Skip to main content
Springer Nature Link
Log in

Cluster Size Determination Using JPEG Files

  • Conference paper
Computational Science and Its Applications – ICCSA 2012 (ICCSA 2012)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7336))

Included in the following conference series:

  • 2650 Accesses

Abstract

File can be recovered by simply using traditional recovery means. However, a technique is required to distinguish one file to another when dealing with hard disk with corrupted filesystem metadata. As in a computer file system, a cluster is the smallest allocation of disk space to hold a file, information about the cluster size can help in determining the start of file which can be used to distinguish one file to another. This paper introduces a method for acquiring the cluster size by using data sets from DFRWS 2006 and DFRWS 2007. A tool called PredClus is developed to automatically display the predicted cluster size according to probabilistic percentage. By using PredClus, the cluster size used in both DFRWS 2006 and DFRWS 2007 can be determined. Thus, JPEG images that are not located at the starting address of any cluster are most probably thumbnails or embedded files.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Ng, S.W.: Advances in Disk Technology: Performance Issues. Computer 31, 75–81 (1998)

    Article  Google Scholar 

  2. File Allocation Table, http://en.wikipedia.org/wiki/File_Allocation_Table#Boot_Sector

  3. Jemigan, R.P., Quinn, S.D.: Two-Pass Defragmentation of Compressed Hard Disk Data with a Single Data Rewrite. U.S Patent 5574907

    Google Scholar 

  4. Mkfs.xfs(8)-Linux Man Page, http://linux.die.net/man/8/mkfs.xfs

  5. Data Cluster, http://en.wikipedia.org/wiki/Data_cluster

  6. The Default Cluster Size for the NTFS and FAT File Systems, http://support.microsoft.com/kb/314878

  7. Default Cluster Size for NTFS, FAT, and ExFAT, http://support.microsoft.com/kb/140365

  8. Linux System Administrator Guide: Chapter 5: Using Disks and Other Storage Media, http://tldp.org/LDP/sag/html/filesystems.html

  9. Vista/XP Install on Large Cluster Sizes, http://www.winvistatips.com/vista-xp-install-large-cluster-sizes-t801412.html

  10. Digital Forensics Research Workshop (DFRWS), http://www.dfrws.org/2006/challenge/submission.shtml

  11. Digital Forensics Research Workshop (DFRWS), http://www.dfrws.org/2007/challenge/submission.shtml

  12. Mohamad, K.M., Mat Deris, M.: Single-byte-marker for Detecting JPEG JFIF Header using FIRIMAGE-JPEG. In: Proc. of the 2009 Fifth International Joint Conference on INC, IMS and IDC, 2009, pp. 1693–1698 (2009)

    Google Scholar 

  13. Mohamad, K.M., Herawan, T., Deris, M.M.: Dual-Byte-Marker Algorithm for Detecting JFIF Header. In: Bandyopadhyay, S.K., Adi, W., Kim, T.-h., Xiao, Y. (eds.) ISA 2010. CCIS, vol. 76, pp. 17–26. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Mohamad, K.M., Mat Deris, M.: Fragmentation Point Detection of JPEG Images at DHT Using Validator. In: Proc. of the 2009 FGIT, pp.173–180 (2009)

    Google Scholar 

  15. Mohamad, K.M., Patel, A., Herawan, T., Mat Deris, M.: myKarve: Jpeg Image And Thumbnail Carver. Journal of Digital Forensic Practice 3, 74–97 (2010)

    Article  Google Scholar 

  16. Cohen, M.I.: Advanced Carving Techniques. Digital Investigation 4(1-4), 119–128 (2007)

    Article  Google Scholar 

  17. Metz, J., Mora, R.J.: Analysis of 2006 DFRWS Forensic Carving Challenge, http://sandbox.dfrws.org/2006/mora/dfrws2006.pdf

  18. Richard III, G.G., Roussev, V.: Scalpel: A Frugal, High Performance File Carver. In: Proc. of the 2005 Digital Forensics Research Workshop, New Orleans (2005)

    Google Scholar 

  19. McKusick, M.K., Joy, W.N., Leffler, S.J., Fabry, R.S.: A Fast File System for UNIX. ACM Transactions on Computer Systems 2 (1984)

    Google Scholar 

  20. Kanagawa, S.K.: Information Reproduction Apparatus and Information Reproduction Method. U.S. Patent 6,236,663 BI

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, Johor, Malaysia

    Nurul Azma Abdullah, Rosziati Ibrahim & Kamaruddin Malik Mohamad

Authors
  1. Nurul Azma Abdullah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rosziati Ibrahim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kamaruddin Malik Mohamad
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Laboratory of Urban and Territorial Systems, University of Basilicata, 10, Viale dell’Ateneo Lucano, 85100, Potenza, Italy

    Beniamino Murgante

  2. Department of Mathematics and Computer Science, University of Perugia, Via Vanvitelli 1, 06123, Perugia, Italy

    Osvaldo Gervasi

  3. Department of Cyber Security Science, Federal University of Technology, Gidan Kwano Campus, Minna, Nigeria

    Sanjay Misra

  4. Faculty of Engineering, Department of Electronics Engineering and Telecommunications, State University of Rio de Janeiro, Rua Sao Francisco Xavier, 524, 50. andar, sala 5145-F, Maracana, 20, 550-013, Rio de Janeiro, RJ, Brazil

    Nadia Nedjah

  5. Department of Production and Systems, University of Minho, Campus de Gualtar, 4710-057, Braga, Portugal

    Ana Maria A. C. Rocha

  6. School of Business Systems, Monash University, 3800, Clayton, VIC, Australia

    David Taniar

  7. Department of Intelligent Informatics, Kyushu Sangyo University, 2-3-1 Matsukadai, Higashi-ku, 813-8503, Fukuoka, Japan

    Bernady O. Apduhan

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Abdullah, N.A., Ibrahim, R., Mohamad, K.M. (2012). Cluster Size Determination Using JPEG Files. In: Murgante, B., et al. Computational Science and Its Applications – ICCSA 2012. ICCSA 2012. Lecture Notes in Computer Science, vol 7336. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31128-4_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31128-4_26

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31127-7

  • Online ISBN: 978-3-642-31128-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy