Research Area:  Digital Forensics

Abstract:

In modern world, the use of digital devices for leisure or professional reasons is growing quickly; nevertheless, criminals try to fool authorities and hide evidence in a computer by changing the file type. File type detection is a very demanding task for a digital forensic examiner. In this paper, a new methodology is proposed – in a digital forensics perspective- to identify altered file types with high accuracy by employing computational intelligence techniques. The proposed methodology is applied to the three most common image file types (jpg, png and gif) as well as to uncompressed tiff images. A three-stage process involving feature extraction (Byte Frequency Distribution), feature selection (genetic algorithm) and classification (neural network) is proposed. Experimental results were conducted having files altered in a digital forensics perspective and the results are presented. The proposed model shows very high and exceptional accuracy in file type identification.

Keywords:  

Author(s) Name:  Konstantinos Karampidis, Giorgos Papadourakis

Publisher name:  The Association of Digital Forensics, Security and Law

DOI:  10.15394/jdfsl.2017.1472

Volume Information:  Vol. 12 , Article 6

Paper Link:   https://commons.erau.edu/jdfsl/vol12/iss2/6/