Multimedia Forensics Is Not Computer Forensics

  • Rainer Böhme
  • Felix C. Freiling
  • Thomas Gloe
  • Matthias Kirchner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5718)

Abstract

The recent popularity of research on topics of multimedia forensics justifies reflections on the definition of the field. This paper devises an ontology that structures forensic disciplines by their primary domain of evidence. In this sense, both multimedia forensics and computer forensics belong to the class of digital forensics, but they differ notably in the underlying observer model that defines the forensic investigator’s view on (parts of) reality, which itself is not fully cognizable. Important consequences on the reliability of probative facts emerge with regard to available counter-forensic techniques: while perfect concealment of traces is possible for computer forensics, this level of certainty cannot be expected for manipulations of sensor data. We cite concrete examples and refer to established techniques to support our arguments.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Kruse, W., Heiser, J.: Computer Forensics: Incident Response Essentials. Addison Wesley, Reading (2001)Google Scholar
  2. 2.
    Carrier, B., Spafford, E.H.: Getting physical with the digital investigation process. International Journal of Digital Evidence 2(2) (2003)Google Scholar
  3. 3.
    Inman, K., Rudin, N.: The origin of evidence. Forensic Science International 126, 11–16 (2002)CrossRefGoogle Scholar
  4. 4.
    Locard, E.: L’Enquête criminelle et les Methodes scientifiques, Flammarion, Paris (1920)Google Scholar
  5. 5.
    Saferstein, R.: Criminalistics: An Introduction to Forensic Science, 7th edn. Prentice Hall, Englewood Cliffs (2000)Google Scholar
  6. 6.
    Inman, K., Rudin, N.: Principles and Practices of Criminalistics. CRC Press, Boca Raton (2000)CrossRefGoogle Scholar
  7. 7.
    Kirk, P.L.: Crime Investigation. John Wiley & Sons Inc, Chichester (1974)Google Scholar
  8. 8.
    Casey, E.: Digital evidence and computer crime, 2nd edn. Academic Press, London (2004)Google Scholar
  9. 9.
    The Common Digital Evidence Storage Format Working Group: Standardizing digital evidence storage. Communications of the ACM 49(2), 67–68 (2006)Google Scholar
  10. 10.
    Kuhn, M.G.: Compromising emanations: eavesdropping risks of computer displays. PhD thesis, University of Cambridge Computer Laboratory (2003)Google Scholar
  11. 11.
    Zander, S., Murdoch, S.J.: An improved clock-skew measurement technique for revealing hidden services. In: SSYM 2008: Proceedings of the 17th USENIX Security Symposium. USENIX Association, Berkeley (2008)Google Scholar
  12. 12.
    Wright, C., Kleiman, D., Sundhar, S.: Overwriting hard drive data: The great wiping controversy. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 243–257. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Schneier, B., Kelsey, J.: Cryptographic support for secure logs on untrusted machines. In: SSYM 1998: Proceedings of the 7th USENIX Security Symposium. USENIX Association, Berkeley (1998)Google Scholar
  14. 14.
    Kirchner, M., Böhme, R.: Hiding traces of resampling in digital images. IEEE Transactions on Information Forensics and Security 3(4), 582–592 (2008)CrossRefGoogle Scholar
  15. 15.
    Ng, T.T., Chang, S.F., Lin, C.Y., Sun, Q.: Passive-blind image forensics. In: Zeng, W., Yu, H., Lin, C.Y. (eds.) Multimedia Security Technologies for Digital Rights, pp. 383–412. Academic Press, London (2006)CrossRefGoogle Scholar
  16. 16.
    Khanna, N., Mikkilineni, A.K., Martone, A.F., Ali, G.N., Chiu, G.T.C., Allebach, J.P., Delp, E.J.: A survey of forensic characterization methods for physical devices. Digital Investigation 3(suppl. 1), 17–28 (2006)CrossRefGoogle Scholar
  17. 17.
    Khanna, N., Chiu, G.T.C., Allebach, J.P., Delp, E.J.: Forensic techniques for classifying scanner, computer generated and digital camera images. In: Proceedings of the 2008 IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP 2008), pp. 1653–1656 (2008)Google Scholar
  18. 18.
    McKay, C., Swaminathan, A., Gou, H., Wu, M.: Image acquisition forensics: Forensic analysis to identify imaging source. In: Proceedings of the 2008 IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP 2008), pp. 1657–1660 (2008)Google Scholar
  19. 19.
    Kharrazi, M., Sencar, H.T., Memon, N.: Blind source camera identification. In: Proceedings of the 2004 IEEE International Conference on Image Processing (ICIP 2004), 709–712 (2004)Google Scholar
  20. 20.
    Böhme, R., Westfeld, A.: Feature-based encoder classification of compressed audio streams. Multimedia Systems Journal 11(2), 108–120 (2005)CrossRefGoogle Scholar
  21. 21.
    Bayram, S., Sencar, H.T., Memon, N.: Classification of digital camera-models based on demosaicing artifacts. Digital Investigation 5, 46–59 (2008)CrossRefGoogle Scholar
  22. 22.
    Farid, H.: Digital image ballistics from JPEG quantization: A followup study. Technical Report TR2008-638, Department of Computer Science, Dartmouth College, Hanover, NH, USA (2008)Google Scholar
  23. 23.
    Gloe, T., Borowka, K., Winkler, A.: Feature-based camera model identification works in practice: Results of a comprehensive evaluation study. In: Accepted for Information Hiding 2009, Darmstadt, Germany, June 7–10. LNCS (to appear, 2009)Google Scholar
  24. 24.
    Geradts, Z.J., Bijhold, J., Kieft, M., Kurosawa, K., Kuroki, K., Saitoh, N.: Methods for identification of images acquired with digital cameras. In: Bramble, S.K., Carapezza, E.M., Rudin, L.I. (eds.) Proceedings of SPIE: Enabling Technologies for Law Enforcement and Security, vol. 4232, pp. 505–512 (2001)Google Scholar
  25. 25.
    Chen, M., Fridrich, J., Goljan, M., Lukáš, J.: Determining image origin and integrity using sensor noise. IEEE Transactions on Information Forensics and Security 3(1), 74–90 (2008)CrossRefGoogle Scholar
  26. 26.
    Dirik, A.E., Sencar, H.T., Memon, N.D.: Digital single lens reflex camera identification from traces of sensor dust. IEEE Transactions on Information Forensics and Security 3(3), 539–552 (2008)CrossRefGoogle Scholar
  27. 27.
    Gloe, T., Franz, E., Winkler, A.: Forensics for flatbed scanners. In: Delp, E.J., Wong, P.W. (eds.) Proceedings of SPIE: Security and Watermarking of Multimedia Content IX, vol. 6505, p. 65051I (2007)Google Scholar
  28. 28.
    Lukáš, J., Fridrich, J., Goljan, M.: Digital “bullet scratches” for images. In: Proceedings of the 2005 IEEE International Conference on Image Processing (ICIP 2005), vol. 3, pp. 65–68 (2005)Google Scholar
  29. 29.
    Popescu, A.C., Farid, H.: Exposing digital forgeries in color filter array interpolated images. IEEE Transactions on Signal Processing 53(10), 3948–3959 (2005)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Johnson, M.K., Farid, H.: Exposing digital forgeries through chromatic aberration. In: MM&Sec 2006, Proceedings of the Multimedia and Security Workshop 2006, September 26-27, pp. 48–55. ACM Press, New York (2006)Google Scholar
  31. 31.
    Mondaini, N., Caldelli, R., Piva, A., Barni, M., Cappellini, V.: Detection of malevolent changes in digital video for forensic applications. In: Delp, E.J., Wong, P.W. (eds.) Proceedings of SPIE: Security and Watermarking of Multimedia Content IX, vol. 6505, p. 65050T (2007)Google Scholar
  32. 32.
    Popescu, A.C., Farid, H.: Exposing digital forgeries by detecting duplicated image regions. Technical Report TR2004-515, Department of Computer Science, Dartmouth College, Hanover, NH, USA (2004)Google Scholar
  33. 33.
    Popescu, A.C., Farid, H.: Exposing digital forgeries by detecting traces of re-sampling. IEEE Transactions on Signal Processing 53(2), 758–767 (2005)CrossRefGoogle Scholar
  34. 34.
    Kirchner, M.: Fast and reliable resampling detection by spectral analysis of fixed linear predictor residue. In: MM&Sec 2008, Proceedings of the Multimedia and Security Workshop 2008, September 22-23, 2008, pp. 11–20. ACM Press, New York (2008)Google Scholar
  35. 35.
    Wang, W., Farid, H.: Exposing digital forgeries in video by detecting duplication. In: MM&Sec 2007, Proceedings of the Multimedia and Security Workshop 2007, Dallas, TX, USA, September 20-21, pp. 35–42 (2007)Google Scholar
  36. 36.
    Johnson, M.K., Farid, H.: Exposing digital forgeries in complex lighting environments. IEEE Transactions on Information Forensics and Security 2(3), 450–461 (2007)CrossRefGoogle Scholar
  37. 37.
    Böhme, R.: An epistemological approach to steganography. In: accepted for Information Hiding 2009, Darmstadt, Germany, June 7–10. LNCS (to appear, 2009)Google Scholar
  38. 38.
    Joyce, R., Gupta, G.: Identity authentication based on keystroke latencies. Communications of the ACM 33, 168–176 (1990)CrossRefGoogle Scholar
  39. 39.
    Kerckhoffs, A.: La cryptographie militaire. Journal des sciences militaires IX, 5–38, 161–191 (1883)Google Scholar
  40. 40.
    Harris, R.: Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem. Digital Investigation 3(suppl. 1), 44–49 (2006)CrossRefGoogle Scholar
  41. 41.
    Lukáš, J., Fridrich, J., Goljan, M.: Digital camera identification from sensor noise. IEEE Transactions on Information Forensics and Security 1(2), 205–214 (2006)CrossRefGoogle Scholar
  42. 42.
    Gloe, T., Kirchner, M., Winkler, A., Böhme, R.: Can we trust digital image forensics? In: MULTIMEDIA 2007: Proceedings of the 15th international conference on Multimedia, September 24–29, 2007, pp. 78–86. ACM Press, New York (2007)Google Scholar
  43. 43.
    Kirchner, M., Böhme, R.: Synthesis of color filter array pattern in digital images. In: Delp, E.J., Dittmann, J., Memon, N.D., Wong, P.W. (eds.) Proceedings of SPIE-IS&T Electronic Imaging: Media Forensics and Security XI, vol. 7254, p. 725421 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Rainer Böhme
    • 1
  • Felix C. Freiling
    • 2
  • Thomas Gloe
    • 1
  • Matthias Kirchner
    • 1
  1. 1.Institute of Systems ArchitectureTechnische Universität DresdenDresdenGermany
  2. 2.Laboratory for Dependable Distributed SystemsUniversity of MannheimMannheimGermany

Personalised recommendations