Null picture forensics using ghiro appliance
-
Upload
invad3rsam -
Category
Technology
-
view
185 -
download
3
Transcript of Null picture forensics using ghiro appliance
Picture Forensics With Ghiro ApplianceSumit Shrivastava@NullMumbai
Myself
▪ Sumit Shrivastava – Security Analyst @ Network Intelligence India Pvt. Ltd.
▪ 2+ years of work experience in the field of Digital Forensics and Assessment
▪ Certifications– Computer Hacking and Forensics Investigator v8, EC‐Council– Certified Professional Forensics Analyst, IIS Mumbai– Certified Professional Hacker NxG, IIS Mumbai– Certified Information Security Consultant, IIS Mumbai– Certified Information Security Expert – Level 1, Innobuzz Knowledge Solutions
Today’s Special
▪ Introduction to Digital Forensics
▪ Digital Forensics Terminology
▪ Steganography
▪ Picture Forensics
▪ GhiroAppliance for Picture Forensics
Introduction to Digital Forensics
▪ What is digital forensics?– Digital Forensics is branch of Forensics science which deals with the examination
of digital evidence, in a manner that the evidence is acceptable in court of law.
▪ Why digital forensics is requires?– Rise in Cyber crimes– Trace back the criminals– Preventive measures against the incidents
Terminologies
▪ Digital Evidence – Digital Evidence is the digital data stored on thedigital medium in any form which can be used in the court of lawduring trial
▪ Suspect – A person or a group of people thought of committing thecrime
▪ Accused – A person or a group of people who are charged with or ona trial for committing a crime
▪ Digital Fingerprint – MD5 / SHA1 hashes of the hard disk.
▪ Chain of Custody – A chronological document or paper trail,highlighting the seizure, custody, control, and transfer of evidence
▪ Security Incident – A warning that expresses the threat toinformation, computer security, or policies relating to computersecurity. This warning could also be pointing up that the threat isalready occurred.
Steganography
▪ The practice of concealing messages or information within othernon‐secret text or data.
▪ Origin– Steganos (Greek – covered)– + graphy (English)– = Steganographia (Modern Latin) ‐> Steganography (late 16th Century)
▪ The first recorded of this term was in 1499 by Johannes Trithemius inhis Steganographia, a treatise on cryptography and steganography,disguised as the ‘book of magic’.
Steganography Demo
Windows does that for me!
Ghiro Appliance
▪ Ghiro is a digital picture forensics tool
▪ Fully Automated
▪ Open Source
▪ Developed by ‐Alessandro Tanasi & Marco Buoncristiano
▪ Current Version – 0.2.1
▪ Available as– Package– Virtual Appliance
Ghiro – Main Features
▪ Metadata Extraction – Metadata are divided in several categoriesdepending on standard they come from. For Example: EXIF, IPTC,XMP.
▪ GPS Location – Some images contain the geotags in the metadata,which defines the geo location where the image was shot
▪ MIME Format – It defines the type of image that is underexamination. For Example: image/jpeg, image/png, image/bmp.
▪ Error Level Analysis – ELA identifies the areas that are at differentcompression levels. The entire picture should be roughly at samecompression level. If a difference is detected, then it likely indicates adigital modification
▪ Thumbnail Extraction – The thumbnails and data related to them areextracted and stored for review.
▪ Thumbnail Consistency – Sometimes, when the original image isedited, the thumbnail does not change. This detects the differencebetween the thumbnail and the image in question
▪ Signature Engine – Over 120 signature provide evidence about mostcritical data to highlight focal points and common exposures.
▪ Hash Matching – While looking for an image, where only hash isprovided, this feature is of great help. It searches for all the imagewith that matches the provided hash.
Links and References
▪ Wikipedia
▪ ForensicsFocus
▪ Ghiro official website ‐ http://www.getghiro.org/
▪ Ghiro Download Links:– https://github.com/ghirensics/– http://www.getghiro.org/
Let’s put Ghiro into action
Thank You
Follow me @invad3rsam