liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Oscar - File Type and Camera Identification Using the Structure of Binary Data Fragments
Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
2006 (English)In: First Conference on Advances in Computer Security and Forensics, ACSF 2006 / [ed] John Haggerty, Madjid Merabti, Liverpool, UK: School of Computing and Mathematical Sciences, John Moores University , 2006, 11- p.Conference paper, Published paper (Refereed)
Abstract [en]

Mapping out the contents of fragmented storage media is hard if the file system has been corrupted, especially as the current forensic tools rely on meta information to do their job. If it were possible to find all fragments belonging to a certain file type, it might also be possible to recover a lost file. The Oscar method identifies the file type of data fragments based on their structure. This paper presents an improvement of the Oscar method. The new version is built on using 2-grams to create a model of different file types. The method is evaluated for JPEG, Windows executables, and zip files, reaching a 100% detection rate with 0.12% false positives for JPEG. We also use the method to identify the camera make used to capture a JPEG picture from a fragment of the picture.

Place, publisher, year, edition, pages
Liverpool, UK: School of Computing and Mathematical Sciences, John Moores University , 2006. 11- p.
Keyword [en]
security, forensics
National Category
Computer Science
Identifiers
URN: urn:nbn:se:liu:diva-34516Local ID: 21579ISBN: 1902560159 (print)ISBN: 9781902560151 (print)OAI: oai:DiVA.org:liu-34516DiVA: diva2:255364
Conference
1st Conference on Advances in Computer Security and Forensics (ACSF 2006) 13-14 July 2006, Liverpool, UK
Available from: 2009-10-10 Created: 2009-10-10 Last updated: 2014-06-24Bibliographically approved

Open Access in DiVA

No full text

Authority records BETA

Karresand, MartinShahmehri, Nahid

Search in DiVA

By author/editor
Karresand, MartinShahmehri, Nahid
By organisation
The Institute of TechnologyDatabase and information techniques
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 157 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf