An Alternative Approach to Data Carving Portable Document Format (PDF) Files
Traditional data carving relies on the successful identification of headers and trailers, unique hexadecimal signatures which are exclusive to specific file types. This can present a challenge for digital forensics examiners when pitted against modern anti-forensics techniques. The interest of this...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Kennesaw State University
2024-06-01
|
| Series: | Journal of Cybersecurity Education, Research & Practice |
| Online Access: | https://digitalcommons.kennesaw.edu/jcerp/vol2024/iss1/21/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Traditional data carving relies on the successful identification of headers and trailers, unique hexadecimal signatures which are exclusive to specific file types. This can present a challenge for digital forensics examiners when pitted against modern anti-forensics techniques. The interest of this study is file signature obfuscation, a technique which alters headers and trailers. This research will focus on the development of a new, proof-of-concept algorithm that analyzes content in segments based on unique elements found within the body of a file. The file type being targeted is the Portable Document Format (PDF) and this research is built upon previously successful work by Booker (2021) in Data Carving Against Known File Obfuscation Techniques: A Proposed Data Carving Algorithm where the Joint Photographic Experts Group (JPEG) image file was investigated. The result of this study is the successful identification and recovery of 93.4% of PDF files which had undergone file signature obfuscation. |
|---|---|
| ISSN: | 2472-2707 |