Yanbin Tang,Zheng Tan,Kam-Pui Chow,Siu-Ming Yiu,Junbin Fang,Xiamu Niu,Qi Han,Xianyan Wu

DOI: https://doi.org/10.1007/978-3-319-24123-4_13

2015-01-01

Abstract:Many techniques have been proposed for file recovery, but recovering fragmented files is still a challenge in digital forensics, especially when the files are damaged. This chapter focuses on JPEG files, one of the most popular photograph formats, and proposes techniques for recovering partially-damaged standalone JPEG fragments by reconstructing pseudo headers. The techniques deal with missing Huffman tables and sub-sampling factors, estimate the resolution of fragments, assess the image quality of JPEG files with incorrect quantization tables, and create quantization tables that are very close to the correct quantization tables in a reasonable amount of time. Experiments with real camera pictures demonstrate that the techniques can recover standalone fragments accurately and efficiently.

Weidong Qiu,Run Zhu,Jie Guo,Xiaoming Tang,Bozhong Liu,Zheng Huang

DOI: https://doi.org/10.1109/BIBE.2014.31

2014-01-01

Abstract:Traditional file recovery methods rely on file system information, which are ineffective when file system information isn't available. File carving is a file recovery method that recovers files according to their structure and content without file system information, which is widely used in digital forensics. As the important carriers of digital information, multimedia files are important digital evidence. In this paper, a new multimedia file carving approach is proposed to improve the recovery accuracy of high entropy file fragments. The fragmented files can be recovered by a hierarchical carving process, including file header identification via entropy, file fragment type classification, and file reassembly via parallel unique path approach. A new file type classification method is constructed based on support vector machine, by using the features of BFD (byte frequency distribution) and ROC (rate of change). Four different datasets, such as DFRWS 2006/2007 challenge datasets, dataset simulating actual disk, dataset with randomly disordered fragments, and dataset with biomedical images, are employed in our experiments. The results show that JPEG recovery accuracy is improved greatly compared with that of Photo Rec tool. Our method performs best in the situation where the order of fragments is completely confusing.

Xiangwei Kong,Bo Wang,Mingliang Yang,Yue Feng

DOI: https://doi.org/10.1007/978-981-10-1536-6_66

2016-01-01

Abstract:Since image processing software is widely used to tamper or embed data into JPEG images, the forensics of tampered JPEG images now plays a considerable important role. However, most existing forensics methods that use binary classification can hardly deal with multiclass image forensics problems properly under network environments. In this paper, we propose a hierarchical forensics scheme against multiple heterogeneous JPEG images. We introduce a compression identifier based on Markov model of DCT coefficients as the first hierarchical section and then develop a tampering detection and steganalyzer separately as the second phase. We conduct a series of experiments to testify the validity of the proposed method.

Lanying Wu,Xiangwei Kong,Bo Wang,Shize Shang

DOI: https://doi.org/10.1117/12.2003695

2013-01-01

Abstract:In this paper, we present an efficient method to locate the forged parts in a tampered JPEG image. The forged region usually undergoes a different JPEG compression with the background region in JPEG image forgeries. When a JPEG image is cropped to another host JPEG image and resaved in JPEG format, the JPEG block grid of the tampered region often mismatches the JPEG block grid of the host image with a certain shift. This phenomenon is called non-aligned double JPEG compression (NA-DJPEG). In this paper, we identify different JPEG compression forms by estimating the shift of NA-DJPEG compression. Our shift estimating approach is based on the percentage of non zeros of JPEG coefficients in different situations. Compared to previous work, our tampering location method (i) performances better when dealing with small image size, (ii) is robust to common tampering processing such as resizing, rotating, blurring and so on, (iii) doesn't need an image dataset to train a machine learning based classifier or to get a proper threshold.

Bo Wang -,Xiangwei Kong -,Lanying Wu -

DOI: https://doi.org/10.4156/jcit.vol7.issue17.58

2012-01-01

Journal of Convergence Information Technology

Abstract:As an important branch of digital image forensics, image splicing is the most fundamental step in photomontage. In the present paper, an efficient blind digital forensics method for image splicing localization and forgery detection is proposed. The method is based on the estimated natural counterpart of the spliced image using different quality re-demosaicing approaches. By comparing the test image with its estimated natural counterpart, the abrupt edges along the spliced region are exposed and a binary image is obtained to illustrate the localization of the splicing. The features extracted from the binary image are fed into a support vector machine classifier to detect spliced forgeries. The DVMM uncompressed spliced image database is used to evaluate the performance of the proposed method. The experimental results show the effectiveness of the method on splicing localization and its accuracy on forgery detection.

Xianyan Wu,Qi Han,Xiamu Niu,Hongli Zhang,Siu-Ming Yiu,Junbin Fang

DOI: https://doi.org/10.1049/iet-ipr.2016.0531

IF: 2.3

2018-01-01

IET Image Processing

Abstract:Image width is an important factor for making the partially recovered data perceptually meaningful in image file carving. The authors conduct a comprehensive comparison of the performance of the representative methods for estimating the JPEG image width. Experimental results show that the best methods based on pixels are always better than the best methods based on quantised discrete cosine transform (DCT) coefficients. To keep the good performance of the pixel-based methods when the correct quantisation tables are unavailable, the authors replace the correct quantisation tables with the standard ones. Experimental results certify that such a replacement has only a little effect on the performance of the pixel-based methods, the best of which still outperform the best methods based on quantised DCT coefficients. The two results indicate that it may be enough to just focus on the pixel-based methods for future work. Finally, they propose a pixel-based method, which derives the candidate image widths from the most likely adjacent minimum coded unit (MCU) pairs in the vertical direction. The candidate width which appears most frequently is chosen as the estimated image width. Experimental results show that the proposed method usually has the best performance when most MCUs of an image are recovered.

Wei Dong,Jianjun Wang

DOI: https://doi.org/10.1109/trustcom.2016.0168

2016-01-01

Abstract:In digital image forensics, identifying whether an image has been JPEG compressed is an important issue. Although the existing methods detect JPEG compression with high accuracy, their performance is degraded by resizing, which is usually used in image tampering. In this paper, a new method based on detecting block artifacts left by JPEG compression is proposed. The proposed method exposes the block artifacts via a simple spatial filter and Gaussian transformation. With some steps of feature extraction, it can be used for JPEG compression forensics. The proposed method works on any block size, which means that it can work without knowing the block size in advance. Therefore, it can be used to detect JPEG compression against resizing, which only changes the block size, but cannot destroy the block artifacts. Extensive experiments prove that the proposed method can detect JPEG compression in the presence of resizing, while it achieves a good performance as previous methods when no resizing is present.

Divakar Singh,Priyanka Singh,Riyanka Jena,Rajat Subhra Chakraborty

DOI: https://doi.org/10.1007/s11042-022-13699-x

IF: 2.577

2022-09-30

Multimedia Tools and Applications

Abstract:The unprecedented growth in the easy availability of photo-editing tools has endangered the power of digital images. An image was supposed to be worth more than a thousand words, but now this can be said only if it can be authenticated or the integrity of the image can be proved to be intact. In this paper, we propose a digital image forensic technique for JPEG images. It can detect any forgery in the image if the forged portion called a ghost image is having a compression quality different from that of the cover image. It is based on resaving the JPEG image at different JPEG qualities, and the detection of the forged portion is maximum when it is saved at the same JPEG quality as the cover image. Also, we can precisely predict the JPEG quality of the cover image by analyzing the similarity using Structural Similarity Index Measure (SSIM) or the energy of the images. The first maxima in SSIM or the first minima in energy correspond to the cover image JPEG quality. We created a dataset for varying JPEG compression qualities of the ghost and the cover images and validated the scalability of the experimental results. We also, experimented with varied attack scenarios, e.g. high-quality ghost image embedded in low quality of cover image, low-quality ghost image embedded in high-quality of cover image, and ghost image and cover image both at the same quality. The proposed method is able to localize the tampered portions accurately even for forgeries as small as 10 × 10 sized pixel blocks. Our technique is also robust against other attack scenarios like copy-move forgery, inserting text into image, rescaling (zoom-out/zoom-in) ghost image and then pasting on cover image.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Xiang Zhu,Jie Yuan,Si-dan Du

2007-01-01

Abstract:A method for the recovery of JPEG compressed image sequences is proposed in this paper. The method is based on the reduction of compression artifacts, and it is inspired with the thoughts of super-resolution reconstruction. To minimize the quantization errors and restore the discrete cosine transformation components, the method utilizes the theory of Projection Onto Convex Sets (POCS) and Iterative Back Projection (IBP) algorithm, which helps computing the projections. It also applies Maximum A Posteriori (MAP) estimation techniques to remove Gaussian noise without damaging edges or details of the image. Experimental results show that the proposed method produces good Peak Signal to Noise Ratio (PSNR) results, and could not only remove blocking and ringing artifacts, but also recover details of images, especially in low bit-rate conditions.

Yu Chen

2012-01-01

Abstract:In this paper, we propose a sector-wise JPEG fragment point classification approach to classify normal and erroneous JPEG data fragments with the minimum size of 512 Bytes per fragment. The contributions of this work are two-folds: 1) a sectorwise JPEG erroneous fragment classification approach is proposed 2) a new DCT coefficient analysis method is introduced for the JPEG image content analysis. Testing results on a variety of erroneous fragmented and normal JPEG files prove the strength of this operator for the purpose of forensics analysis, data recovery and abnormal fragment inconsistencies classification and detection. Furthermore, the results also show that the proposed DCT coefficient analysis method is efficient and practical in terms of classification accuracy. In our experiment, the proposed classifier yields a FP rate of 4.89% and a TP rate of 96.6% in terms of erroneous JPEG fragment detection.

Xiuli Chai,Yong Tan,Zhihua Gan,Yakun Niu,Jinwei Wang

DOI: https://doi.org/10.1007/s11760-023-02919-y

IF: 1.583

2023-01-01

Signal Image and Video Processing

Abstract:Detection of double Joint photographic experts group (JPEG) compression is a major part of image forensics, especially double JPEG compression detection with the same quantization matrix is still a challenging problem. Detection of double JPEG compression for different quantization matrices has achieved good performance so far, and some methods for detecting the same quantization matrix have been proposed. However, most methods designed for grayscale images, where they utilize only truncation and rounding errors, not fully exploiting all the useful information of color JPEG images. In addition, there is no suitable model to analyze the convergence of JPEG images. These results in poor accuracy of the double compression detection for color JPEG images with the same quantization matrix. To solve this problem, we propose an effective method that utilizes third-order polynomial fitting for error convergence curves. Firstly, five successive compressions are used to extract the quantization error, dequantization error, coefficient error, and truncation error in each compression and decompression process. Secondly, based on the convergence characteristics of these four types of error information, a third-order polynomial model and least squares are applied for the fit, and then, the slope of each point of the fitted curve and the difference of the slopes are used as convergence characteristics. Moreover, the fitted curves predict the pre-compression state, which can effectively amplify the gap between single and double compression. Finally, support vector machines (SVM) are used to train and predict the final features. The experiments illustrate that the proposed method enhances accuracy by 2–3

Wenyang Liu,Yi Wang,Kim-Hui Yap,Lap-Pui Chau

2023-04-14

Abstract:In this paper, we study a real-world JPEG image restoration problem with bit errors on the encrypted bitstream. The bit errors bring unpredictable color casts and block shifts on decoded image contents, which cannot be resolved by existing image restoration methods mainly relying on pre-defined degradation models in the pixel domain. To address these challenges, we propose a robust JPEG decoder, followed by a two-stage compensation and alignment framework to restore bitstream-corrupted JPEG images. Specifically, the robust JPEG decoder adopts an error-resilient mechanism to decode the corrupted JPEG bitstream. The two-stage framework is composed of the self-compensation and alignment (SCA) stage and the guided-compensation and alignment (GCA) stage. The SCA adaptively performs block-wise image color compensation and alignment based on the estimated color and block offsets via image content similarity. The GCA leverages the extracted low-resolution thumbnail from the JPEG header to guide full-resolution pixel-wise image restoration in a coarse-to-fine manner. It is achieved by a coarse-guided pix2pix network and a refine-guided bi-directional Laplacian pyramid fusion network. We conduct experiments on three benchmarks with varying degrees of bit error rates. Experimental results and ablation studies demonstrate the superiority of our proposed method. The code will be released at <a class="link-external link-https" href="https://github.com/wenyang001/Two-ACIR" rel="external noopener nofollow">this https URL</a>.

Image and Video Processing,Computer Vision and Pattern Recognition

Ge Teng,Rongxin Jiang,Xuesong Liu,Fan Zhou,Yaowu Chen

DOI: https://doi.org/10.1007/s00371-023-03008-4

2024-01-01

Abstract:JPEG is one of the most widely used lossy image compression algorithms, but artifacts are generated during compression. Various artifact reduction methods have been proposed, and many of them, especially deep learning-based approaches, showed promising performance. However, one major drawback that limited their deployment and application is their cumbersome and complicated model. To remedy this problem, we propose a simple and efficient network named Efficient Artifact Reduction Network. To achieve efficiency, we consider enlarging the receptive field and preserving pixel-wise information as significant concerns. On the one hand, we notice choosing a proper down-sampling ratio is important, as the down-sampling operation is a trade-off between these two aspects. On the other hand, we design a Large Kernel Depthwise Separable Convolution block that considers both aspects. For flexibility over different compression qualities, which is the focus of research in recent years, we design a Half Adaptive Instance Normalization-based approach that elegantly integrates information of the Quantization Matrix into the feature map. It adaptively normalizes half of the channels in the Encoder to embed the compression quality information and precise pixel-wise information is preserved through the other half channels. We also design a scalable architecture inspired by prior works to enable a post-training balance between computational cost and restoration performance. Experiments on various datasets show that our network achieves state-of-the-art restoration performance with much fewer parameters and less computational cost.

Yujin Zhang,Wanqing Song,Fei Wu,Hua Han,Lijun Zhang

DOI: https://doi.org/10.1016/j.ijleo.2020.164196

IF: 3.1

2020-01-01

Optik

Abstract:JPEG standard has been widely applied in many image acquisition devices and image editing tools. Identifying the authenticity of JPEG images is receiving significant attention in image forensics. In many JPEG image splicing forgeries, the forged regions have always experienced the JPEG compression twice with inconsistent block segmentations (hereinafter referred to as nonaligned double JPEG compression). In this paper, an effective method to reveal the traces of the nonaligned double JPEG compression is proposed. The high-order co-occurrence statistics are utilized to model the underlying intra-block and inter-block dependencies of JPEG quantized DCT coefficients. The entropies of the high-order co-occurrence matrices are computed and treated as the discriminative features to identify the presence of nonaligned double JPEG compression. The experiment results have shown that the proposed approach outperforms several existing methods for low resolution (small size) images.

Junbin Fang,Sijin Li,Guikai Xi,Zoe Jiang,Siu-Ming Yiu,Liyang Yu,Xuan Wang,Qi Han,Qiong Li

DOI: https://doi.org/10.1007/978-3-319-67208-3_13

2017-01-01

Abstract:Video files are frequently encountered in digital forensic investigations. However, these files are usually fragmented and are not stored consecutively on physical media. Suspects may logically delete the files and also erase filesystem information. Unlike image carving, limited research has focused on video carving. Current approaches depend on filesystem information or attempt to match every pair of fragments, which is impractical. This chapter proposes a two-stage approach to tackle the problem. The first perceptual grouping stage computes a hash value for each fragment; the Hamming distance between hashes is used to quickly group fragments from the same file. The second precise stitching stage uses optical flow to identify the correct order of fragments in each group. Experiments with the BOSS dataset reveal that the approach is very fast and does not sacrifice accuracy or overall precision.

Yanjun Cao,Tiegang Gao,Guorui Sheng,Li Fan,Lin Gao

DOI: https://doi.org/10.1111/1556-4029.12618

2015-01-01

Journal of Forensic Sciences

Abstract:To prevent image forgeries, a number of forensic techniques for digital image have been developed that can detect an image's origin, trace its processing history, and can also locate the position of tampering. Especially, the statistical footprint left by JPEG compression operation can be a valuable source of information for the forensic analyst, and some image forensic algorithm have been raised based on the image statistics in the DCT domain. Recently, it has been shown that footprints can be removed by adding a suitable anti-forensic dithering signal to the image in the DCT domain, this results in invalid for some image forensic algorithms. In this paper, a novel anti-forensic algorithm is proposed, which is capable of concealing the quantization artifacts that left in the single JPEG compressed image. In the scheme, a chaos-based dither is added to an image's DCT coefficients to remove such artifacts. Effectiveness of both the scheme and the loss of image quality are evaluated through the experiments. The simulation results show that the proposed anti-forensic scheme can verify the reliability of the JPEG forensic tools.

Junbin Fang,Guikai Xi,Rong Li,Qian Chen,Puxi Lin,Sijin Li,Zoe Lin Jiang,Siu-Ming Yiu

DOI: https://doi.org/10.1016/j.cose.2020.101942

IF: 5.105

2020-01-01

Computers & Security

Abstract:Video (e.g. CCTV) plays a crucial role in digital forensics. Existing video carving methods either assume the existence of file system information or resort to the impractical exhaustive matching for all pairs of fragments. In this paper, a coarse-to-fine two-stage semantic video carving approach is proposed to improve the efficiency and precision of content-based video carving. The proposed approach introduces a perceptual grouping stage to quickly group video fragments first based on the structural similarity of the fragments, followed by a precise stitching stage which sorts the fragments within each group depending on the pixel-level content of the fragments to reconstruct each original video file. The proposed approach can reduce the computational complexity and achieve a high carving precision since the two complementary methods used in two stages focus on different-scale features of video content. Experimental results based on a YouTube-8M video clip dataset show that the overall carving precision of the proposed approach is very high (e.g. 97.2% even when the number of mixed video fragments is increased to 288, which are from 36 video files with a fragmentation degree of 8). The overall carving time is 326.22 s, about 10 times lower than that of our previous optical flow-based approach.

Qian Chen,Qing Liao,Zoe L. Jiang,Junbin Fang,Siuming Yiu,Guikai Xi,Rong Li,Zhengzhong Yi,Xuan Wang,Lucas C. K. Hui,Dong Liu,En Zhang

DOI: https://doi.org/10.1109/spw.2018.00029

2018-01-01

Abstract:File fragment classification is an important step in digital forensics. The most popular method is based on traditional machine learning by extracting features like N-gram, Shannon entropy or Hamming weights. However, these features are far from enough to classify file fragments. In this paper, we propose a novel scheme based on fragment-to-grayscale image conversion and deep learning to extract more hidden features and therefore improve the accuracy of classification. Benefit from the multi-layered feature maps, our deep convolution neural network (CNN) model can extract nearly ten thousands of features through the non-linear connections between neurons. Our proposed CNN model was trained and tested on the public dataset GovDocs. The experiments results show that we can achieve 70.9% accuracy in classification, which is higher than those of existing works.

Mingwei Cai -,Ming Xu -,Jian Xu -,Haiping Zhang -,Ning Zheng -

DOI: https://doi.org/10.4156/jdcta.vol6.issue20.73

2012-01-01

International Journal of Digital Content Technology and its Applications

Abstract:Abstract As a common forging method, copy-move forgery is to hide and cover the certain areas of image by using copies from the same image or other image. This paper introduced a blind forensics approach to detect copy-move forging. Based on the fact of errors caused by copy-move tampering and JPEG compression, an improved SAD (Sum of Absolute Difference) algorithm based on DWT (Discrete Wavelet Transform) is proposed to detect copy-move tampered image. Experimental results show that the proposed method can effectively detect the forged area in copy-move forged image. Furthermore, the proposed method has lower computational complexity and higher accuracy compared with the previous works.

Yu-jin Zhang,Sheng-hong Li,Shi-lin Wang

DOI: https://doi.org/10.1007/s12204-013-1362-9

2013-01-01

Journal of Shanghai Jiaotong University (Science)

Abstract:Copy-paste forgery is a very common type of forgery in JPEG images.The tampered patch has always suffered from JPEG compression twice with inconsistent block segmentation.This phenomenon in JPEG image forgeries is called the shifted double JPEG（SDJPEG） compression.Detection of SDJPEG compressed image patches can make crucial contribution to detect and locate the tampered region.However,the existing SDJPEG compression tampering detection methods cannot achieve satisfactory results especially when the tampered region is small.In this paper,an effective SDJPEG compression tampering detection method utilizing both intra-block and inter-block correlations is proposed.Statistical artifacts are left by the SDJPEG compression among the magnitudes of JPEG quantized discrete cosine transform（DCT） coefficients.Firstly,difference 2D arrays,which describe the differences between the magnitudes of neighboring JPEG quantized DCT coefficients on the intrablock and inter-block,are used to enhance the SDJPEG compression artifacts.Then,the thresholding technique is used to deal with these difference 2D arrays for reducing computational cost.After that,co-occurrence matrix is used to model these difference 2D arrays so as to take advantage of second-order statistics.All elements of these co-occurrence matrices are served as features for SDJPEG compression tampering detection.Finally,support vector machine（SVM） classifier is employed to distinguish the SDJPEG compressed image patches from the single JPEG compressed image patches using the developed feature set.Experimental results demonstrate the efficiency of the proposed method.