Jump to content
Aerosol

Forpix v1.02 – Forensic Images Tool Released

Recommended Posts

Posted

Methods for detecting affine image files

forpix is a forensic program for identifying similar images that are no longer identical due to image manipulation. Hereinafter I will describe the technical background for the basic understanding of the need for such a program and how it works.

From image files or files in general you can create so-called cryptologic hash values, which represent a kind of fingerprint of the file. In practice, these values have the characteristic of being unique. Therefore, if a hash value for a given image is known, the image can be uniquely identified in a large amount of other images by the hash value. The advantage of this fully automated procedure is that the semantic perception of the image content by a human is not required. This methodology is an integral and fundamental component of an effective forensic investigation.

Due to the avalanche effect, which is a necessary feature of cryptologic hash functions, a minimum -for a human not to be recognized- change of the image causes a drastic change of the hash value. Although the original image and the manipulated image are almost identical, this will not apply to the hash values any more. Therefore the above mentioned application for identification is ineffective in the case of similar images.

A method was applied that resolves the ineffectiveness of cryptologic hash values. It uses the fact that an offender is interested to preserve certain image content. In some degree, this will preserve the contrast as well as the color and frequency distribution. The method provides three algorithms to generate robust hash values of the mentioned image features. In case of a manipulation of the image, the hash values change either not at all or only moderately similar to the degree of manipulation. By comparing the hash values of a known image with those of a large quantity of other images, similar images can now be recognized fully automated.

Download: http://rojak.de/le/forpix1.02_eng.7z

Tutorial

In order to launch the program on a Windows machine run the included batch file "forpix.bat". Otherwise, the program runs on all Java-capable machines with a 32 bit Java-VM. Just use the Java flag "-jar -Xmx1024m forpix.jar" in the command prompt.

To perform a comparison following steps are necessary. The execution of the steps are very simple in practice.

  • Creating an image database.
  • Analyzing images of a seized media and import the images and hash values into the image database in one step.
  • Analyzing a reference image and performing an automated image comparison in one step.

As a result, you get for each reference image a list of the most similar images from the database.

The very short tutorial:

  • Create a database: menu "Database > Create ..."
  • Choose a name along with a directory for the new database by pressing "Directory"
  • Press "OK"
  • Import images into the database: menu "Image > Import"
  • Optionally you can insert your user name, case number/identifier, evidence number. Then choose the directory where the images were stored. Press "Start"
  • Wait a moment... A message will be shown at the end. Press "OK"
  • To compare a image with all images in the database: menu "Image > comparison..."
  • Choose a reference image by pressing "file" to open the reference image file.
  • For comparison press "Start".
  • Wait a moment... A message will be shown at the end. Press "OK"
  • After that you will see a list of images, similar to the reference image.
  • To show each image just single click on each entry in the list.
  • To show the reference image just click "Reference Image" in the menu bar.

Read more: forpix | martin rojak

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...