An Alternative Approach to Data Carving Portable Document Format (PDF) Files
Traditional data carving relies on the successful identification of headers and trailers, unique hexadecimal signatures which are exclusive to specific file types. This can present a challenge for digital forensics examiners when pitted against modern anti-forensics techniques. The interest of this...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Kennesaw State University
2024-06-01
|
| Series: | Journal of Cybersecurity Education, Research & Practice |
| Online Access: | https://digitalcommons.kennesaw.edu/jcerp/vol2024/iss1/21/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850100724749303808 |
|---|---|
| author | Kevin Hughes Michael Black |
| author_facet | Kevin Hughes Michael Black |
| author_sort | Kevin Hughes |
| collection | DOAJ |
| description | Traditional data carving relies on the successful identification of headers and trailers, unique hexadecimal signatures which are exclusive to specific file types. This can present a challenge for digital forensics examiners when pitted against modern anti-forensics techniques. The interest of this study is file signature obfuscation, a technique which alters headers and trailers. This research will focus on the development of a new, proof-of-concept algorithm that analyzes content in segments based on unique elements found within the body of a file. The file type being targeted is the Portable Document Format (PDF) and this research is built upon previously successful work by Booker (2021) in Data Carving Against Known File Obfuscation Techniques: A Proposed Data Carving Algorithm where the Joint Photographic Experts Group (JPEG) image file was investigated. The result of this study is the successful identification and recovery of 93.4% of PDF files which had undergone file signature obfuscation. |
| format | Article |
| id | doaj-art-b5bdc949d8034e7899f9b63b5d65a099 |
| institution | DOAJ |
| issn | 2472-2707 |
| language | English |
| publishDate | 2024-06-01 |
| publisher | Kennesaw State University |
| record_format | Article |
| series | Journal of Cybersecurity Education, Research & Practice |
| spelling | doaj-art-b5bdc949d8034e7899f9b63b5d65a0992025-08-20T02:40:14ZengKennesaw State UniversityJournal of Cybersecurity Education, Research & Practice2472-27072024-06-0120241An Alternative Approach to Data Carving Portable Document Format (PDF) FilesKevin Hughes0Michael Black1University of South AlabamaUniversity of South AlabamaTraditional data carving relies on the successful identification of headers and trailers, unique hexadecimal signatures which are exclusive to specific file types. This can present a challenge for digital forensics examiners when pitted against modern anti-forensics techniques. The interest of this study is file signature obfuscation, a technique which alters headers and trailers. This research will focus on the development of a new, proof-of-concept algorithm that analyzes content in segments based on unique elements found within the body of a file. The file type being targeted is the Portable Document Format (PDF) and this research is built upon previously successful work by Booker (2021) in Data Carving Against Known File Obfuscation Techniques: A Proposed Data Carving Algorithm where the Joint Photographic Experts Group (JPEG) image file was investigated. The result of this study is the successful identification and recovery of 93.4% of PDF files which had undergone file signature obfuscation.https://digitalcommons.kennesaw.edu/jcerp/vol2024/iss1/21/ |
| spellingShingle | Kevin Hughes Michael Black An Alternative Approach to Data Carving Portable Document Format (PDF) Files Journal of Cybersecurity Education, Research & Practice |
| title | An Alternative Approach to Data Carving Portable Document Format (PDF) Files |
| title_full | An Alternative Approach to Data Carving Portable Document Format (PDF) Files |
| title_fullStr | An Alternative Approach to Data Carving Portable Document Format (PDF) Files |
| title_full_unstemmed | An Alternative Approach to Data Carving Portable Document Format (PDF) Files |
| title_short | An Alternative Approach to Data Carving Portable Document Format (PDF) Files |
| title_sort | alternative approach to data carving portable document format pdf files |
| url | https://digitalcommons.kennesaw.edu/jcerp/vol2024/iss1/21/ |
| work_keys_str_mv | AT kevinhughes analternativeapproachtodatacarvingportabledocumentformatpdffiles AT michaelblack analternativeapproachtodatacarvingportabledocumentformatpdffiles AT kevinhughes alternativeapproachtodatacarvingportabledocumentformatpdffiles AT michaelblack alternativeapproachtodatacarvingportabledocumentformatpdffiles |