期刊名称:Journal of King Saud University @?C Computer and Information Sciences
印刷版ISSN:1319-1578
出版年度:2021
卷号:33
期号:1
页码:21-32
语种:English
出版社:Elsevier
摘要:Digital forensic aims to provide an assistance for making decisions about a crime by looking at a file content which usually involves image files such as GIF, BMP, JPEG and etc. JPEG is a very popular image file format. It has less structured contents than other images which makes its recovery possible in the absence of some file system metadata. However, an essential problem of which is fragmented JPEG file intertwined with non-JPEG files and/or Bifragmented in the scan area. This paper proposes RX_myKarve as a new file carving framework for solving a number of forensic recovery problems including fragmentation. The RX_myKarve basic design includes a structure-based and content-based carving approaches. It adopts machine learning and evolutionary algorithms in its main components of identification validation and reassembling. The identification and validation techniques encompass an Extreme Learning Machine (ELM) for identifying and filtering the image data in the scan area. The reassembling technique encompasses a genetic algorithm to reconstruct the data from fragmented pieces to a complete image. The main contribution of the paper lies on the reassembling of fragmented image file clusters in the scan area. The RX_myKarve is tested and evaluated by using the Digital Forensic Research Workshop (DFRWS) 2006 and 2007 forensic challenge datasets. The results show that the RX_myKarve is able to carve and fully recover all the giving cases of the DFRWS-2006 dataset, which are 19 images, and all the relevant cases of the DFRWS-2007 dataset, which are 18 images. This improvement in file carving is mostly attributed to the novel identification and reassembling techniques.
