{"id":451,"date":"2012-06-12T02:46:09","date_gmt":"2012-06-12T08:46:09","guid":{"rendered":"http:\/\/www.comm.utoronto.ca\/dkundur\/?page_id=451"},"modified":"2012-08-22T02:28:20","modified_gmt":"2012-08-22T08:28:20","slug":"digital-forensics","status":"publish","type":"page","link":"https:\/\/www.comm.utoronto.ca\/dkundur\/research\/digital-forensics\/","title":{"rendered":"Digital Forensics"},"content":{"rendered":"<table class=\"alignright\" width=\"250\" border=\"0\" cellspacing=\"0\" cellpadding=\"5\">\n<tbody>\n<tr>\n<td>\n<h4>Other Research Areas<\/h4>\n<p><a style=\"display:none;\" id=\"ddetlink229455613\" href=\"javascript:expand(document.getElementById('ddet229455613'))\">Expand List<\/a>\n<div class=\"ddet_div\" id=\"ddet229455613\"><script language=\"JavaScript\" type=\"text\/javascript\">expand(document.getElementById('ddet229455613'));expand(document.getElementById('ddetlink229455613'))<\/script><\/p>\n<ul>\n<li><a href=\"\/dkundur\/smart-grid\">Smart Grid<\/a><\/li>\n<li><a href=\"\/dkundur\/cyber-physical-systems\/\">Cyber-Physical Systems<\/a><\/li>\n<li><a href=\"\/dkundur\/multimedia-and-sensor-networks\/\">Multimedia &amp; Sensor Networks<\/a><\/li>\n<li><a href=\"\/dkundur\/dynamical-systems\/\">Dynamical Systems<\/a><\/li>\n<li><a href=\"\/dkundur\/digital-forensics\/\">Digital Forensics<\/a><\/li>\n<li><a href=\"\/dkundur\/physical-layer-security\/\">Physical Layer Security<\/a><\/li>\n<li><a href=\"\/dkundur\/multimedia-security-and-drm\/\">Multimedia Security<\/a><\/li>\n<li><a href=\"\/dkundur\/blind-image-restoration\/\">Blind Image Restoration<\/a><\/li>\n<li><a href=\"\/dkundur\/image-fusion\/\">Image Fusion<\/a><\/li>\n<\/ul>\n<p><\/div><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h1>Digital Forensics<\/h1>\n<p style=\"text-align: left;\"><img decoding=\"async\" class=\"lazyload attachment-80x60 alignleft\" title=\"Digital Forensics\" src=\"data:image\/svg+xml,%3Csvg%20xmlns%3D%27http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%27%20width%3D%27200%27%20height%3D%27200%27%20viewBox%3D%270%200%20200%20200%27%3E%3Crect%20width%3D%27200%27%20height%3D%27200%27%20fill-opacity%3D%220%22%2F%3E%3C%2Fsvg%3E\" data-orig-src=\"\/dkundur\/wp-content\/uploads\/DigitalForensics.png\" alt=\"Digital Forensics\" width=\"200\" height=\"200\" \/> Digital forensics involves the scientific study of digital media to identify, assess, recover, analyze and\/or establish facts and opinions about the information. The field of information forensics falls within electrical and computer engineering and computer and information science research domains. The field, in part, emerged from the traditional steganography and covert communications research communities.<\/p>\n<h5 style=\"text-align: left;\">Steganography<\/h5>\n<p style=\"text-align: left;\">Steganography is the process of hiding a secret message inside another message that masks the secret message. Steganography is often described in the context of the &#8220;Prisoner&#8217;s Problem.&#8221; Here, Alice and Bob are in prison. They can communicate to one another through the prison warden. They would like to communicate an escape plan. However, if the warden finds out they will be placed in solitary confinement. Therefore they intend to mask their secret escape plan in innocent-looking messages. They could do this by writing letters to one another whereby the real message is embedded in select locations. For example, the first, second or even last letter of each word contains the secret message. Given the proliferation of <a href=\"\/dkundur\/multimedia-and-sensor-networks\/\">multimedia<\/a>, more recently steganography has been applied to digital images and video. Video information provides an unprecedented bandwidth in which to hide content. Moreover, the hidden information in the digital media will undergo the same transformations as the media itself providing a platform in which to derive forensics evidence of data processing for tamper-assessment and authentication.<\/p>\n<p style=\"text-align: left;\">Steganography has been used historically. Consider the following real-life World War I Press Cables (from Washington DC to Germany). Can you find any hidden information in either one?<\/p>\n<table class=\"aligncenter\" width=\"800\" border=\"0\" cellspacing=\"10\" cellpadding=\"10\">\n<tbody>\n<tr>\n<td align=\"center\" valign=\"top\">PRESIDENT&#8217;S EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY.<\/td>\n<td align=\"center\" valign=\"top\">APPARENTLY NEUTRAL&#8217;S PROTEST IS THOROUGHLY DISCOUNTED AND IGNORED. ISMAN HARD HIT. BLOCKADE ISSUE AFFECTS PRETEXT FOR EMBARGO ON BYPRODUCTS, EJECTING SUETS AND VEGETABLE OILS.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\" valign=\"top\"><a style=\"display:none;\" id=\"ddetlink348538539\" href=\"javascript:expand(document.getElementById('ddet348538539'))\">(Click here to see hidden information.)<\/a>\n<div class=\"ddet_div\" id=\"ddet348538539\"><script language=\"JavaScript\" type=\"text\/javascript\">expand(document.getElementById('ddet348538539'));expand(document.getElementById('ddetlink348538539'))<\/script>Take the <span style=\"color: #ff0000;\">first<\/span> letter of each word: &#8220;<span style=\"color: #0000ff;\">Pershing Sales from NY June 1<\/span>.&#8221;<\/div><\/td>\n<td align=\"center\" valign=\"top\"><a style=\"display:none;\" id=\"ddetlink450811266\" href=\"javascript:expand(document.getElementById('ddet450811266'))\">(Click here to see hidden information.)<\/a>\n<div class=\"ddet_div\" id=\"ddet450811266\"><script language=\"JavaScript\" type=\"text\/javascript\">expand(document.getElementById('ddet450811266'));expand(document.getElementById('ddetlink450811266'))<\/script>Take the <span style=\"color: #ff0000;\">second<\/span> letter of each word: &#8220;<span style=\"color: #0000ff;\">Pershing Sales from NY June 1<\/span>.&#8221;<\/div><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h5 style=\"text-align: left;\">Steganalysis<\/h5>\n<p style=\"text-align: left;\">The purpose of steganalysis is to detect the presence of steganography within innocuous-looking media such as digital images or video. Steganalysis is an art of covert signal detection in which the signal in question has been embedded within another, often more prominent, signal using steganography. In the classical Prisoner&#8217;s Problem, the warden would take the role of a steganalyst. A steganalyst may be passive (in which only the presence or characteristics of a hidden message is to be detected) or active (in which, the warden can not only look to detect steganography, but make modifications to the innocent-looking message &#8212; e.g., replace words with synonyms &#8212; to reduce the likelihood of successful steganography).<\/p>\n<p style=\"text-align: left;\">Passive stegananalysis within digital images and video often makes use of statistical information and pattern recognition approaches to identify hidden information. Active steganalysis makes use of signal processing approaches that modify the content imperceptibly and may make use of mathematical models of human psychology.<\/p>\n<h5 style=\"text-align: left;\">Covert Communications<\/h5>\n<p style=\"text-align: left;\">Covert communications is communications through an unintended and\/or unauthorized communications path. Typically, use of the covert communication channel violates one or more security policies. There are several classes of covert communications: computer-oriented, such that vulnerabilities in software and operating systems are leveraged, network-enabled, which exploits format the structure of protocols and algorithms for networked communications, and media-based in which information is hidden by taking advantage of the limited range of human perception.<\/p>\n<p style=\"text-align: left;\">Typical characteristics of covert communications include that the associated communication links are not designed for data exchange, the process employs\u00a0entities not intended to be data-carrying objects for information transfer, and they are facilitated via\u00a0system resources shared by source and destination parties. There are typically two classical types of covert channels: timing channels and storage channels. In covert timing channels, the\u00a0 start-time or duration of a process is used to communicate information to recipient parties who can observe such resources. In covert storage channels,\u00a0 modulation of storage resources such as disk space and media files to embed information later retrieved by recipient parties.<\/p>\n<h5 style=\"text-align: left;\">Research<\/h5>\n<p style=\"text-align: left;\">Our research in digital forensics spans may areas including digital video steganalysis, tamper-assessment and authentication, \u00a0covert communications and image steganography\/data hiding.<\/p>\n<h5>Related Publications<\/h5>\n<div class=\"teachpress_pub_list\"><form name=\"tppublistform\" method=\"get\"><a name=\"tppubs\" id=\"tppubs\"><\/a><\/form><div class=\"teachpress_message_error\"><p>Sorry, no publications matched your criteria.<\/p><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Other Research Areas Expand List Smart Grid Cyber-Physical Systems Multimedia &#8230;<\/p>\n","protected":false},"author":1,"featured_media":995,"parent":9,"menu_order":5,"comment_status":"open","ping_status":"open","template":"","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"class_list":["post-451","page","type-page","status-publish","has-post-thumbnail","hentry"],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/PfR3Ra-7h","_links":{"self":[{"href":"https:\/\/www.comm.utoronto.ca\/dkundur\/wp-json\/wp\/v2\/pages\/451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.comm.utoronto.ca\/dkundur\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.comm.utoronto.ca\/dkundur\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.comm.utoronto.ca\/dkundur\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.comm.utoronto.ca\/dkundur\/wp-json\/wp\/v2\/comments?post=451"}],"version-history":[{"count":67,"href":"https:\/\/www.comm.utoronto.ca\/dkundur\/wp-json\/wp\/v2\/pages\/451\/revisions"}],"predecessor-version":[{"id":1738,"href":"https:\/\/www.comm.utoronto.ca\/dkundur\/wp-json\/wp\/v2\/pages\/451\/revisions\/1738"}],"up":[{"embeddable":true,"href":"https:\/\/www.comm.utoronto.ca\/dkundur\/wp-json\/wp\/v2\/pages\/9"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.comm.utoronto.ca\/dkundur\/wp-json\/wp\/v2\/media\/995"}],"wp:attachment":[{"href":"https:\/\/www.comm.utoronto.ca\/dkundur\/wp-json\/wp\/v2\/media?parent=451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}