Difference between pages "File Format Identification" and "Adroit Photo Forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Bibliography)
 
(Created page with '{{Infobox_Software | name = Adroit Photo Forensics (APF) | company = Digital Assembly | os = {{Windows}} | genre = {{Analysis}} | license = {{Commercial}} | websi…')
 
Line 1: Line 1:
File Format Identification is the process of figuring out the format of a sequence of bytes. Operating systems typically do this by file extension or by embedded MIME information. Forensic applications need to identify file types by content.
+
{{Infobox_Software |
 +
  name = Adroit Photo Forensics (APF) |
 +
  company = [[Digital Assembly]] |
 +
  os = {{Windows}} |
 +
  genre = {{Analysis}} |
 +
  license = {{Commercial}} |
 +
  website = [http://www.digital-assembly.com/products digital-assembly.com] |
 +
}}
  
=Tools=
+
'''Adroit Photo Forensics''' ('''APF''') is a commercial forensic software package distributed by [[Digital Assembly]].
==libmagic==
+
It specializes in the recovery and analysis of digital photographs.
* Written in C.  
+
* Rules in /usr/share/file/magic and compiled at runtime.
+
* Powers the Unix “file” command, but you can also call the library directly from a C program.
+
* http://sourceforge.net/projects/libmagic
+
  
==DROID==
+
=Features=
* Writen in Java
+
* Developed by National Archives of the United Kingdom.
+
* http://droid.sourceforge.net
+
  
==TrID==
+
Adroit Photo Forensics can parse a number of filesystems, including [[FAT]] 12/16/32, [[NTFS]], [[HFS]], and [[HFS]]. It can
* XML config file
+
read from [[EnCase]] as well as raw/[[dd]] images.  
* Closed source; free for non-commercial use
+
* http://mark0.net/soft-trid-e.html
+
  
==Stellent/Oracle Outside-In==
+
It is best known for implementing the [[File_Carving:SmartCarving|SmartCarving]] and [[File_Carving:SmartCarving|GuidedCarving]]
* Proprietary but free demo.
+
algorithms to recover fragmented photos.  
* http://www.oracle.com/technology/products/content-management/oit/oit_all.html
+
  
[[Category:Tools]]
+
== Exif ==
  
=Bibliography=
+
Adroit Photo Forensics also parses exif data and can be used to view and group files based on exif date stamps instead of
Current research papers on the file format identification problem. Most of these papers concern themselves with identifying file format of a few file sectors, rather than an entire file.
+
file system date stamps. APF also includes a full zoomable time-line viewer based on exif and file system date stamps.  
  
* Mason McDaniel, Automatic File Type Detection Algorithm, Masters Thesis, James Madison University,2001
+
== Other Features ==
  
* [http://www2.computer.org/portal/web/csdl/abs/proceedings/hicss/2003/1874/09/187490332a.pdf Content Based File Type Detection Algorithms], Mason McDaniel and M. Hossain Heydari, 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9, 2003.
+
Adroit Photo Forensics interface is optimized for the display of photos. APF also include grouping and sorting options that are
 +
photo relevant.
  
* [http://www1.cs.columbia.edu/ids/publications/FilePrintPaper-revised.pdf Fileprints: identifying file types by n-gram analysis], LiWei-Jen, Wang Ke, Stolfo SJ, Herzog B..,  IProceeding of the 2005 IEEE workshop on information assurance; 2005 [http://www.itoc.usma.edu/workshop/2005/Papers/Follow%20ups/FilePrintPresentation-final.pdf [slides]]
+
== External Links ==
  
* [http://ieeexplore.ieee.org/iel5/10992/34632/01652088.pdf  File type identification of data fragments by their binary structure. ], Karresand Martin, Shahmehri Nahid. Proceedings of the IEEE workshop on information assurance; 2006b. p. 140–7. [http://www.itoc.usma.edu/workshop/2006/Program/Presentations/IAW2006-07-3.pdf [slides]]
+
[http://digital-assembly.com/products/adroit-photo-forensics/ Adroit Photo Forensics Product Information]
 
+
* [https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/2007-19.pdf Using Artificial Neural Networks for Forensic File Type Identification], Ryan M. Harris, Master's Thesis, Purdue University, May 2007
+
 
+
* [http://www.dfrws.org/2008/proceedings/p14-calhoun.pdf Predicting the Types of File Fragments], William Calhoun, Drue Coles, DFRWS 2008 [http://www.dfrws.org/2008/proceedings/p14-calhoun_pres.pdf [slides]]
+
 
+
[[Category:Bibliography]]
+

Revision as of 13:57, 26 October 2009

Adroit Photo Forensics (APF)
Maintainer: {{{maintainer}}}
OS: Windows
Genre: Analysis
License: Commercial
Website: digital-assembly.com

Adroit Photo Forensics (APF) is a commercial forensic software package distributed by Digital Assembly. It specializes in the recovery and analysis of digital photographs.

Features

Adroit Photo Forensics can parse a number of filesystems, including FAT 12/16/32, NTFS, HFS, and HFS. It can read from EnCase as well as raw/dd images.

It is best known for implementing the SmartCarving and GuidedCarving algorithms to recover fragmented photos.

Exif

Adroit Photo Forensics also parses exif data and can be used to view and group files based on exif date stamps instead of file system date stamps. APF also includes a full zoomable time-line viewer based on exif and file system date stamps.

Other Features

Adroit Photo Forensics interface is optimized for the display of photos. APF also include grouping and sorting options that are photo relevant.

External Links

Adroit Photo Forensics Product Information