1 out of 3 papers on computer forensics research seems to be about advanced techniques for carving fragmented jpegs from unallocated space.

I am sure that there have been cases where that one hard-to-reassemble jpeg was the key to cracking the case and sending the bad guy to jail for life. However, I feel equally sure that in the vast majority of cases, the problem is not how to recover that one screwy jpeg, but what to do with the hundreds of thousands of jpegs recovered with a simple header/footer search.

Trevor's work on C4P has probably done more for investigators than all the work done on fragmented jpeg carving combined. Of course, research is research, and there is nothing wrong with finding better ways to recover fragmented jpegs. There is something right, though, about applying research to solve pressing problems.

No comments:

Post a Comment