Hide menu

Digital Image Forensics

Principal investigator: Professor Nahid Shahmehri
Members: Martin Karresand (with FOI)
Partners: Swedish Defense Research Establishment (FOI)
Funding agency:
Related projects:
Keywords: security, digital forensics, incident management


Investigation of security-related incidents often requires a forensic examination of data storage devices to recover deleted and fragmentary data files. Today's forensic tools perform well with respect to deleted files, but poorly when faced with fragmentary data. Our research in this area aims to devise tools and methods capable of finding and extracting fragmentary image data and image metadata, based on the statistical properties of the data.


  • Karresand M., Shahmehri N., `Oscar - File Type and Camera Identification Using the Structure of Binary Data Fragments', 1st Conference on Advances in Computer Security and Forensics (ACSF) July 13-14, Published by The School of Computing and Mathematical Sciences, John Moores University, pp 11-20, Liverpool, UK.
  • Karresand M., Shahmehri N., `File Type Identification of Data Fragments by Their Binary Structure', Proceedings of the 7th Annual IEEE Information Assurance Workshop, "The West Point Workshop", pp 140-147, United States Military Academy, West Point, 21-23 June 2006, New York.
  • Karresand M., Shahmehri N., `Oscar: File Type Identification of Binary Data in Disk Clusters and RAM Pages', Proceedings of IFIP International Information Security Conference: Security and Privacy in Dynamic Environments (SEC2006), Springer, ISBN 0-387-33405-x, pp 413-424, May 22 - 24, Karlstad, Sweden. Journal page.

Page responsible: Nahid Shahmehri
Last updated: 2009-06-23