Martin, you've been demonstrating Visual JPEG at DFRWS. Could you tell us about the concept behind it, and how you came up with the idea?
It’s a tool to make life easier for people examining files.
The background of this was that for a Master’s research project, I was looking at ways of working with JPEGs with Digiprove, a company that uses digital certificates for files, and they wanted to get a way of building the digital certificate actually inside the file instead of travelling as a separate item. And I did come up with a way of doing that, but I found it frustrating that I had to work a lot with JPEGs, and I was having to use things like hex editors. It’s so much hard work. And I just said no, there has to be an easier way of doing this.So I developed a couple of little visual tools, just for myself, no intention of doing anything else with them. And when my supervisor who lectures in forensics saw them, he said “Martin, these look good, and a lot of people could be interested in using them.” So really what I’ve come to DFRWS for is to talk to people, to show them the tools. I’ve had a good response from people, they can see potential in it. I think I’ve come up with a couple of new angles as well on how information can be hidden inside JPEGs, which I’m going to dig a bit deeper into.
So next step, I’ve got a website, and it was really just put together very quickly for the conference, so that there was a place for people to go afterwards to get my contact details. And I’m looking for some beta testers, because I’m not a forensics guy. I know what was useful for me and I think I know what’ll be useful for other forensics people, but I need them to tell me what really would be useful. So I’ll be very much looking for feedback from people.
How does your digital certificate work?
The company in Dublin, DigiProve, what they do is, let’s say you’ve a document and you want it certified in some way with today’s date on it. Now that may be perhaps for copyright purposes, but you can show that you had possessed that today, in case somebody copies it out later on. But they actually take a hash count of a file and they issue a digital certificate with a hash file inside the digital certificate, so that you can show that a hash was taken on the 24th of March and the file hasn’t changed. But the problem was that I could get a file certified, but then if I send the file to somebody else I’ve got to remember to send the digital certificate as well. So what they wanted to do was to actually put the digital certificate inside the file itself, and I came up with a way of doing that.
Basically what you do is, you take a hash count of the file, you create the digital certificate and you put that inside the file. And then you have a reader which extracts the digital certificate from it and hashes the rest of the file again, so it’s recounting the file without counting the digital certificate into it, so it should be the same hash value. And we’ve tested that and it works.
There’s actually an application almost ready to go live, it’s going to be launching over the summer on iPhone, where basically you can take a photograph with your iPhone and you can certify it there and then.
It could be useful for other things too, for example I remember a couple of years ago my daughter-in-law had a car crash; she wasn’t hurt but her car was very badly damaged. And my son-in-law, who happens to be a guard, just happened to come onto the scene, and he immediately took photos of the cars so that she would be able to show where her car was and where the other car was. But then the problem with digital evidence in courts is proving that it wasn’t manipulated or anything else. But if he’d been able that day to date-stamp those with a digital certificate, they could prove that they were taken that day, that they weren’t taken a day later or anything like that.
That sounds really helpful, especially for law enforcement officers. Do you envisage any other uses of Visual JPEG?
The other thing that we’re looking at is regulators, because I can see the value of stuff like this in legal enquiries too. You remember the Indian lady who died in Galway hospital, she couldn’t get an abortion and she died. And in the enquiry into her death, they discovered that some of the entries in her record were made after she had died. Now there wasn’t anything nefarious, it was just typical nurses on a hospital ward: scribble down the notes and then fill them up afterwards. Or you’ve had cases with the police, where the police have been accused of altering a statement afterwards. But now as more and more stuff gets recorded electronically, if things do get a date stamp, a timestamp and a digital certificate put in with them, then everybody knows they weren’t altered afterwards, or everybody can see it if they were altered. So we’re starting to look at a lot of markets like that and see if we can encourage people to use it.
Are there any other topics you're interested in researching?
I’m also looking a little bit into how robust files are as they travel round the internet. For example, there was a whole to-do about a year ago: Facebook strip out all the metadata on the images you upload. And they said originally they would keep the title and they would keep the copyright, but they don’t. They strip out everything. And there’s this whole question about whether they are intending copyright.
I’ve seen some research done, for example, on Google Plus which doesn’t strip out the metadata. Facebook does. If you send stuff through Dropbox it’s OK, it doesn’t lose anything. So I’m also doing some research into that, saying that if you have a file and you send it around, use different mechanisms, does the thing stay intact, or does it get altered along the way?
Martin Harran is a Master’s student at Letterkenny Institute of Technology. His current project, VisualJPEG, is at beta stage and he is looking for testers. To find out more, sign up as a beta tester or contact Martin, please visit his official website.
Forensic Focus interviewed Martin at DFRWS, the annual Digital Forensics Research Workshop, which took place in Dublin from the 23rd-26th of March. The next workshops will be held in Philadelphia in August 2015, and Switzerland in March 2016. You can find out more and register here.