Digital Multimedia Forensics and Anti-Forensics

As the use of digital multimedia content such as images and video has increased, so has the means and the incentive to create digital forgeries. Presently, powerful editing software allows forgers to create perceptually convincing digital forgeries. Accordingly, there is a great need for techniques capable of authenticating digital multimedia content. In response to this, researchers have begun developing digital forensic techniques capable of identifying digital forgeries. These forensic techniques operate by detecting imperceptible traces left by editing operations in digital multimedia content. In this dissertation, we propose several new digital forensic techniques to detect evidence of editing in digital multimedia content. We begin by identifying the fingerprints left by pixel value mappings and show how these can be used to detect the use of contrast enhancement in images. We use these fingerprints to perform a number of additional forensic tasks such as identifying cut-and-paste forgeries, detecting the addition of noise to previously JPEG compressed images, and estimating the contrast enhancement mapping used to alter an image. Additionally, we consider the problem of multimedia security from the forger's point of view. We demonstrate that an intelligent forger can design anti-forensic operations to hide editing fingerprints and fool forensic techniques. We propose an anti-forensic technique to remove compression fingerprints from digital images and show that this technique can be used to fool several state-of-the-art forensic algorithms. We examine the problem of detecting frame deletion in digital video and develop both a technique to detect frame deletion and an anti-forensic technique to hide frame deletion fingerprints. We show that this anti-forensic operation leaves behind fingerprints of its own and propose a technique to detect the use of frame deletion anti-forensics. The ability of a forensic investigator to detect both editing and the use of anti-forensics results in a dynamic interplay between the forger and forensic investigator. We use develop a game theoretic framework to analyze this interplay and identify the set of actions that each party will rationally choose. Additionally, we show that anti-forensics can be used protect against reverse engineering. To demonstrate this, we propose an anti-forensic module that can be integrated into digital cameras to protect color interpolation methods

RFID tags for the expedition of body part processing in large scale disaster victim identification incidents: A cost and feasibility pilot study

In 2001, over 2,000 lives were lost at the World Trade Center. Approximately 280,000 deceased victims were a result of the Asian tsunami of 2004, and 168 fatalities after the Oklahoma bombing in 1995. Whether the disaster incident is large or small, the legal responsibility falls on forensic investigators to positively identify every victim, for the purpose of returning the remains to their respective families. In forensic science and more specifically, disaster victim identification (DVI), an unforeseen incident can result in the demise of a mass of lives. Identifying the fallen victims is of vital importance. Highly skilled specialists and investigators are involved in the DVI processes in order to expedite the processing of body parts. However, a research gap remains in regard to the timeliness of human remain examinations at large scale DVI incidents. The expedition of DVI investigations is crucial as it impacts the number of positive identifications that are made, whilst issues such as decomposition may challenge forensic investigators. Radio Frequency Identification (RFID) technology is an advanced system that transmits a radio signal, in order to track and identify objects. This review aims to demonstrate how RFID technology has the ability to significantly decrease forensic examination and identification time of victims, through sub-dermal implantation of microchips into human remains. Although the cost of implementing RFID is a limitation, the technology has proven to be successful in several organisations on an international scale and has been effective through sub-dermal implantation in humans as well as animals. Through utilising RFID, forensic investigators and legal authorities will be equipped to conduct an expeditious DVI process and hence, determine a greater amount of positive deceased victim identifications

RFID tags for the expedition of body part processing in large scale disaster victim identification incidents: A cost and feasibility pilot study

In 2001, over 2,000 lives were lost at the World Trade Center. Approximately 280,000 deceased victims were a result of the Asian tsunami of 2004, and 168 fatalities after the Oklahoma bombing in 1995. Whether the disaster incident is large or small, the legal responsibility falls on forensic investigators to positively identify every victim, for the purpose of returning the remains to their respective families. In forensic science and more specifically, disaster victim identification (DVI), an unforeseen incident can result in the demise of a mass of lives. Identifying the fallen victims is of vital importance. Highly skilled specialists and investigators are involved in the DVI processes in order to expedite the processing of body parts. However, a research gap remains in regard to the timeliness of human remain examinations at large scale DVI incidents. The expedition of DVI investigations is crucial as it impacts the number of positive identifications that are made, whilst issues such as decomposition may challenge forensic investigators. Radio Frequency Identification (RFID) technology is an advanced system that transmits a radio signal, in order to track and identify objects. This review aims to demonstrate how RFID technology has the ability to significantly decrease forensic examination and identification time of victims, through sub-dermal implantation of microchips into human remains. Although the cost of implementing RFID is a limitation, the technology has proven to be successful in several organisations on an international scale and has been effective through sub-dermal implantation in humans as well as animals. Through utilising RFID, forensic investigators and legal authorities will be equipped to conduct an expeditious DVI process and hence, determine a greater amount of positive deceased victim identifications

Container and VM Visualization for Rapid Forensic Analysis

Cloud-hosted software such as virtual machines and containers are notoriously difficult to access, observe, and inspect during ongoing security events. This research describes a new, out-of-band forensic tool for rapidly analyzing cloud based software. The proposed tool renders two-dimensional visualizations of container contents and virtual machine disk images. The visualizations can be used to identify container / VM contents, pinpoint instances of embedded malware, and find modified code. The proposed new forensic tool is compared against other forensic tools in a double-blind experiment. The results confirm the utility of the proposed tool. Implications and future research directions are also described

DF 2.0: An Automated, Privacy Preserving, and Efficient Digital Forensic Framework That Leverages Machine Learning for Evidence Prediction and Privacy Evaluation

The current state of digital forensic investigation is continuously challenged by the rapid technological changes, the increase in the use of digital devices (both the heterogeneity and the count), and the sheer volume of data that these devices could contain. Although data privacy protection is not a performance measure, however, preventing privacy violations during the digital forensic investigation, is also a big challenge. With a perception that the completeness of investigation and the data privacy preservation are incompatible with each other, the researchers have provided solutions to address the above-stated challenges that either focus on the effectiveness of the investigation process or the data privacy preservation. However, a comprehensive approach that preserves data privacy without affecting the capabilities of the investigator or the overall efficiency of the investigation process is still an open problem. In the current work, the authors have proposed a digital forensic framework that uses case information, case profile data and expert knowledge for automation of the digital forensic analysis process; utilizes machine learning for finding most relevant pieces of evidence; and maintains data privacy of non-evidential private files. All these operations are coordinated in a way that the overall efficiency of the digital forensic investigation process increases while the integrity and admissibility of the evidence remain intact. The framework improves validation which boosts transparency in the investigation process. The framework also achieves a higher level of accountability by securely logging the investigation steps. As the proposed solution introduces notable enhancements to the current investigative practices more like the next version of Digital Forensics, the authors have named the framework `Digital Forensics 2.0\u27, or `DF 2.0\u27 in short

Fundamental Limits in Multimedia Forensics and Anti-forensics

As the use of multimedia editing tools increases, people become questioning the authenticity of multimedia content. This is specially a big concern for authorities, such as law enforcement, news reporter and government, who constantly use multimedia evidence to make critical decisions. To verify the authenticity of multimedia content, many forensic techniques have been proposed to identify the processing history of multimedia content under question. However, as new technologies emerge and more complicated scenarios are considered, the limitation of multimedia forensics has been gradually realized by forensic researchers. It is the inevitable trend in multimedia forensics to explore the fundamental limits. In this dissertation, we propose several theoretical frameworks to study the fundamental limits in various forensic problems. Specifically, we begin by developing empirical forensic techniques to deal with the limitation of existing techniques due to the emergence of new technology, compressive sensing. Then, we go one step further to explore the fundamental limit of forensic performance. Two types of forensic problems have been examined. In operation forensics, we propose an information theoretical framework and define forensicability as the maximum information features contain about hypotheses of processing histories. Based on this framework, we have found the maximum number of JPEG compressions one can detect. In order forensics, an information theoretical criterion is proposed to determine when we can and cannot detect the order of manipulation operations that have been applied on multimedia content. Additionally, we have examined the fundamental tradeoffs in multimedia antiforensics, where attacking techniques are developed by forgers to conceal manipulation fingerprints and confuse forensic investigations. In this field, we have defined concealability as the effectiveness of anti-forensics concealing manipulation fingerprints. Then, a tradeoff between concealability, rate and distortion is proposed and characterized for compression anti-forensics, which provides us valuable insights of how forgers may behave under their best strategy