I have attended a presentation in NYC yesterday.
File Carving for Forensics Recovery at the
Normally, carving software fails if there are multiple data fragments. If there are more than two fragments, the problem becomes even more complex, according to Prof. Memon.
His tool allows carving fragmented images, no matter of the number of fragments, both forward and backwards, and uses not just file headers and footers, but for example in jpeg images Huffman table similarities, data sequencing (to resolve which block belongs to the image), camera identification, skin tone, color alignments, smoothness properties, pseudo-headers if missing from nearby images, and even face detection.
Carving can be automated, or manual, where human intervention can "second guess", or remove certain blocks are not appropriate within the stream of data.
The tool described uses a wide range of statistical analysis, both from existing resources or extracted from the evidence itself. Combines various existing capabilities and puts the "smarts" behind carving.
The product is called "
I especially liked the pseudo-header creation.
Wasn't there some talk about this product a few months ago? For some reason the name is ringing a bell with me.
Hmmm.. Indeed.
I feel a bit awkward about the presentation now that I see some of it as a commercial.
Nevertheless, the technical information was worthwhile and detailed enough to give me some good ideas.
Hmmm.. Indeed.
I feel a bit awkward about the presentation now that I see some of it as a commercial.
Nevertheless, the technical information was worthwhile and detailed enough to give me some good ideas.
I wish they were more commercial then academic! I know the developers and keep telling them it is a great product and they need to get the word out.
It really was part of R&D from a grad program and I am not sure they realize their commercial potential.
And honestly it is more open in its function then some of the larger commercial programs that have scripts to do they same type of function. I actually find the Androit presentation and performance a bit better as it is only carving for specific types of files.
Prof. Memon asked me if I thought it was something my firm could use.
At that time, I did not have a concrete answer, but I think we would buy it at the first incident when we needed something like this.
It is sort of like photography, or baking. I would never buy that specialized tool until I specifically need it, and is covered by the person who hired me to do the job. In that case, I would be standing in line for something like that at $500.
It is pittance compared to the hourly cost I would charge the attorney's firm.