IEEE Access (Jan 2023)

A Meta-Heuristic Method for Reassemble Bifragmented Intertwined JPEG Image Files in Digital Forensic Investigation

  • Rabei Raad Ali,
  • Kamaruddin Malik Bin Mohamad,
  • Salama A. Mostafa,
  • Dilovan Asaad Zebari,
  • Mohammed Ahmed Jubair,
  • M. Turki-Hadj Alouane

DOI
https://doi.org/10.1109/ACCESS.2023.3321680
Journal volume & issue
Vol. 11
pp. 111789 – 111800

Abstract

Read online

Traditional image recovery from corrupted file systems plays a significant role in Digital Forensics investigation. The images are mainly considered objective court evidence. Since the JPEG image format is less structured than other image formats (e.g., BMP, PNG, GIF, and TIFF), its recovery is more challenging. The paper’s main objective is to apply a metaheuristic optimization algorithm with similarity metric to recover Bifragmented intertwined JPEG images. We propose a new method known as Meta-Heuristic Reassemble Images (MHRI) for forensic recovery of Bifragmented intertwined JPEG images in the scan area, where all the fragments are in a linear order. The contribution of this paper lies in the following key components composing the MHRI method: 1) restart marker to remove some strange blocks from the scan area; 2) coherence of Euclidean Distance metric (CoEDm) to detect the fragmentation point of intertwined JPEG image; and 3) genetic Algorithm with cost function to predict if every two blocks are sequenced in the same image that searches for the best reassembly solution among the existing solutions. The MHRI method is implemented using MATLAB and tested using public datasets of 25 JPEG images and private dataset of 6 JPEG images. The MHRI process can fully recover all the Bifragmented intertwined JPEG images and 48.4% of all the JPEG images, which comparably performs better than similar methods.

Keywords