Reassembly and clustering bifragmented intertwined jpeg images using genetic algorithm and extreme learning machine
File carving tools are essential element of digital forensic investigation for recovering evidence data from computer disk drives. Today, JPEG image files are popular file formats that have less structured contents which make its carving possible in the absence of any file system metadata. However,...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | http://eprints.uthm.edu.my/116/1/24p%20RABEI%20RAAD%20ALI.pdf http://eprints.uthm.edu.my/116/2/RABEI%20RAAD%20ALI%20COPYRIGHT%20DECLARATION.pdf http://eprints.uthm.edu.my/116/3/RABEI%20RAAD%20ALI%20WATERMARK.pdf http://eprints.uthm.edu.my/116/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.uthm.eprints.116 |
|---|---|
| record_format |
eprints |
| spelling |
my.uthm.eprints.1162021-06-22T08:06:49Z http://eprints.uthm.edu.my/116/ Reassembly and clustering bifragmented intertwined jpeg images using genetic algorithm and extreme learning machine Raad Ali, Rabei QA Mathematics File carving tools are essential element of digital forensic investigation for recovering evidence data from computer disk drives. Today, JPEG image files are popular file formats that have less structured contents which make its carving possible in the absence of any file system metadata. However, completely recovering intertwined Bifragmented JPEG images into their original form without missing any parts or data of the image is a challenging due to the intertwined case might occur with non-JPEG images such as PDF, Text, Microsoft Office or random data. In this research, a new carving framework is presented in order to address the fragmentation issues that often occur in JPEG images which is called RX_myKarve. The RX_myKarve is an extended framework from X_myKarve, which consists of the following key components: (i) an Extreme Learning Machine (ELM) neural network for clusters classification using three existing content-based features extraction (Entropy, Byte Frequency Distribution (BFD) and Rate of Change (RoC)) to improve the identification of JPEG images content and support the reassembling process; (ii) a genetic algorithm with Coherence Euclidean Distance (CED) matric and cost function to reconstruct a JPEG image from a set of deformed and fragmented clusters in the scan area. The RX_myKarve is a framework that contains both structure-based carving and content-based carving approaches. The RX_myKarve is implemented as an Automatic JPEG Carver (AJC) tool in order to test and compare its performance with the state-of-the art carvers such as RevIt, myKarve and X_myKarve. It is applied to three datasets namely DFRWS (2006 and 2007) forensic challenges datasets and a new dataset to test and evaluate the AJC tool. These datasets have complex challenges that simulate particular fragmentation cases addressed in this research. The final results show that the AJC with the aid of the RX_myKarve framework outperform the X_myKarve, myKarve and RevIt. The RX_myKarve is able to completely carve 23.8% images more than X_myKarve, 45.4% images more than myKarve and 67% images more than RevIt in which AJC tool using RX_myKarve completely solves the research problem. 2019-07 Thesis NonPeerReviewed text en http://eprints.uthm.edu.my/116/1/24p%20RABEI%20RAAD%20ALI.pdf text en http://eprints.uthm.edu.my/116/2/RABEI%20RAAD%20ALI%20COPYRIGHT%20DECLARATION.pdf text en http://eprints.uthm.edu.my/116/3/RABEI%20RAAD%20ALI%20WATERMARK.pdf Raad Ali, Rabei (2019) Reassembly and clustering bifragmented intertwined jpeg images using genetic algorithm and extreme learning machine. Doctoral thesis, Universiti Tun Hussein Onn Malaysia. |
| institution |
Universiti Tun Hussein Onn Malaysia |
| building |
UTHM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Tun Hussein Onn Malaysia |
| content_source |
UTHM Institutional Repository |
| url_provider |
http://eprints.uthm.edu.my/ |
| language |
English English English |
| topic |
QA Mathematics |
| spellingShingle |
QA Mathematics Raad Ali, Rabei Reassembly and clustering bifragmented intertwined jpeg images using genetic algorithm and extreme learning machine |
| description |
File carving tools are essential element of digital forensic investigation for recovering evidence data from computer disk drives. Today, JPEG image files are popular file formats that have less structured contents which make its carving possible in the absence of any file system metadata. However, completely recovering intertwined Bifragmented JPEG images into their original form without missing any parts or data of the image is a challenging due to the intertwined case might occur with non-JPEG images such as PDF, Text, Microsoft Office or random data. In this research, a new carving framework is presented in order to address the fragmentation issues that often occur in JPEG images which is called RX_myKarve. The RX_myKarve is an extended framework from X_myKarve, which consists of the following key components: (i) an Extreme Learning Machine (ELM) neural network for clusters classification using three existing content-based features extraction (Entropy, Byte Frequency Distribution (BFD) and Rate of Change (RoC)) to improve the identification of JPEG images content and support the reassembling process; (ii) a genetic algorithm with Coherence Euclidean Distance (CED) matric and cost function to reconstruct a JPEG image from a set of deformed and fragmented clusters in the scan area. The RX_myKarve is a framework that contains both structure-based carving and content-based carving approaches. The RX_myKarve is implemented as an Automatic JPEG Carver (AJC) tool in order to test and compare its performance with the state-of-the art carvers such as RevIt, myKarve and X_myKarve. It is applied to three datasets namely DFRWS (2006 and 2007) forensic challenges datasets and a new dataset to test and evaluate the AJC tool. These datasets have complex challenges that simulate particular fragmentation cases addressed in this research. The final results show that the AJC with the aid of the RX_myKarve framework outperform the X_myKarve, myKarve and RevIt. The RX_myKarve is able to completely carve 23.8% images more than X_myKarve, 45.4% images more than myKarve and 67% images more than RevIt in which AJC tool using RX_myKarve completely solves the research problem. |
| format |
Thesis |
| author |
Raad Ali, Rabei |
| author_facet |
Raad Ali, Rabei |
| author_sort |
Raad Ali, Rabei |
| title |
Reassembly and clustering bifragmented intertwined jpeg images using genetic algorithm and extreme learning machine |
| title_short |
Reassembly and clustering bifragmented intertwined jpeg images using genetic algorithm and extreme learning machine |
| title_full |
Reassembly and clustering bifragmented intertwined jpeg images using genetic algorithm and extreme learning machine |
| title_fullStr |
Reassembly and clustering bifragmented intertwined jpeg images using genetic algorithm and extreme learning machine |
| title_full_unstemmed |
Reassembly and clustering bifragmented intertwined jpeg images using genetic algorithm and extreme learning machine |
| title_sort |
reassembly and clustering bifragmented intertwined jpeg images using genetic algorithm and extreme learning machine |
| publishDate |
2019 |
| url |
http://eprints.uthm.edu.my/116/1/24p%20RABEI%20RAAD%20ALI.pdf http://eprints.uthm.edu.my/116/2/RABEI%20RAAD%20ALI%20COPYRIGHT%20DECLARATION.pdf http://eprints.uthm.edu.my/116/3/RABEI%20RAAD%20ALI%20WATERMARK.pdf http://eprints.uthm.edu.my/116/ |
| _version_ |
1738580696709988352 |
| score |
13.214268 |