DOC PREVIEW
UTD CS 4398 - Lecture 12 Computer Forensics Analysis/Validation and Recovering Graphic Files

This preview shows page 1-2-3-4 out of 11 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 11 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Digital ForensicsOutlineWhat data to collect and analyzeValidating forensic dataData HidingRemote AcquisitionsRecovering Graphic FilesData CompressionLocating and Recovering Graphic FilesSteganographyTopics for Lecture #13Digital ForensicsDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #12Computer Forensics Analysis/Validation and Recovering Graphic FilesOctober 1, 2008OutlineTopics fir Lecture #12-What data to collect and analyze-Validating forensics data-Data hiding techniques-Remote acquisitions-Recovering Graphic files-Data compression-Locating and recovering graphic files-Stgenaography and Steganalysis-Reference: Chapter 9 am 10 of TextbookTopics for Lecture Number #13What data to collect and analyzeDepends on the type of investigationEmail investigation will involve network logs, email server backupsIndustrial espionage may include collecting information from cameras, keystrokesScope creep: Investigation extends beyond the original description due to unexpected evidenceValidating forensic dataValidating with hexadecimal editors-Provides support such as hashing files and sectorsDiscriminating functions-Selecting suspicious data from normal dataValidating with forensics programs-Use message digests, hash valuesData HidingData hiding is about changing or manipulating a file to conceal informationHiding partitions: Create partitions and use disk editor to delete reference to it, then recreate links to find the partitionMarking bad clusters: Placing sensitive or incriminating data in free space; use disk editors to mark good clusters as bad clustersBut shifting: Change bit patterns or alter byte valuesUsing Stereography to hide data (Lecture 13)Encrypt files to prevent accessRecover passwords using passwords recovery toolsRemote AcquisitionsTools are available for acquiring data remotely-E.g., Diskexplorer for FAT-Diskexporer for NTFSSteps to follow-Prepare the tool for remote acquisition-Make remote connection-Acquire the dataRecovering Graphic FilesWhat are graphic files-Bitmaps and Raster images-Vector graphics-Metafile graphicsGraphics file formats-Standards and SpecializedDigital camera file formats-Raw and Inage file formatData CompressionLossless compression-Reduce file size without removing dataLossy compression-Reduces file size but some bits are removed-JPEGTechniques are taught in Image processing coursesLocating and Recovering Graphic FilesIdentify the graphic file fragments-If the file is fragmented, need to recover all the fragments carving or salvaging)Repair damage headers-If header data is partially overwritten need to figure out what the missing pieces areProcedures also exist form recovering digital photograph evidenceSteps to follow-Identify file-Recover damage headers-Reconstruct file fragments-Conduct examSteganographySteganography is the art of covered or hidden writing. The purpose of steganography is covert communication to hide a message from a third party. This differs from cryptography, the art of secret writing, which is intended to make a message unreadable by a third party but does not hide the existence of the secret communication.Topics for Lecture #13SteganographyNull CiphersDigital Image and AudioDigital Carrier MethodsDetecting


View Full Document

UTD CS 4398 - Lecture 12 Computer Forensics Analysis/Validation and Recovering Graphic Files

Documents in this Course
Botnets

Botnets

33 pages

Botnets

Botnets

33 pages

Load more
Download Lecture 12 Computer Forensics Analysis/Validation and Recovering Graphic Files
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture 12 Computer Forensics Analysis/Validation and Recovering Graphic Files and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 12 Computer Forensics Analysis/Validation and Recovering Graphic Files 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?