Difference between pages "CDMA" and "File Format Identification"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
m (Bibliography)
 
Line 1: Line 1:
'''Code division multiple access''' ('''CDMA''') is a cellular frequency that, originally developed during World War II for military purposes, incorporates "spread spectrum" techniques. Unlike other cellular systems like [[GSM]] and [[TDMA]], every channel on the network uses the full available spectrum. This allows each user (identified by a unique [[pseudonoise code]] ([[PN]])) to communicate over several frequencies, as opposed to only one. CDMA is an improved version of TDMA (Time Division Multiple Access). TDMA uses a time-sharing protocol to provide three to four times more capacity than analog systems, just as a GSM.
+
File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.
  
== History ==
+
=Tools=
 +
==libmagic==
 +
* Written in C.
 +
* Rules in /usr/share/file/magic and compiled at runtime.
 +
* Powers the Unix “file” command, but you can also call the library directly from a C program.
 +
* http://sourceforge.net/projects/libmagic
  
[[Qualcomm]] developed the key advances that made CDMA suitable for [[cell phones|cellular phones]] and conducted an open demonstration in San Diego in November 1989.
+
==DROID==
 +
* Writen in Java
 +
* Developed by National Archives of the United Kingdom.
 +
* http://droid.sourceforge.net
  
The first CDMA network was launched commercially in 1995 as [[cdmaOne]] and provided approximately 10 times more capacity than analog networks. CDMA has become the fastest-growing of all wireless technologies, with over 100 million subscribers worldwide.  
+
==TrID==
 +
* XML config file
 +
* Closed source; free for non-commercial use
 +
* http://mark0.net/soft-trid-e.html
  
== Benefits ==
+
==Stellent/Oracle Outside-In==
 +
* Proprietary but free demo.
 +
* http://www.oracle.com/technology/products/content-management/oit/oit_all.html
  
* Greater capacity. Provides 10-20 times the capacity of analog equipment and three times the capacity of other digital platforms.
+
[[Category:Tools]]
* Excellent voice and call quality through the filtering out of background noise, cross-talk, and interference.
+
* Rapid deployment. CDMA systems can be expanded quickly and more cost effectively than most landline networks.
+
* Fewer dropped calls.
+
* Improved security and privacy because of CDMA's digitally encoded transmissions.
+
* Reduced background noise and interference by combining multiple signals which improves signal strength.
+
  
== Forensics ==
+
=Bibliography=
 +
Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.
  
CDMA phones do not have the advantage of [[SIM cards]], so forensics can only be done on the phone itself, as all relevant data is stored directly on the phone. This information includes the [[phonebook]], [[call history]] log, [[SMS]] messages, and any calendar or to-do applications the phone might have.
+
* Mason McDaniel, [[Media:Mcdaniel01.pdf|Automatic File Type Detection Algorithm]], Masters Thesis, James Madison University,2001
  
Due to the fact that the phone must be physically connected to a forensics workstation for data acquisition, it is important to be aware of the phone's battery state (a charging cable should be obtained to ensure constant power), and blocking the phone's signal. Also, the correct data cable must be obtained to connect the phone to the workstation ([[Susteen]] provides a kit that includes many cables for the most popular phones).
+
* [http://www2.computer.org/portal/web/csdl/abs/proceedings/hicss/2003/1874/09/187490332a.pdf Content Based File Type Detection Algorithms], Mason McDaniel and M. Hossain Heydari, 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9, 2003.
  
=== Software ===
+
* [http://www1.cs.columbia.edu/ids/publications/FilePrintPaper-revised.pdf Fileprints: identifying file types by n-gram analysis], LiWei-Jen, Wang Ke, Stolfo SJ, Herzog B..,  IProceeding of the 2005 IEEE workshop on information assurance; 2005 [http://www.itoc.usma.edu/workshop/2005/Papers/Follow%20ups/FilePrintPresentation-final.pdf [slides]]
  
Software for acquiring a CDMA-based phone includes:
+
* [http://www.micsymposium.org/mics_2005/papers/paper7.pdf File Type Detection Technology], Douglas J. Hickok, Daine Richard Lesniak, Michael C. Rowe, 2005 Midwest Instruction and Computing Symposium.
  
* [[BitPIM]]
+
* [http://ieeexplore.ieee.org/iel5/10992/34632/01652088.pdf  File type identification of data fragments by their binary structure. ], Karresand Martin, Shahmehri Nahid. Proceedings of the IEEE workshop on information assurance; 2006. p. 140–7. [http://www.itoc.usma.edu/workshop/2006/Program/Presentations/IAW2006-07-3.pdf [slides]]
* [[DataPilot Secure View]]
+
* [[Paraben Cell Seizure]]
+
  
== External Links ==
+
* FORSIGS; Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints, John Haggerty and Mark Taylor, IFIP TC11 International Information Security Conference, 2006, Sandton, South Africa.
  
* [http://en.wikipedia.org/wiki/Cdma Wikipedia: CDMA]
+
* Karresand M., Shahmehri N., [http://dx.doi.org/10.1007/0-387-33406-8_35 Oscar: File Type Identification of Binary Data in Disk Clusters and RAM Pages], Proceedings of IFIP International Information Security Conference: Security and Privacy in Dynamic Environments (SEC2006), Springer, ISBN 0-387-33405-x, pp 413-424, May 22 - 24, Karlstad, Sweden. Journal page.
* [http://www.bitpim.org: BitPIM]
+
 
* [http://www.susteen.com DataPilot Secure View]
+
* [https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/2007-19.pdf Using Artificial Neural Networks for Forensic File Type Identification], Ryan M. Harris, Master's Thesis, Purdue University, May 2007
* [[http://www.paraben-forensics.com Paraben Cell Seizure]]
+
 
 +
* [http://www.dfrws.org/2008/proceedings/p14-calhoun.pdf Predicting the Types of File Fragments], William Calhoun, Drue Coles, DFRWS 2008 [http://www.dfrws.org/2008/proceedings/p14-calhoun_pres.pdf [slides]]
 +
 
 +
[[Category:Bibliographies]]

Revision as of 12:59, 1 January 2009

File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.

Contents

Tools

libmagic

  • Written in C.
  • Rules in /usr/share/file/magic and compiled at runtime.
  • Powers the Unix “file” command, but you can also call the library directly from a C program.
  • http://sourceforge.net/projects/libmagic

DROID

TrID

Stellent/Oracle Outside-In

Bibliography

Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.

  • FORSIGS; Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints, John Haggerty and Mark Taylor, IFIP TC11 International Information Security Conference, 2006, Sandton, South Africa.