myKarve: JPEG image and thumbnail carver

Mohamad, Kamaruddin Malik and Mat Deris, Mustafa (2010) myKarve: JPEG image and thumbnail carver. Journal of Digital Forensic Practice , 3 (2-4). pp. 74-97.

Full text not available from this repository.

Abstract

We propose an automatic image and thumbnail carving tool called myKarve, which is useful in digital forensics investigation and presentation of evidential information. It is able to carve contiguous and linearly fragmented images caused by garbage, which is tested against three hypotheses to prove its authenticity. These images fall into three categories: images with one or two thumbnails or none at all; thumbnails with headers that do not follow the standard header patterns; and fragmentations caused by garbage. myKarve is designed on a new framework by extending Scalpel features to deal with thumbnail and fragmentation issues. The Validated Joint Photographic Experts Group (JPEG) Header (VJH) list and Address DataBase (ADB) are used to automatically generate work instructions in a work queue to initiate a fully automated image carving process. A shift-key-matching (SKM) technique is used to detect garbage that causes fragmentation in carved images or thumbnails before it can be cleaned. The tool is tested with Digital Forensics Research Work Shop (DFRWS) 2006 and 2007 data sets and images obtained from the Internet. myKarve is found to be a more efficient automated image and thumbnail carver compared to the original Scalpel with the following advantages: detects more headers using validated headers; carves more images and thumbnails by using the newly introduced image patterns; and is able to discard garbage from linearly fragmented images. The results from myKarve are invaluable in the fieldwork of digital forensic analysis and can produce technical evidence of cybercrime activities.

Item Type:Article
Uncontrolled Keywords:file carving; file fragmentation; digital forensics; digital forensic analysis tool; digital evidence; image processing
Subjects:Q Science > QA Mathematics > QA76 Computer software
Divisions:Faculty of Computer Science and Information Technology > Department of Information Security
ID Code:5683
Deposited By:Dr Kamaruddin Malik Mohamad
Deposited On:28 Oct 2014 10:34
Last Modified:28 Oct 2014 10:34

Repository Staff Only: item control page