Digital evidence is easily scattered, and a forensic analyst may come across scattered fragments of documents in a variety of situations. Perhaps the most common situation is analyzing a storage disk from a crime scene, when a forensic analyst finds disk segments that correspond to fragments of previously deleted files. Without adequate file table information it is difficult to put the fragments back together in their original order.
Our original work involved using a general process model for automatically analyzing a collection of fragments to reconstruct the original document by placing the fragments in proper order. Probabilities are assigned to the likelihood that two given fragments are adjacent in the original using context modelling techniques in data compression. The problem of finding the optimal ordering is shown to be equivalent to finding a maximum weight Hamiltonian path in a complete graph. We then enhanced our techniques for the specific case of multiple images being fragmented and formulated the problem as a k-vertex disjoint path problem. We developed new heuristics and algorithms to provide excellent reassemblies. We are now researching methods for improving the reassemblies of other file types including audio, video and office documents.
Here is an example of reassembly of FBI most wanted images using greedy and enhanced greedy based algorithms.
Participants:
Anandabrata “Pasha” Pal
Nasir Memon
Kulesh Shanmugasundaram
Resources:
- K. Shanmugasundaram and N. Memon. “Automatic Reassembly of Document Fragments via Context Based Statistical Models,” Annual Computer Security Applications Conference, 2003, Las Vegas, Nevada
- A. Pal, K. Shanmugasundaram and N. Memon. “Automated Reassembly of Fragmented Images,” Presented at ICASSP,2003
- N. Memon and A. Pal. “Automated Reassembly of File Fragmented Images Using Greedy Algorithms”, IEEE Transactions on Image Processing, Vol. 15. No 3. March 2006.
Recent Comments