Recommandé
Contenu connexe
Similaire à Null picture forensics using ghiro appliance
Similaire à Null picture forensics using ghiro appliance (20)
Dernier
Dernier (20)
Null picture forensics using ghiro appliance
- 2. Myself ▪ Sumit Shrivastava – Security Analyst @ Network Intelligence India Pvt. Ltd. ▪ 2+ years of work experience in the field of Digital Forensics and Assessment ▪ Certifications – Computer Hacking and Forensics Investigator v8, EC‐Council – Certified Professional Forensics Analyst, IIS Mumbai – Certified Professional Hacker NxG, IIS Mumbai – Certified Information Security Consultant, IIS Mumbai – Certified Information Security Expert – Level 1, Innobuzz Knowledge Solutions
- 3. Today’s Special ▪ Introduction to Digital Forensics ▪ Digital Forensics Terminology ▪ Steganography ▪ Picture Forensics ▪ Ghiro Appliance for Picture Forensics
- 4. Introduction to Digital Forensics ▪ What is digital forensics? – Digital Forensics is branch of Forensics science which deals with the examination of digital evidence, in a manner that the evidence is acceptable in court of law. ▪ Why digital forensics is requires? – Rise in Cyber crimes – Trace back the criminals – Preventive measures against the incidents
- 5. Terminologies ▪ Digital Evidence – Digital Evidence is the digital data stored on the digital medium in any form which can be used in the court of law during trial ▪ Suspect – A person or a group of people thought of committing the crime ▪ Accused – A person or a group of people who are charged with or on a trial for committing a crime ▪ Digital Fingerprint – MD5 / SHA1 hashes of the hard disk.
- 6. ▪ Chain of Custody – A chronological document or paper trail, highlighting the seizure, custody, control, and transfer of evidence ▪ Security Incident – A warning that expresses the threat to information, computer security, or policies relating to computer security. This warning could also be pointing up that the threat is already occurred.
- 7. Steganography ▪ The practice of concealing messages or information within other non‐secret text or data. ▪ Origin – Steganos (Greek – covered) – + graphy (English) – = Steganographia (Modern Latin) ‐> Steganography (late 16th Century) ▪ The first recorded of this term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography, disguised as the ‘book of magic’.
- 9. Ghiro Appliance ▪ Ghiro is a digital picture forensics tool ▪ Fully Automated ▪ Open Source ▪ Developed by ‐ Alessandro Tanasi & Marco Buoncristiano ▪ Current Version – 0.2.1 ▪ Available as – Package – Virtual Appliance
- 10. Ghiro – Main Features ▪ Metadata Extraction – Metadata are divided in several categories depending on standard they come from. For Example: EXIF, IPTC, XMP. ▪ GPS Location – Some images contain the geotags in the metadata, which defines the geo location where the image was shot ▪ MIME Format – It defines the type of image that is under examination. For Example: image/jpeg, image/png, image/bmp. ▪ Error Level Analysis – ELA identifies the areas that are at different compression levels. The entire picture should be roughly at same compression level. If a difference is detected, then it likely indicates a digital modification
- 11. ▪ Thumbnail Extraction – The thumbnails and data related to them are extracted and stored for review. ▪ Thumbnail Consistency – Sometimes, when the original image is edited, the thumbnail does not change. This detects the difference between the thumbnail and the image in question ▪ Signature Engine – Over 120 signature provide evidence about most critical data to highlight focal points and common exposures. ▪ Hash Matching – While looking for an image, where only hash is provided, this feature is of great help. It searches for all the image with that matches the provided hash.
- 12. Links and References ▪ Wikipedia ▪ ForensicsFocus ▪ Ghiro official website ‐ http://www.getghiro.org/ ▪ Ghiro Download Links: – https://github.com/ghirensics/ – http://www.getghiro.org/