DEJAVU FORENSICS: ENHANCING RECOVERY OF FORMATTED JPEG AND PNG DATA USING SUPPORT VECTOR MACHINES

Abstract

With technological advancements, virtual crimes are occurring more frequently. When digital equipment is stolen, lost, or discarded, the data remains stored on the disks, enabling its recovery. This work focuses on the recovery of formatted files, investigating the applicability of the tools Foremost, Scalpel, and Magic Rescue in Linux, as well as an in-house tool equipped with machine learning. The goal is to develop a tool for the recovery and validation of formatted files, contributing to investigations of digital crimes and bringing new insights into recovery methods. Using pattern recognition, the cluster is used as input, acting as a neuron in the learning machine. The work applies machine learning to recognize patterns in blocks/clusters. In the "simple" scenario, the classification is binary (class vs. counter class), a methodology developed by Pavel (2017). In the "complex" scenario, the one-against-all method was used, with a database of 16,000 files. The research presents an approach that combines machine learning and data science to recover formatted data. The in-house tool achieves a recovery rate of over 96% for formatted PNG and JPEG files, running in seconds.