CYBR 4853 - Chapter 8
As in any digital forensics investigation, determining date and time for a file is important
You should list this type of evidence as subjective in your report because intentional and unintentional acts make date and time difficult to confirm When you're dealing with date and time values in Exif metadata, always look for corroborating information,
Raster images
also collections of pixels, but they store pixels in rows to make images easy to print. printing an image converts (rasterizes) it to print pixels line by line instead of processing the complete collection of pixels
Vector graphics
based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes use lines instead of dots to make up an image stores only the calculations for drawing lines and shapes; a graphics program converts these calculations into an image. generally smaller than bitmap files, thereby saving disk space You can also enlarge a vector graphic without affecting image quality
A graphics program creates one of three types of graphics files
bitmap, vector, and metafile
Bitmap images
collections of dots, or pixels, in a grid format that form a graphic. store graphics information as grids of pixels, short for "picture elements." image quality on a monitor is governed by resolution usually lose quality when you enlarge them Bitmap and raster files use as much of the color palette as possible
Metafile graphics
combinations of bitmap and vector images combine raster and vector graphics and can have the characteristics of both file types. if you scan a photograph (a bitmap image) and then add text or arrows (vector drawings), you create a metafile graphic share the limitations of both.
resolution
determines the amount of detail that's displayed. related to the density of pixels onscreen and depends on a combination of hardware and software. the higher the resolution, the sharper the image Software also contributes to image quality
Graphics files contain
digital photographs, line art, three-dimensional images, text data converted to images, and scanned replicas of printed pictures.
You can use two types of programs to work with graphics files:
graphics editors and image viewers.
Standard vector file formats
include Hewlett-Packard Graphics Language (.hpgl) and AutoCad (.dxf).
Standard bitmap file formats
include Portable Network Graphic (.png), Graphics Interchange Format (.gif), Joint Photographic Experts Group (.jpg or .jpeg), Tagged Image File Format (.tif or .tiff), and Windows Bitmap (.bmp).
Nonstandard graphics file formats
less common formats, such as Targa (.tga) and Raster Transfer Language (.rtl); proprietary formats, such as Photoshop (.psd), Illustrator (.ai), and Freehand (.fh11) newer formats, such as Scalable Vector Graphics (.svg); and formats for old or obsolete formats, such as Paintbrush (.pcx)
Examining the Raw File Format
typically used on many higher-end digital cameras digital negative A camera performs no enhancement processing Sensors in a digital camera simply record pixels on the memory card. maintains the best picture quality. the biggest disadvantage of the raw file format is that it's proprietary, and not all image viewers can display these formats To view a raw graphics file, you might need to get the viewing and conversion software from the camera manufacturer
To determine whether a file is a graphics file and to find a program for viewing a nonstandard graphics file
you can search the Web or consult a dictionary Web site
Graphics files can have different amounts of color per pixel, but
• 1 bit ¼ 2 colors • 4 bits ¼ 16 colors • 8 bits ¼ 256 colors • 16 bits ¼ 65,536 colors • 24 bits ¼ 16,777,216 colors • 32 bits ¼ 4,294,967,296 colors created and saved in a graphics editor enable you to create and save files in one or more of the standard graphics file formats.
Examining the Exchangeable Image File Format
Most digital cameras use the Exchangeable Image File (Exif) format to store photos. When a digital photo is taken, information about the camera (such as model, make, and serial number) and settings (such as shutter speed, focal length, resolution, date, and time) are stored in the graphics file. Most digital cameras store graphics files as Exif JPEG files if the camera has GPS capability, the latitude and longitude location data might be recorded in the Exif section vinvestigators can learn more about the type of digital camera and the environment in which photos were taken Viewing an Exif JPEG file's metadata requires special programs, such as Exif Reader Originally, JPEG and TIF formats were designed to store only digital photo data Exif is an enhancement of these formats that modifies the beginning of a JPEG or TIF file All JPEG files, including Exif, start from offset 0 (the first byte of a file) with hexadecimal FFD8
Digital Camera File Formats
Most, if not all, digital cameras produce digital photos in raw or Exif format, described in the following sections
