pages
Well Foundation
No ratings yet
Well Foundation
15 pages
Tiff, CGM, PDF, PSD, Gif, JPG, BMP, PNG
No ratings yet
Tiff, CGM, PDF, PSD, Gif, JPG, BMP, PNG
4 pages
Unit 2 Data Representations
No ratings yet
Unit 2 Data Representations
4 pages
Visual Basic Program: Command 1 - Private Sub Command1 - Click Text3.text Val (Text1.text) + Val (Text2.text) End Sub
100% (1)
Visual Basic Program: Command 1 - Private Sub Command1 - Click Text3.text Val (Text1.text) + Val (Text2.text) End Sub
23 pages
Diesel Truck Engine 305 HP: 1150 LB-FT at 1200 RPM Peak Torque
No ratings yet
Diesel Truck Engine 305 HP: 1150 LB-FT at 1200 RPM Peak Torque
2 pages
Digital Imaging: Anand Prakash 09104EN023
No ratings yet
Digital Imaging: Anand Prakash 09104EN023
4 pages
Files, File Format Folders Paths, URL Absolute Addresses Relative Addresses
No ratings yet
Files, File Format Folders Paths, URL Absolute Addresses Relative Addresses
35 pages
Major Graphic File Formats
100% (1)
Major Graphic File Formats
3 pages
A/d and D/a Convertor Digital Technics
100% (1)
A/d and D/a Convertor Digital Technics
6 pages
File Formats
No ratings yet
File Formats
2 pages
Magento PHP Developer's Guide - Second Edition
From Everand
Magento PHP Developer's Guide - Second Edition
Allan MacGregor
No ratings yet

Chapter 08

Uploaded by

Chapter 08

Uploaded by

Guide to Computer Forensics

• Describe types of graphics file formats

• Graphic files contain digital photographs, line art, three-dimensional images,

• Characteristics of vector graphics

• Metafile graphics combine raster and vector graphics

• Most graphics file formats compress their data

• Operating system tools

• When examining recovered fragments from files in slack or free space

• Each graphics file has a unique header value

• Before attempting to edit a recovered graphics file

• Necessary when you find files your tools do not recognize

• After recovering a graphics file

Table 8-1 Bit breakdown of a secret message

Original Pixel Altered Pixel

• Use steg tools to detect, decode, and record hidden data

• Three types of graphics files

You might also like