1Advanced Forensics Analysis Techniques1ThesenotesareforusebyregisteredstudentsinINFR4690U,Winter2016,andmaynotbeusedorreproducedforanyotherpurpose2split into one or more partitionsPartition APartition BFormat (or make filesystem)OS InstallationAPP InstallationVolume AnalysisFilesystemAnalysisOSAnalysisNetwork Forensics3cont’dPhysical Memory Forensics or Live Forensics4cont’dMobile Device Forensics The PC market is shrinking The PC market is shrinking again as companies stop upgrading.
2Multimedia Forensics5Dose of Reality:In Digital Age, “seeing is no longer believing”Doctored photos damage someone's reputation6Digital Image Forgery7Types of Digital Image Forgery Mostcommontamperingtechniques:Image semantic content can be altered intwo major ways:Copy-move forgery Compositing (Splicing)8
3Forgery of Digital Image Forgeries involving a single image called (copy-move technique)9Forgeries using multiple images as source for tamperingForgery of Digital Image (cont’d)10 John Kerry - Jane Fonda 2004 election photo controversy.  C. Song and X. Lin. Natural Image Splicing Detection Based on Defocus Blur at Edges. IEEE/CIC ICCC 2014.Digital Image Forgery DetectionMethods for forgery detectionActive way Passive way 11Digital Image Forgery Detection (cont’d)Active method•Activeauthenticationimpliesonehaspriorknowledge about the image.•Example:Watermarkinganddigital signature12
4Passive method •The main purpose of digital image forensics is toevaluate the authenticity and the origin of images.Passive methodaim to process image and analysis itin order to recover information about the history of animage.•It a technique tries to expose semantic manipulation(forgery) through the study ofinconsistenciesin thestatisticsof natural images. I. Amerini, L. Ballan, R. Caldelli, A. Del Bimbo and G. Serra, A SIFT-Based Forensic Method for Copy–Move Attack Detection and Transformation Recovery (2011), in: IEEE Transactions on Information Forensics and Security, 6:3(1099-1110) 13Digital Image Forgery Detection (cont’d) I. Amerini, L. Ballan, R. Caldelli, A. Del Bimbo and G. Serra, A SIFT-Based Forensic Method for Copy–Move Attack Detection and Transformation Recovery (2011), in: IEEE Transactions on Information Forensics and Security, 6:3(1099-1110) The shows four Iranian missiles but only three of them are real; two different sections (encircled in red and purple, respectively) replicate other image sections by applying a copy-move attack.