{"title":"Identification and recovery of video fragments for forensics file carving","authors":"K. Alghafli, T. Martin","doi":"10.1109/ICITST.2016.7856710","DOIUrl":null,"url":null,"abstract":"In digital forensics, file carving of video files is an important process in the recovery of video evidence needed for many criminal cases. Traditional carving techniques recover video files based on their file structure. However, these techniques fail in cases where the file is split into several fragments, especially if some of the fragments were overwritten. In this paper, we present a method for identification and recovery process of video fragments if the video Codec specifications were overwritten. It consists of two parts which are detector and validators. The detector looks for sequences of bytes that could be video fragments in forensics image. The validator decides to accept or reject that a given fragment is a part of a video file. Based on the proposed method we implement a prototype which is called VidCarve. We have conducted several experiments to evaluate the proposed method with current video carving tools. Experimental results show that the discussed method can identify video fragments with high rates of precision and recall. The overall performance rate can produce forensically sound evidence and play a vital role in the process of recovery of digital evidence in many criminal cases.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITST.2016.7856710","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
In digital forensics, file carving of video files is an important process in the recovery of video evidence needed for many criminal cases. Traditional carving techniques recover video files based on their file structure. However, these techniques fail in cases where the file is split into several fragments, especially if some of the fragments were overwritten. In this paper, we present a method for identification and recovery process of video fragments if the video Codec specifications were overwritten. It consists of two parts which are detector and validators. The detector looks for sequences of bytes that could be video fragments in forensics image. The validator decides to accept or reject that a given fragment is a part of a video file. Based on the proposed method we implement a prototype which is called VidCarve. We have conducted several experiments to evaluate the proposed method with current video carving tools. Experimental results show that the discussed method can identify video fragments with high rates of precision and recall. The overall performance rate can produce forensically sound evidence and play a vital role in the process of recovery of digital evidence in many criminal cases.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
