Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Null picture forensics using ghiro appliance

364 views

Published on

One of the most important aspects of criminal justice is forensics science, or the practice of scientifically examining the physical evidence collected from the scene of a crime or a person of interest in a crime. Increase in the use of technology, it is now possible to forge once-upon-a-time concrete evidences like photographs. This talk will introduce you to concepts of picture forensics.

Published in: Technology
  • Be the first to comment

Null picture forensics using ghiro appliance

  1. 1. Picture Forensics With  Ghiro Appliance Sumit Shrivastava @NullMumbai
  2. 2. Myself ▪ Sumit Shrivastava – Security Analyst @ Network Intelligence India  Pvt. Ltd. ▪ 2+ years of work experience in the field of Digital Forensics and  Assessment ▪ Certifications – Computer Hacking and Forensics Investigator v8, EC‐Council – Certified Professional Forensics Analyst, IIS Mumbai – Certified Professional Hacker NxG, IIS Mumbai – Certified Information Security Consultant, IIS Mumbai – Certified Information Security Expert – Level 1, Innobuzz Knowledge Solutions
  3. 3. Today’s Special ▪ Introduction to Digital Forensics ▪ Digital Forensics Terminology ▪ Steganography ▪ Picture Forensics ▪ Ghiro Appliance for Picture Forensics
  4. 4. Introduction to Digital Forensics ▪ What is digital forensics? – Digital Forensics is branch of Forensics science which deals with the examination  of digital evidence, in a manner that the evidence is acceptable in court of law. ▪ Why digital forensics is requires? – Rise in Cyber crimes – Trace back the criminals – Preventive measures against the incidents
  5. 5. Terminologies ▪ Digital Evidence – Digital Evidence is the digital data stored on the digital medium in any form which can be used in the court of law during trial ▪ Suspect – A person or a group of people thought of committing the crime ▪ Accused – A person or a group of people who are charged with or on a trial for committing a crime ▪ Digital Fingerprint – MD5 / SHA1 hashes of the hard disk.
  6. 6. ▪ Chain of Custody – A chronological document or paper trail, highlighting the seizure, custody, control, and transfer of evidence ▪ Security Incident – A warning that expresses the threat to information, computer security, or policies relating to computer security. This warning could also be pointing up that the threat is already occurred.
  7. 7. Steganography ▪ The practice of concealing messages or information within other non‐secret text or data. ▪ Origin – Steganos (Greek – covered) – + graphy (English) – = Steganographia (Modern Latin) ‐> Steganography (late 16th Century) ▪ The first recorded of this term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography, disguised as the ‘book of magic’.
  8. 8. Steganography Demo Windows does that for me! 
  9. 9. Ghiro Appliance ▪ Ghiro is a digital picture forensics tool ▪ Fully Automated ▪ Open Source ▪ Developed by ‐ Alessandro Tanasi & Marco Buoncristiano ▪ Current Version – 0.2.1 ▪ Available as – Package – Virtual Appliance
  10. 10. Ghiro – Main Features ▪ Metadata Extraction – Metadata are divided in several categories depending on standard they come from. For Example: EXIF, IPTC, XMP. ▪ GPS Location – Some images contain the geotags in the metadata, which defines the geo location where the image was shot ▪ MIME Format – It defines the type of image that is under examination. For Example: image/jpeg, image/png, image/bmp. ▪ Error Level Analysis – ELA identifies the areas that are at different compression levels. The entire picture should be roughly at same compression level. If a difference is detected, then it likely indicates a digital modification
  11. 11. ▪ Thumbnail Extraction – The thumbnails and data related to them are extracted and stored for review. ▪ Thumbnail Consistency – Sometimes, when the original image is edited, the thumbnail does not change. This detects the difference between the thumbnail and the image in question ▪ Signature Engine – Over 120 signature provide evidence about most critical data to highlight focal points and common exposures. ▪ Hash Matching – While looking for an image, where only hash is provided, this feature is of great help. It searches for all the image with that matches the provided hash.
  12. 12. Links and References ▪ Wikipedia ▪ ForensicsFocus ▪ Ghiro official website ‐ http://www.getghiro.org/ ▪ Ghiro Download Links: – https://github.com/ghirensics/ – http://www.getghiro.org/
  13. 13. Let’s put Ghiro into action
  14. 14. Thank You Follow me @invad3rsam

×