.: Click here to download :.
With the rapid development of computer technology, crime involving digital evidence
is becoming more commonplace. Digital forensics involves an investigation of digital
evidence to enable investigators to determine the truth about what happened. However,
to achieve this goal, law enforcement must have tools and technologies that enable them
to examine the evidence accurately. Unfortunately, as computer technology has advanced,
criminals have found a myriad of ways to avoid law enforcement detection. The forensics
community seems to be ill prepared for these anti-forensic techniques. In fact, most
of the discussion about these methods is taking place outside the law enforcement community.
A criminal might attempt to hide an image by changing its extension to “.doc” so it appears
to be a Microsoft Word document. Some forensics software looks at a file’s
contents to determine what information it contains. This allows
investigators to detect the type of the contents even if the file
extension has been changed. However, the software currently detects images based on hard coded file
signatures. The first few bytes of the file are examined to determine what type of
information the file contains. This method of detecting file types
works well in cases where the file has been otherwise unaltered; but
it may fail when the file’s contents do not match the predetermined signatures.
The signature-based method of detecting file types leaves the software
susceptible to “evidence counterfeiting.” Evidence counterfeiting manipulates
existing evidence to hide its purpose or creates new evidence that is deceptive.
If a suspect alters any of the first few bytes of a file, the forensics packages are no
longer able to detect what type of information is in the file.
We have developed a simple and efficient algorithm for file type
identification that combines first order byte frequency analysis and second order
statistics of byte distribution.
Index Terms: Matlab, source, code, file type, recognition, identification, extension, forensic.
 |
Figure 1. File types |
||||||||||||||
|
A simple and effective source code for File Type Recognition System. |
|||||||||||||||
|
|
|||||||||||||||
|
Release |
Date |
Major features |
|||||||||||||
|
1.0 |
2009.05.14 |
|
|||||||||||||
We recommend to check the secure connection to PayPal, in order to avoid any fraud. This donation has to be considered an encouragement to improve the code itself. |
|||||||||||||||
File Type Recognition System. Click here for
your donation. In order to obtain the source code you
have to pay a little sum of money: 200 EUROS (less
than 280 U.S. Dollars). |
|||||||||||||||
Once you have done this, please email us luigi.rosa@tiscali.it As soon as possible (in a few days) you will receive our new release of File Type Recognition System. Alternatively, you can bestow using our banking coordinates:
|
|||||||||||||||
The authors have no relationship or partnership
with The Mathworks. All the code provided is written in Matlab
language (M-files and/or M-functions), with no dll or other
protected parts of code (P-files or executables). The code was
developed with Matlab 2006a. Matlab is required.
The code provided has to be considered "as is" and it is without any kind of warranty. The
authors deny any kind of warranty concerning the code as well
as any kind of responsibility for problems and damages which may
be caused by the use of the code itself including all parts of
the source code.
