Difference between pages "File Carving:SmartCarving" and "Adroit Photo Forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Created page with ''''SmartCarving''' is a File Carving technique to recover fragmented files first proposed by A. Pal and N. Memon in DFRWS 2008. SmartCarving utilizes a combination of structu…')
 
(Created page with '{{Infobox_Software | name = Adroit Photo Forensics (APF) | company = Digital Assembly | os = {{Windows}} | genre = {{Analysis}} | license = {{Commercial}} | websi…')
 
Line 1: Line 1:
'''SmartCarving''' is a [[File Carving]] technique to recover fragmented files first proposed by A. Pal and N. Memon in DFRWS 2008. SmartCarving utilizes a combination of structure based validation along with validation of each file's unique content. Results for the SmartCarving technique
+
{{Infobox_Software |
were demonstrated on fragmented jpegs in the DFRWS 2006 and DFRWS 2007 challenges. From these two challenges SmartCarving was able
+
  name = Adroit Photo Forensics (APF) |
to recover all but one fragmented jpeg file.
+
  company = [[Digital Assembly]] |
 +
  os = {{Windows}} |
 +
  genre = {{Analysis}} |
 +
  license = {{Commercial}} |
 +
  website = [http://www.digital-assembly.com/products digital-assembly.com] |
 +
}}
  
==History==
+
'''Adroit Photo Forensics''' ('''APF''') is a commercial forensic software package distributed by [[Digital Assembly]].
Memon et al.[1] presented an efficient algorithm based on a greedy heuristic and alpha-beta pruning for reassembling fragmented images.
+
It specializes in the recovery and analysis of digital photographs.
Building on this work, Memon et al.[2] researched and introduced sequential hypothesis testing as a an effective mechanism for detecting fragmentation points of file. This paper won the best paper award for DFRWS 2008. The techniques presented in the paper were the foundation for the overall SmartCarving design.
+
  
==Details==
+
=Features=
After identifying a header block of a specific file type, for example, jpeg, a SmartCarver will analyze each subsequent block to determine if it
+
belongs or does not belong to the starting block. If a block is determined not to belong, then the file is assumed to be fragmented and the
+
SmartCarving algorithm looks for the next fragment by matching the data of other available blocks with the first fragment. This process can be
+
done in parallel for many files.
+
  
==Applications==
+
Adroit Photo Forensics can parse a number of filesystems, including [[FAT]] 12/16/32, [[NTFS]], [[HFS]], and [[HFS]]. It can
There are currently two applications available that utilize SmartCarving, both produced by Digital Assembly:
+
read from [[EnCase]] as well as raw/[[dd]] images.  
* Adroit Photo Recovery
+
* Adroit Photo Forensics.
+
  
== References ==
+
It is best known for implementing the [[File_Carving:SmartCarving|SmartCarving]] and [[File_Carving:SmartCarving|GuidedCarving]]
* A. Pal and N. Memon, [http://digital-assembly.com/technology/research/pubs/ieee-trans-2006.pdf "Automated reassembly of file fragmented images using greedy algorithms"] in IEEE Transactions on Image processing, February 2006, pp 385­393
+
algorithms to recover fragmented photos.  
* A. Pal, T. Sencar and N. Memon, [http://digital-assembly.com/technology/research/pubs/dfrws2008.pdf "Detecting File Fragmentation Point Using Sequential Hypothesis Testing"], Digital Investigations, Fall 2008
+
  
==External links==
+
== Exif ==
* [http://digital-assembly.com/products/adroit-photo-recovery/ Adroit Photo Recovery]
+
 
* [http://digital-assembly.com/products/adroit-photo-forensics/ Adroit Photo Forensics]
+
Adroit Photo Forensics also parses exif data and can be used to view and group files based on exif date stamps instead of
* [http://digital-assembly.com/technology/ Link to SmartCarving Technology and Research]
+
file system date stamps. APF also includes a full zoomable time-line viewer based on exif and file system date stamps.  
* [http://digital-assembly.com Digital Assembly]
+
 
 +
== Other Features ==
 +
 
 +
Adroit Photo Forensics interface is optimized for the display of photos. APF also include grouping and sorting options that are
 +
photo relevant.
 +
 
 +
== External Links ==
 +
 
 +
[http://digital-assembly.com/products/adroit-photo-forensics/ Adroit Photo Forensics Product Information]

Revision as of 14:57, 26 October 2009

Adroit Photo Forensics (APF)
Maintainer: {{{maintainer}}}
OS: Windows
Genre: Analysis
License: Commercial
Website: digital-assembly.com

Adroit Photo Forensics (APF) is a commercial forensic software package distributed by Digital Assembly. It specializes in the recovery and analysis of digital photographs.

Features

Adroit Photo Forensics can parse a number of filesystems, including FAT 12/16/32, NTFS, HFS, and HFS. It can read from EnCase as well as raw/dd images.

It is best known for implementing the SmartCarving and GuidedCarving algorithms to recover fragmented photos.

Exif

Adroit Photo Forensics also parses exif data and can be used to view and group files based on exif date stamps instead of file system date stamps. APF also includes a full zoomable time-line viewer based on exif and file system date stamps.

Other Features

Adroit Photo Forensics interface is optimized for the display of photos. APF also include grouping and sorting options that are photo relevant.

External Links

Adroit Photo Forensics Product Information