Development of a micro-extruder with vibration mode for microencapsulation of human keratinocytes in calcium alginate

Microencapsulation is a promising technique to form microtissues. The existing cell microencapsulation technologies that involved extrusion and vibration are designed with complex systems and required the use of high energy. A micro-extruder with an inclusion of simple vibrator that has the commercial value for creating a 3D cell model has been developed in this work. This system encapsulates human keratinocytes (HaCaT) in calcium alginate and the size of the microcapsules is controllable in the range of 500-800 µm by varying the flow rates of the extruded solution and frequency of the vibrator motor ( I 0-63 Hz). At 0.13 ml/min of flow rate and vibration rate of 26.4 Hz, approximately 40 ± IO pieces of the alginate microcapsules in a size 632.14 ± I 0.35 µm were produced. Approximately I 00 µm suspension of cells at different cells densities of 1.55 x I 05 cells/ml and 1.37 x I 07 cells/ml were encapsulated for investigation of microtissues formation. Fourier transform infrared spectroscopy (FTIR) analysis showed the different functional groups and chemistry contents of the calcium alginate with and without the inclusion of HaCaT cells in comparison to the monolayers of HaCaT cells. From Field Emission Scanning Electron Microscope (FESEM) imaging, calcium alginate microcapsules were characterised by spherical shape and homogenous surface morphology. Via the nuclei staining, the distance between cells was found reduced as the incubation period increased. This indicated that the cells merged into microtissues with good cell-cell adhesions. After 15 days of culture, the cells were still viable as indicated by the fluorescence green expression of calcein­acetoxymethyl. Replating experiment indicated that the cells from the microtissues were able to migrate and has the tendency to form monolayer of cells on the culture flask. The system was successfully developed and applied to encapsulate cells to produce 3D microtissues

Development of a micro-extruder with vibration mode for microencapsulation of human keratinocytes in calcium alginate

Microencapsulation is a promising technique to form microtissues. The existing cell microencapsulation technologies that involved extrusion and vibration are designed with complex systems and required the use of high energy. A micro-extruder with an inclusion of simple vibrator that has the commercial value for creating a 3D cell model has been developed in this work. This system encapsulates human keratinocytes (HaCaT) in calcium alginate and the size of the microcapsules is controllable in the range of 500-800 µm by varying the flow rates of the extruded solution and frequency of the vibrator motor ( I 0-63 Hz). At 0.13 ml/min of flow rate and vibration rate of 26.4 Hz, approximately 40 ± IO pieces of the alginate microcapsules in a size 632.14 ± I 0.35 µm were produced. Approximately I 00 µm suspension of cells at different cells densities of 1.55 x I 05 cells/ml and 1.37 x I 07 cells/ml were encapsulated for investigation of microtissues formation. Fourier transform infrared spectroscopy (FTIR) analysis showed the different functional groups and chemistry contents of the calcium alginate with and without the inclusion of HaCaT cells in comparison to the monolayers of HaCaT cells. From Field Emission Scanning Electron Microscope (FESEM) imaging, calcium alginate microcapsules were characterised by spherical shape and homogenous surface morphology. Via the nuclei staining, the distance between cells was found reduced as the incubation period increased. This indicated that the cells merged into microtissues with good cell-cell adhesions. After 15 days of culture, the cells were still viable as indicated by the fluorescence green expression of calcein­acetoxymethyl. Replating experiment indicated that the cells from the microtissues were able to migrate and has the tendency to form monolayer of cells on the culture flask. The system was successfully developed and applied to encapsulate cells to produce 3D microtissues

VMIFF - Visualization metrics for the identification of file fragments

Visualization of complex data, such as a file system or file, allows a forensic analyst or reverse engineer to rapidly locate areas of interest amidst a large quantity of data. While visualization provides a promising form of analysis, is the subject of much skepticism, as human interaction is required in order for this method to be successful. As a result of this, visualization methods face two major obstacles: tediousness and time. As our contribution, we propose a unique method of graphing visual information into a measurable format suitable for use with machine learning algorithms. This method will still utilize the visual layout of the data but streamline this form into one that can be rapidly processed by a machine. In this work we examine existing methods of file fragment analysis, determine how to apply visualization to this analysis, and transform this visual data into a measurable format for machine leaning algorithms using our tool called VMIFF (Visualization Metrics for the Identification of File Fragments). In its breadth, this work aims to demonstrate that such transformations will still yield meaningful results

An Investigation into the identification, reconstruction, and evidential value of thumbnail cache file fragments in unallocated space

©Cranfield UniversityThis thesis establishes the evidential value of thumbnail cache file fragments identified in unallocated space. A set of criteria to evaluate the evidential value of thumbnail cache artefacts were created by researching the evidential constraints present in Forensic Computing. The criteria were used to evaluate the evidential value of live system thumbnail caches and thumbnail cache file fragments identified in unallocated space. Thumbnail caches can contain visual thumbnails and associated metadata which may be useful to an analyst during an investigation; the information stored in the cache may provide information on the contents of files and any user or system behaviour which interacted with the file. There is a standard definition of the purpose of a thumbnail cache, but not the structure or implementation; this research has shown that this has led to some thumbnail caches storing a variety of other artefacts such as network place names. The growing interest in privacy and security has led to an increase in user’s attempting to remove evidence of their activities; information removed by the user may still be available in unallocated space. This research adapted popular methods for the identification of contiguous files to enable the identification of single cluster sized fragments in Windows 7, Ubuntu, and Kubuntu. Of the four methods tested, none were able to identify each of the classifications with no false positive results; this result led to the creation of a new approach which improved the identification of thumbnail cache file fragments. After the identification phase, further research was conducted into the reassembly of file fragments; this reassembly was based solely on the potential thumbnail cache file fragments and structural and syntactical information. In both the identification and reassembly phases of this research image only file fragments proved the most challenging resulting in a potential area of continued future research. Finally this research compared the evidential value of live system thumbnail caches with identified and reassembled fragments. It was determined that both types of thumbnail cache artefacts can provide unique information which may assist with a digital investigation. ii This research has produced a set of criteria for determining the evidential value of thumbnail cache artefacts; it has also identified the structure and related user and system behaviour of popular operating system thumbnail cache implementations. This research has also adapted contiguous file identification techniques to single fragment identification and has developed an improved method for thumbnail cache file fragment identification. Finally this research has produced a proof of concept software tool for the automated identification and reassembly of thumbnail cache file fragments

SIFT -- File Fragment Classification Without Metadata

A vital issue of file carving in digital forensics is type classification of file fragments when the filesystem metadata is missing. Over the past decades, there have been several efforts for developing methods to classify file fragments. In this research, a novel sifting approach, named SIFT (Sifting File Types), is proposed. SIFT outperforms the other state-of-the-art techniques by at least 8%. (1) One of the significant differences between SIFT and others is that SIFT uses a single byte as a separate feature, i.e., a total of 256 (0x00 - 0xFF) features. We also call this a lossless feature (information) extraction, i.e., there is no loss of information. (2) The other significant difference is the technique used to estimate inter-Classes and intra-Classes information gain of a feature. Unlike others, SIFT adapts TF-IDF for this purpose, and computes and assigns weight to each byte (feature) in a fragment (sample). With these significant differences and approaches, SIFT produces promising (better) results compared to other works

Error Level Analysis Technique for Identifying JPEG Block Unique Signature for Digital Forensic Analysis

The popularity of unique image compression features of image files opens an interesting research analysis process, given that several digital forensics cases are related to diverse file types. Of interest has been fragmented file carving and recovery which forms a major aspect of digital forensics research on JPEG files. Whilst there exist several challenges, this paper focuses on the challenge of determining the co-existence of JPEG fragments within various file fragment types. Existing works have exhibited a high false-positive rate, therefore rendering the need for manual validation. This study develops a technique that can identify the unique signature of JPEG 8 × 8 blocks using the Error Level Analysis technique, implemented in MATLAB. The experimental result that was conducted with 21 images of JFIF format with 1008 blocks shows the efficacy of the proposed technique. Specifically, the initial results from the experiment show that JPEG 8 × 8 blocks have unique characteristics which can be leveraged for digital forensics. An investigator could, therefore, search for the unique characteristics to identify a JPEG fragment during a digital investigation process

Improved Decay Tolerant Inference of Previously Uninstalled Computer Applications

When an application is uninstalled from a computer system, the application\u27s deleted file contents are overwritten over time, depending on factors such as operating system, available unallocated disk space, user activity, etc. As this content decays, the ability to infer the application\u27s prior presence, based on the remaining digital artifacts, becomes more difficult. Prior research inferring previously installed applications by matching sectors from a hard disk of interest to a previously constructed catalog of labeled sector hashes showed promising results. This prior work used a white list approach to identify relevant artifacts, resulting in no irrelevant artifacts but incurring the loss of some potentially useful artifacts. In this current work, we collect a more complete set of relevant artifacts by adapting the sequential snapshot file differencing method to identify and eliminate from the catalog filesystem changes which are not due to application installation and use. The key contribution of our work is the building of a more complete catalog which ultimately results in more accurate prior application inference

Improved Decay Tolerant Inference of Previously Uninstalled Computer Applications

When an application is uninstalled from a computer system, the application’s deleted file contents are overwritten over time, depending on factors such as operating system, available unallocated disk space, user activity, etc. As this content decays, the ability to infer the application’s prior presence, based on the remaining digital artifacts, becomes more difficult. Prior research inferring previously installed applications by matching sectors from a hard disk of interest to a previously constructed catalog of labeled sector hashes showed promising results. This prior work used a white list approach to identify relevant artifacts, resulting in no irrelevant artifacts but incurring the loss of some potentially useful artifacts. In this current work, we collect a more complete set of relevant artifacts by adapting the sequential snapshot file differencing method to identify and eliminate from the catalog file-system changes which are not due to application installation and use. The key contribution of our work is the building of a more complete catalog which ultimately results in more accurate prior application inference

File Fragment Classification Using Neural Networks with Lossless Representations

This study explores the use of neural networks as universal models for classifying file fragments. This approach differs from previous work in its lossless feature representation, with fragments’ bits as direct input, and its use of feedforward, recurrent, and convolutional networks as classifiers, whereas previous work has only tested feedforward networks. Due to the study’s exploratory nature, the models were not directly evaluated in a practical setting; rather, easily reproducible experiments were performed to attempt to answer the initial question of whether this approach is worthwhile to pursue further, especially due to its high computational cost. The experiments tested classification of fragments of homogeneous file types as an idealized case, rather than using a realistic set of types, because the types of interest are highly application-dependent. The recurrent networks achieved 98 percent accuracy in distinguishing 4 file types, suggesting that this approach may be capable of yielding models with sufficient performance for practical applications. The potential applications depend mainly on the model performance gains achievable by future work but include binary mapping, deep packet inspection, and file carving

Data carving parser generation

As our day to day interaction with technology continues to grow, so does the amount of data created through this interaction. The science of digital forensics grew out of the need for specialists to recover, analyze, and interpret this data. When events or actions, either by accident or with criminal intent create, delete or manipulate data, it is the role of a digital forensics analyst to acquire this data and draw conclusions about the discovered facts about who or what is responsible for the event. This thesisidentifies a gap in the research between data analysis and interpretation. Current research and tool development has been focusing on data acquisition techniques and file carving. Data acquisition is the process of recovering a forensically sound copy of the evidence, such as a bit-by-bit copy of a hard drive or an image of the contents of a computer system’s RAM. File carving is the process of searching for and extracting files from the acquired data. Few tools provide a means of quick and easy file validation and data extraction once they have been recovered, and the tools that do are either limited in their ability or very complex and require a lot of overhead and a steep learning curve to use effectively. The tool created through this research fills this gap. The tool utilizes a file description language that can textually describe the layout and on-disk format of a file type’s data. This language is very intuitive and easy to read and understand by humans. By using a description as input, the tool builds a syntax tree which can be used to parse and extract various fields of interest from any file matching the provided description. This allows for the quick analysis and interpretation of any file type, even those with uncommon or proprietary formats, as long as a valid description is provided