Multimedia Forensic Techniques for Acquisition Device Identification and Digital Image Authentication

Multimedia forensics can be defined as the science that tries, by only analysing a particular digital asset, to give an assessment on such a content and to extract information that can be useful to address and support an investigation linked to the scene represented in that specific digital document. The basic idea behind multimedia forensics relies on the observation that both the acquisition process and any post-processing operation leave a distinctive imprint on the data, as a sort of digital fingerprint. The analysis of such a fingerprint may permit to determine image/video origin and to establish digital content authenticity.

Biometrical Processing of Faces in Security and Forensics

The aim of this chapter is the overall and comprehensive description of the machine face processing issue and presentation of its usefulness in security and forensic applications. The chapter overviews the methods of face processing as the field deriving from various disciplines. After a brief introduction to the field, the conclusions concerning human processing of faces that have been drawn by the psychology researchers and neuroscientists are described. Then the most important tasks related to the computer facial processing are shown: face detection, face recognition and processing of facial features, and the main strategies as well as the methods applied in the related fields are presented. Finally, the applications of digital biometrical processing of human faces are presented.

Embedded Forensics

This chapter is aimed at introducing SIM and USIM card forensics, which pertains to the Small Scale Digital Device Forensics (SSDDF) (Harril, & Mislan, 2007) field. Particularly, we would like to pinpoint what follows. First, we will introduce the smart card world, giving a sufficiently detailed description regarding the main physical and logical main building blocks. Then we will give a general overview on the extraction of the standard part of the file system. Moreover, we will present an effective methodology to acquire all the observable memory content, that is, the whole set of files which represent the full file system of such devices. Finally, we will discuss some potential cases of data hiding at the file system level, presenting at the same time a detailed and useful procedure used by forensics practitioners to deal with such a problem.

Forensic Investigation of Peer-to-Peer Networks

The community of peer-to-peer (P2P) file-sharing networks has been expanding swiftly since the appearance of the very first P2P application (Napster) in 2001. These networks are famous for their excellent file transfer rates and adversely, the flooding of copyright-infringed digital materials. Recently, a number of documents containing personal data or sensitive information have been shared in an unbridled manner over the Foxy network (a popular P2P network in Chinese regions). These incidents have urged the authors to develop an investigation model for tracing suspicious P2P activities. Unfortunately, hindered by the distributed design and anonymous nature of these networks, P2P investigation can be practically difficult and complicated. In this chapter, the authors briefly review the characteristics of current P2P networks. By observing the behaviors of these networks, they propose some heuristic rules for identifying the first uploader of a shared file. Also, the rules have been demonstrated to be applicable to some simulated cases. The authors believe their findings provide a foundation for future development in P2P file-sharing networks investigation.

Semi-Fragile Image Watermarking, Authentication and Localization Techniques for Law Enforcement Applications

With the tremendous growth and use of digital cameras and video devices, the need to verify the collected digital content for law enforcement applications such as crime scene investigations and traffic violations, becomes paramount if they are to be used as evidence in courts. Semi-fragile watermarking has become increasingly important within the past few years as it can be used to verify the content of images by accurately localising the tampered area and tolerating some non-malicious manipulations. There have been a number of different transforms used for semi-fragile image watermarking. In this chapter, we present two novel transforms for semi-fragile watermarking, using the Slant transform (SLT) as a block-based algorithm and the wavelet-based contourlet transform (WBCT) as a non-block based algorithm. The proposed SLT is compared with existing DCT and PST semi-fragile watermarking schemes. Experimental results using standard test images and simulated law enforcement images indicate that the SLT is more accurate for copy and paste attacks with non-malicious manipulations, such as additive Gaussian noise. For the proposed WBCT method, watermarking embedding is performed by modulating the parent-children relationship in the contourlet domain. Again, experimental results using the same test images have demonstrated that our proposed WBCT method achieves good performances in localising the tampered regions, even when the image has been subjected to non-malicious manipulations such as JPEG/JPEG2000 compressions, Gaussian noise, Gaussian filtering, and contrast stretching. The average miss detection rate is found to be approximately 1% while maintaining an average false alarm rate below 6.5%.

Privacy Enhancing Technologies in Biometrics

The wide diffusion of biometric based authentication systems, which has been witnessed in the last few years, has raised the need to protect both the security and the privacy of the employed biometric templates. In fact, unlike passwords or tokens, biometric traits cannot be revoked or reissued and, if compromised, they can disclose unique information about the user’s identity. Moreover, since biometrics represent personal information, they can be used to acquire data which can be used to discriminate people because of religion, health, sex, gender, personal attitudes, and so forth. In this chapter, the privacy requirements, the major threats to privacy, and the best practices to employ in order to deploy privacy sympathetic systems, are discussed within the biometric framework. An overview of state of the art on privacy enhancing technologies, applied to biometric based authentication systems, is presented.

Forensic Implications of Virtualization Technologies

In the recent past machine and application virtualization technologies have received a great attention from the IT community, and are being increasingly used both in the Data Center and by the end user. The proliferation of these technologies will result, in the near future, in an increasing number of illegal or inappropriate activities carried out by means of virtual machines, or targeting virtual machines, rather than physical ones. Therefore, appropriate forensic analysis techniques, specifically tailored to virtualization environments, must be developed. Furthermore, virtualization technologies provide very effective anti-forensics capabilities, so specific countermeasures have to be sought as well. In addition to the above problems, however, virtualization technologies provide also the opportunity of developing novel forensic analysis techniques for non-virtualized systems. This chapter discusses the implications on the forensic computing field of the issues, challenges, and opportunities presented by virtualization technologies, with a particular emphasis on the possible solutions to the problems arising during the forensic analysis of a virtualized system.

Identity Theft through the Web

Most people recognize there are risks to online privacy but may not be fully aware of the various ways that personal information about them can be stolen through the Web. People can be lured to malicious Web sites designed to deceive them into revealing their personal information or unknowingly download malicious software to their computer. Even worse, legitimate sites can be compromised to host attacks called drive-by downloads. This chapter describes the online risks to identity theft and the technological means for protecting individuals from losing their personal information while surfing the Web.

Deception Detection on the Internet

This chapter provides an overview of techniques and tools to detect deception on the Internet. A classification of state-of-the-art hypothesis testing and data mining based deception detection methods are presented. A psycho-linguistics based statistical model for deception detection is also described in detail. Passive and active methods for detecting deception at the application and network layer are discussed. Analysis of the pros and cons of the existing methods is presented. Finally, the inter-play between psychology, linguistics, statistical modeling, network layer information and Internet forensics is discussed along with open research challenges.

Network Forensics

Network Forensics is a powerful sub-discipline of digital forensics. This chapter examines innovations in forensic network acquisition, and in particular in attribution of network sources behind network address translated gateways. A novel algorithm for automatically attributing traffic to different sources is presented and then demonstrated. Finally we discuss some innovations in decoding of forensic network captures. We illustrate how web mail can be extracted and rendered and in particular give the example of Gmail as a modern AJAX based webmail provider of forensic significance.