Name
Abstract | ||
|---|---|---|
Reassembling fragmented image files plays a crucial role in seizing digital evidence from scattered digital image files. The existing algorithms are mainly graph based, which cast the reassembly problem as a K-vertex disjoint path problem in a directed complete graph, which is an NP-complete problem. Based on the padding bytes in BMP files, we present a method to exclude most impossible paths, which can improve the accuracy and decrease the time complexity of the existing graph-based methods. According to the alignment rule of BMP format, padding bytes must be appended to the end of each row to bring up the length of the row to a multiple of 4 bytes. Hence the fragment, being a vertex of the path which correctly reassembles a file, has a property; its byte values at padding positions must be the padding values. Only the fragments with such property can be candidate fragments for the vertex. On the test dataset which is constructed based on 330 image files, taking eight classical methods as examples, we show that the proposed method produces an accuracy improvement ranging from 32% to 55%, and reduces the run time to a scope from 1/6 to 1/237. (C) 2016 SPIE and IS&T |
Year | DOI | Venue |
|---|---|---|
2016 | 10.1117/1.JEI.25.3.033002 | JOURNAL OF ELECTRONIC IMAGING |
Keywords | Field | DocType |
digital forensics,digital evidence,fragmented file reassembly,BMP image files,padding bytes | BMP file format,Complete graph,Byte,Raster graphics,Computer science,Algorithm,Theoretical computer science,Image file formats,Digital image,Time complexity,Padding | Journal |
Volume | Issue | ISSN |
25 | 3 | 1017-9909 |
Citations | PageRank | References |
0 | 0.34 | 0 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Xianyan Wu | 1 | 0 | 1.69 |
| Qi Han | 2 | 139 | 30.38 |
| Xiamu Niu | 3 | 754 | 91.72 |