Testing the Forensic Interestingness of Image Files Based on Size and Type

Goldberg, Raymond M.

Testing the Forensic Interestingness of Image Files Based on Size and Type

Active / Technical Report | Accession Number: AD1046839 |

Open PDF

Abstract:

In this thesis, we investigate the relationship between the size and type of a file and its forensic usefulness. We investigate GIF, MP3, MP4, PNG, and JPEG files found in a large collection called the Real Drive Corpus, and the files classification as software-based, entertainment-based, or personal. Results of these experiments were compared to prior work to find interesting files. Results show that the previous experiments were effective at marking interesting files as interesting, but there were still a lot of uninteresting files that were marked as interesting. Also, the results do not show a correlation between the interestingness of a file, its type, and its size.

Author(s):

Goldberg, Raymond M.

Author Organization(s):

Naval Postgraduate School Monterey United States

Descriptive Note:

Technical Report

Pagination:

0045

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release;

RECORD

Collection: TR

Subject Terms

Joint Capability Areas:

JCA_1.2.7_Experimentation; JCA_5_Command and Control; JCA_2_Battlespace Awareness; JCA_1.2.5_Lessons Learned; JCA_2.3_Processing and Exploitation; JCA_6_Net Centric; JCA_5.3_Planning; JCA_3_Force Application; JCA_6.1_Information Transport; JCA_8_Building Partnerships; JCA_1.2_Force Preparation; JCA_1_Force Support; JCA_3.2_Engagement; JCA_5.3.2_Apply Situational Understanding; JCA_6.4.1_Secure Information Exchange; JCA_8.1_Communicate; JCA_3.2.2_Non-Kinetic Means; JCA_5.2.2_Develop Knowledge and Situational Awareness; JCA_5.2_Understand; JCA_6.4_Information Assurance

Communities of Interest:

Materials and Manufacturing Processes

Descriptor(s):

scanning, FILES (RECORDS), computer programs, operating systems, DATA STORAGE SYSTEMS, information retrieval, FORENSIC ANALYSIS

Field(s)/Group(s):

Information Science, Computer Programming and Software

Keyword(s):

Real Drive Corpus, white listing, known files database, graphics interchange format, joint photographic experts group, portable network graphic, interesting file, hard drive

Report Date:

2017 Sep 01

Creation Date:

2018 Feb 15