Digital forensics and multimedia forensics are rapidly growing disciplines whereby electronic information is extracted and interpreted for use in a court of law. These two fields are finding increasing importance in law enforcement and the investigation of cybercrime as the ubiquity of personal computing and the internet becomes ever-more apparent. Digital forensics involves investigating computer systems and digital artefacts in general, while multimedia forensics is a sub-topic of digital forensics focusing on evidence extracted from both normal computer systems and special multimedia devices, such as digital cameras.
This book focuses on the interface between digital forensics and multimedia forensics, bringing two closely related fields of forensic expertise together to identify and understand the current state-of-the-art in digital forensic investigation. Both fields are expertly attended to by contributions from researchers and forensic practitioners specializing in diverse topics such as forensic authentication, forensic triage, forensic photogrammetry, biometric forensics, multimedia device identification, and image forgery detection among many others.
Key features:
* Brings digital and multimedia forensics together with contributions from academia, law enforcement, and the digital forensics industry for extensive coverage of all the major aspects of digital forensics of multimedia data and devices
* Provides comprehensive and authoritative coverage of digital forensics of multimedia data and devices
* Offers not only explanations of techniques but also real-world and simulated case studies to illustrate how digital and multimedia forensics techniques work
* Includes a companion website hosting continually updated supplementary materials ranging from extended and updated coverage of standards to best practice guides, test datasets and more case studies
Anthony T.S. Ho, Department of Computing, University of Surrey, UK
Prof. Ho holds the Personal Chair in Multimedia Security and is currently the Head of the Department of Computing at the University of Surrey. He is a Fellow of the Institution of Engineering and Technology (FIET), a Chartered Electrical Engineer (CEng), Fellow of British Computer Society (FBCS) and a Senior Member of IEEE. He was the recipient of the IET Innovation in Engineering Award (2006) for his research and commercialisation work on digital watermarking in 2006. Prof. Ho is a member of the IEEE Signal Processing Society Technical Community on Information Forensics and Security. He is the editor-in-chief of the international journal Information Security Technical Reports, which covers digital forensics as one of its key topics. He is also the co-editor-in-chief of International Journal of Digital Crime and Forensics which publishes research papers on both digital and multimedia forensics.
Shujun Li, Department of Computing, University of Surrey, UK
Dr. Li is a Senior Lecturer in the Department of Computing at the University of Surrey. Dr Li received his PhD degree in Information and Communication Engineering in 2003 from Xi'an Jiaotong University, China. He has published more than 70 scientific papers at various international journals and conferences. Dr. Li is on the editorial board of Information Security Technical Reports. He is a Senior Member of the IEEE and a Professional Member of the ACM. He is a member of the IEEE Communications Society Technical Committee on Multimedia Communications and of the IEEE Circuits and Systems Society Technical Committee on Nonlinear Circuits & Systems. He is an active contributor to the ISO/IEC RVC standard as a member of the MPEG.
List of Contributors xvii
Foreword xix
Preface xxi
Acknowledgements xxvii
PART ONE MULTIMEDIA EVIDENCE HANDLING
1 Digital Forensics Laboratories in Operation: How Are Multimedia Data and Devices Handled? 3
1.1 Introduction 3
1.2 Digital and Electronics Forensic Service, Metropolitan Police Service, UK 4
1.3 Digital Forensics Team (Including Affiliated AV Team), Surrey Police, UK 17
1.4 Shanghai Stars Digital Forensic Centre, Third Research Institute of China's Ministry of Public Security 23
1.5 Discussions 28
1.6 Summary 32
1.A Appendix: Questionnaires for Interviewing Surrey Police and Shanghai Stars Digital Forensic Centre 32
References 34
2 Standards and Best Practices in Digital and Multimedia Forensics 38
2.1 Introduction 38
2.2 Overview 39
2.3 Electronic Evidence and Digital Forensics 48
2.4 Multimedia Evidence and Multimedia Forensics 70
2.5 Digital Forensics Laboratory Accreditation 77
2.6 General Quality Assurance (Management) 79
2.7 Training, Education and Certification on Digital and Multimedia Forensics 81
2.8 Conclusions 84
Acknowledgements 86
References 86
3 A Machine Learning-Based Approach to Digital Triage 94
3.1 Introduction 94
3.2 Related Work on Digital Triage 96
3.3 A Machine Learning-Based Digital Triage Framework 100
3.4 A Child Pornography Exchange Case Study 110
3.5 Conclusion 128
3.6 Challenges and Future Directions for the Digital Forensics Community 128
Acknowledgements 130
References 130
4 Forensic Authentication of Digital Audio and Video Files 133
4.1 Introduction 133
4.2 Examination Requests and Submitted Evidence 134
4.3 Laboratory Space 138
4.4 Laboratory Software and Equipment 138
4.5 Audio/Video Authentication Examinations 147
4.6 Preparation of Work Notes and Laboratory Reports 171
4.7 Expert Testimony 172
4.8 Case Examples 173
4.9 Discussion 177
References 178
PART TWO DIGITAL EVIDENCE EXTRACTION
5 Photogrammetry in Digital Forensics 185
5.1 Introduction 185
5.2 Different Methods 188
5.3 Measurement Uncertainty 194
5.4 Case Studies 195
5.5 3D Modelling/Scenario Testing 212
5.6 Summary 217
References 217
6 Advanced Multimedia File Carving 219
6.1 Introduction 219
6.2 Digtal Data Storage 220
6.3 File Carving of Binary Data 225
6.4 Multimedia Data Structures 226
6.5 File Carving of Multimedia Data 232
6.6 Content Identification 241
6.7 File Carving Frameworks 253
6.8 Conclusions 264
Acknowledgements 265
References 265
7 On Forensic Use of Biometrics 270
7.1 Introduction 270
7.2 Biometrics Performance Metrics 273
7.3 Face: The Natural Means for Human Recognition 274
7.4 Ears as a Means of Forensic Identification 283
7.5 Conclusions 299
References 299
8 Multimedia Analytics for Image Collection Forensics 305
8.1 Introduction 305
8.2 Data and Tasks 308
8.3 Multimedia Analysis 309
8.4 Visual Analytics Processes 312
8.5 ChronoBrowser 313
8.6 MediaTable 320
8.7 An Example Scenario 323
8.8 Future Outlook 325
References 326
PART THREE MULTIMEDIA DEVICE AND SOURCE FORENSICS
9 Forensic Camera Model Identification 331
9.1 Introduction 331
9.2 Forensic Source Identification 333
9.3 Digital Camera Model Identification 337
9.4 Benchmarking Camera Model Identification Algorithms 339
9.5 Model-Specific Characteristics of Digital Camera Components 341
9.6 Black Box Camera Model Identification 351
9.7 Camera Model Identification in Open Sets 364
9.8 Model-Specific Characteristics in Device-Level Identification 366
9.9 Open Challenges Towards Practical Applications 368
References 370
10 Printer and Scanner Forensics 375
10.1 Introduction 375
10.2 Printer Forensics 379
10.3 Scanner Forensics 386
10.4 Photocopier Identification 389
10.5 Forgery Detection for Printed and Scanned Documents 391
10.6 Sample Algorithms with Case Studies 396
10.7 Open Problems and Challenges 406
10.8 Conclusions 408
Acknowledgements 408
References 408
11 Microphone Forensics 411
11.1 Introduction 411
11.2 Pattern Recognition for Microphone Forensics 414
11.3 Guidelines for Microphone Registration 421
11.4 Case Studies 423
11.5 Chapter Summary 435
Acknowledgements 436
References 437
12 Forensic Identification of Printed Documents 442
12.1 Introduction 442
12.2 Special Materials 449
12.3 Substrate Forensics 450
12.4 Print Forensics 455
12.5 Real World Example: Currency Protection 473
12.6 Summary and Ecosystem Considerations 475
References 478
PART FOUR MULTIMEDIA CONTENT FORENSICS
13 Digital Image Forensics with Statistical Analysis 483
13.1 Introduction 483
13.2 Detecting Region Duplication 488
13.3 Exposing Splicing Forgery 500
13.4 Case Studies 508
13.5 Other Applications 512
13.6 Summary 515
References 517
14 Camera-Based Image Forgery Detection 522
14.1 Introduction 522
14.2 Camera Structure 524
14.3 Camera-Based Forgery Detection Methods 535
14.4 Forgery Detection Based on PFA: A Case Study 548
14.5 Conclusion 564
References 565
15 Image and Video Processing History Recovery 572
15.1 Introduction 572
15.2 Coding Artefacts 573
15.3 Editing Artefacts 586
15.4 Estimation of Processing Parameters 590
15.5 Case Studies 601
15.6 Conclusions 605
References 607
16 Anti-Forensics of Multimedia Data and Countermeasures 612
16.1 Introduction 612
16.2 Anti-forensic Approaches Proposed in the Literature 613
16.3 Case Study: JPEG Image Forensics 623
16.4 Trade-off between Forensics and Anti-forensics 644
16.5 Conclusions 647
References 647
Index 653