managing forensic images with compression algorithms
TRANSCRIPT
-
7/29/2019 Managing Forensic Images With Compression Algorithms
1/3
MANAGING FORENSIC IMAGES WITH COMPRESSION ALGORITHMS
Backgrounds:
To help in maximizing the resulting data capacity in present day computing
systems, several compression algorithms under the European ComputerManufacturers Association (ECMA) Standards were developed; ECMA being an
International Registration Authority instituted by ISO/IEC. Compression
algorithms applications are principally meant to achieve a significant decrease in
the number of bits that is needed for the representation of data in the usersmachines. A number of compression algorithms can be applied for audio, video, text
and differentimages in electronic files.
The relevance of compression algorithm in digital forensic operations is based on the
fact that image files are naturally large; under normal circumstances, access to the file
will become very slow requiring a lot of computer resources and this can negatively
impact the computer and its crucial processes.
Compression algorithms types:
Compression algorithms are basically classified into two main types, namely:
1. Loosy this selectively omit some file information to achieve better compressionratio. While algorithms in this category are not suitable for data or text files, they
function better for images and audio files.
2. Lossless is a compression algorithm that allows the entire content of a file toremain unchanged (it does not discard any information) along the compression
and decompression processes.
Some compression algorithms fact table:
In the table below is a shortlist of compression algorithms thatcan be used for both text and
images:
CompressionAlgorithm
Compressiontype
Image typesuitability
URL
RLE Lossless RLE http://www.prepressure.com/library/compression_algori
thms/rle
CCITT Group 4 Lossless Bitonal images http://www.fileformat.info/mirror/egff/ch09_05.htm
JBIG2 Bitonal images http://help.arcgis.com/en/arcgisdesktop/10.0/help/index
.html#//001w00000020000000.htm
CCITT Group 3 Lossless Bitonal images http://www.fileformat.info/mirror/egff/ch09_05.htm
Huffman Lossless Huffman http://www.prepressure.com/library/compression_algori
thms/huffman
LZW Lossless Bitonal, Gray scale, Palette,
RGB, and YCbCr images
http://www.prepressure.com/library/compression_algori
thms/lzw
Packbits Lossless Gray Scale, Palette,
Bitonal images
http://help.arcgis.com/en/arcgisdesktop/10.0/help/index
.html#//001w00000020000000.htm Flate/deflate Lossless Flate/deflate http://www.prepressure.com/library/compression_algori
thms/flatedeflate
http://www.prepressure.com/library/compression_algorithms/rlehttp://www.prepressure.com/library/compression_algorithms/rlehttp://www.prepressure.com/library/compression_algorithms/rlehttp://www.fileformat.info/mirror/egff/ch09_05.htmhttp://www.fileformat.info/mirror/egff/ch09_05.htmhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://www.fileformat.info/mirror/egff/ch09_05.htmhttp://www.fileformat.info/mirror/egff/ch09_05.htmhttp://www.prepressure.com/library/compression_algorithms/huffmanhttp://www.prepressure.com/library/compression_algorithms/huffmanhttp://www.prepressure.com/library/compression_algorithms/huffmanhttp://www.prepressure.com/library/compression_algorithms/lzwhttp://www.prepressure.com/library/compression_algorithms/lzwhttp://www.prepressure.com/library/compression_algorithms/lzwhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://www.prepressure.com/library/compression_algorithms/flatedeflatehttp://www.prepressure.com/library/compression_algorithms/flatedeflatehttp://www.prepressure.com/library/compression_algorithms/flatedeflatehttp://www.prepressure.com/library/compression_algorithms/flatedeflatehttp://www.prepressure.com/library/compression_algorithms/flatedeflatehttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://www.prepressure.com/library/compression_algorithms/lzwhttp://www.prepressure.com/library/compression_algorithms/lzwhttp://www.prepressure.com/library/compression_algorithms/huffmanhttp://www.prepressure.com/library/compression_algorithms/huffmanhttp://www.fileformat.info/mirror/egff/ch09_05.htmhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://www.fileformat.info/mirror/egff/ch09_05.htmhttp://www.prepressure.com/library/compression_algorithms/rlehttp://www.prepressure.com/library/compression_algorithms/rle -
7/29/2019 Managing Forensic Images With Compression Algorithms
2/3
JPEG2000 Loosy Color images http://www.prepressure.com/library/compression_algori
thms/jpeg2000
JPEG Loosy Gray Scale, RGB, and
YCbCr images
http://www.prepressure.com/library/compression_algori
thms/jpeg
However, some files like the TIFF file format are somewhat flexible in the compression algorithm
they accept, they either take lossy or lossless format, depending on the desired output qualityand acceptable loss tolerance.
How compression algorithms work:
A particular compression algorithm is not universally applied for all types of
data; Images, video and audio files have different types of Compression
algorithms that work for each file type. Also, it is presently difficult to pin-down a
particular compression algorithm that can be said to be best for all classes of files
but for a particular file and content type.
Selecting a Compression algorithm for a particular image requires knowledge of
file to be compressed, file content and the level of tolerance for losses on the
image. An example is like in the use of JPEG compression where it is obviously
unacceptable to lose any embedded details in the images; this is often the case
with original forensic evidential image management and therefore underlines
the purpose of this discussion.
Use of Compression algorithms in managing forensic images:
SMANZFL is the Australasian Guidelines for Digital Imaging Processes (v2)
produced in 2004 by the Electronic Evidence Specialist Advisory Group. This
primarily describes recommended compression applications for forensic
organisations. Though, the newest version Guidelines for Quality Control Testing
for Digital (CR DR) Mammography (v3) got approval on the 3 August 2012.
Imperatively, evidence needed for forensic use requires the implementation of
stricter measures for ensuring the preservation of the evidence integrity seeing
that they are very important to deciding the case. This necessitates the use of a
file format that is capable of retaining the entire information as captured by the
computer systems, mobile phones, cameras and other electronic devices.
However, it should be noted that admissibility of evidence in court is not
determined by the file format choice but by its quality and the evidential
materials handling. In digital forensics, the Primary Images exact binary copy is
considered as the original Image while a copy of the said original is usually
termed a working copy. Producing a working copy involves certain process
which may impact the data format; such processes will often involve image
enhancement, compression, cropping, filtering, etc.
http://www.prepressure.com/library/compression_algorithms/jpeg2000http://www.prepressure.com/library/compression_algorithms/jpeg2000http://www.prepressure.com/library/compression_algorithms/jpeg2000http://www.prepressure.com/library/compression_algorithms/jpeghttp://www.prepressure.com/library/compression_algorithms/jpeghttp://www.prepressure.com/library/compression_algorithms/jpeghttp://www.prepressure.com/library/compression_algorithms/jpeghttp://www.prepressure.com/library/compression_algorithms/jpeghttp://www.prepressure.com/library/compression_algorithms/jpeg2000http://www.prepressure.com/library/compression_algorithms/jpeg2000 -
7/29/2019 Managing Forensic Images With Compression Algorithms
3/3
It is always helpful to keep in view that the vital role of compression is to encode
the file's data in a more compact way to make it potable and easily manageable:
this is driven by the fact that forensic image files are often very large of which
compression is the only way to make the image compact, gain space and enhance
portability. Conversely, the trade-off is the extra time it takes to load the fileduring decompression, the available memory and working space on the
computer; more so, the image quality may be affected by certain compression
techniques. Lossless compression is recommended for original copy of
forensic images to ensure that information of the smallest size is not
permanently lost in the process. A loselessly compressed image will always
appear exactly as the original whenever it is decompressed. The
recommendations allow also Lossy compression for a kind of forensic working
images in the ones used in image delivery.
References:
ArcGIS Resource Center (2010), Compression (Environment setting); available at:
http://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000
000.htm(accessed 22nd Dec 2010).
CCITT (Huffman) Encoding; available at:
http://www.fileformat.info/mirror/egff/ch09_05.htm(accessed 22nd Dec 2010).
Computer- forensics.sans.org (2010), SANS Computer Forensics and e-Discovery site;
available at:http://computer-forensics.sans.org/community/papers/review-foundstone-vision-forensic-tool_89(accessed 22nd Dec 2010).
ECMA (1995), Standard ECMA-222: Adaptive Lossless Data Compression Algorithm;
available at:http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-
222.pdf (accessed 22nd Dec 2010).
Prepressure.com (n.d.), Compression algorithms; available at:
http://www.prepressure.com/library/compression_algorithms(accessed 22nd Dec
2010).
http://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://www.fileformat.info/mirror/egff/ch09_05.htmhttp://www.fileformat.info/mirror/egff/ch09_05.htmhttp://computer-forensics.sans.org/community/papers/review-foundstone-vision-forensic-tool_89http://computer-forensics.sans.org/community/papers/review-foundstone-vision-forensic-tool_89http://computer-forensics.sans.org/community/papers/review-foundstone-vision-forensic-tool_89http://computer-forensics.sans.org/community/papers/review-foundstone-vision-forensic-tool_89http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-222.pdfhttp://www.ecma-international.org/publications/files/ECMA-ST/Ecma-222.pdfhttp://www.ecma-international.org/publications/files/ECMA-ST/Ecma-222.pdfhttp://www.ecma-international.org/publications/files/ECMA-ST/Ecma-222.pdfhttp://www.prepressure.com/library/compression_algorithmshttp://www.prepressure.com/library/compression_algorithmshttp://www.prepressure.com/library/compression_algorithmshttp://www.ecma-international.org/publications/files/ECMA-ST/Ecma-222.pdfhttp://www.ecma-international.org/publications/files/ECMA-ST/Ecma-222.pdfhttp://computer-forensics.sans.org/community/papers/review-foundstone-vision-forensic-tool_89http://computer-forensics.sans.org/community/papers/review-foundstone-vision-forensic-tool_89http://www.fileformat.info/mirror/egff/ch09_05.htmhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htmhttp://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000000.htm