Raad Ali, Rabei (2019) Reassembly and clustering bifragmented intertwined jpeg images using genetic algorithm and extreme learning machine. Doctoral thesis, Universiti Tun Hussein Onn Malaysia.
|
Text
24p RABEI RAAD ALI.pdf Download (1MB) | Preview |
|
Text (Copyright Declaration)
RABEI RAAD ALI COPYRIGHT DECLARATION.pdf Restricted to Repository staff only Download (8MB) | Request a copy |
||
Text (Full Text)
RABEI RAAD ALI WATERMARK.pdf Restricted to Registered users only Download (9MB) | Request a copy |
Abstract
File carving tools are essential element of digital forensic investigation for recovering evidence data from computer disk drives. Today, JPEG image files are popular file formats that have less structured contents which make its carving possible in the absence of any file system metadata. However, completely recovering intertwined Bifragmented JPEG images into their original form without missing any parts or data of the image is a challenging due to the intertwined case might occur with non-JPEG images such as PDF, Text, Microsoft Office or random data. In this research, a new carving framework is presented in order to address the fragmentation issues that often occur in JPEG images which is called RX_myKarve. The RX_myKarve is an extended framework from X_myKarve, which consists of the following key components: (i) an Extreme Learning Machine (ELM) neural network for clusters classification using three existing content-based features extraction (Entropy, Byte Frequency Distribution (BFD) and Rate of Change (RoC)) to improve the identification of JPEG images content and support the reassembling process; (ii) a genetic algorithm with Coherence Euclidean Distance (CED) matric and cost function to reconstruct a JPEG image from a set of deformed and fragmented clusters in the scan area. The RX_myKarve is a framework that contains both structure-based carving and content-based carving approaches. The RX_myKarve is implemented as an Automatic JPEG Carver (AJC) tool in order to test and compare its performance with the state-of-the art carvers such as RevIt, myKarve and X_myKarve. It is applied to three datasets namely DFRWS (2006 and 2007) forensic challenges datasets and a new dataset to test and evaluate the AJC tool. These datasets have complex challenges that simulate particular fragmentation cases addressed in this research. The final results show that the AJC with the aid of the RX_myKarve framework outperform the X_myKarve, myKarve and RevIt. The RX_myKarve is able to completely carve 23.8% images more than X_myKarve, 45.4% images more than myKarve and 67% images more than RevIt in which AJC tool using RX_myKarve completely solves the research problem.
Item Type: | Thesis (Doctoral) |
---|---|
Subjects: | Q Science > QA Mathematics |
Divisions: | Faculty of Computer Science and Information Technology > Department of Information Security |
Depositing User: | Mrs. Sabarina Che Mat |
Date Deposited: | 22 Jun 2021 08:06 |
Last Modified: | 22 Jun 2021 08:06 |
URI: | http://eprints.uthm.edu.my/id/eprint/116 |
Actions (login required)
View Item |