Sie sind auf Seite 1von 3

MANAGING FORENSIC IMAGES WITH COMPRESSION ALGORITHMS Backgrounds: To help in maximizing the resulting data capacity in present day

computing systems, several compression algorithms under the European Computer Manufacturers Association (ECMA) Standards were developed; ECMA being an International Registration Authority instituted by ISO/IEC. Compression algorithms applications are principally meant to achieve a significant decrease in the number of bits that is needed for the representation of data in the users machines. A number of compression algorithms can be applied for audio, video, text and different images in electronic files.
The relevance of compression algorithm in digital forensic operations is based on the fact that image files are naturally large; under normal circumstances, access to the file will become very slow requiring a lot of computer resources and this can negatively impact the computer and its crucial processes.

Compression algorithms types:


Compression algorithms are basically classified into two main types, namely:

1. Loosy this selectively omit some file information to achieve better compression
ratio. While algorithms in this category are not suitable for data or text files, they function better for images and audio files.

2. Lossless is a compression algorithm that allows the entire content of a file to remain unchanged (it does not discard any information) along the compression and decompression processes. Some compression algorithms fact table:
In the table below is a shortlist of compression algorithms that can be used for both text and images:
Compression Algorithm
RLE CCITT Group 4 JBIG2 CCITT Group 3 Huffman LZW Packbits Flate/deflate

Compression type
Lossless Lossless RLE

Image type suitability


Bitonal images Bitonal images Bitonal images Huffman
Bitonal, Gray scale, Palette, RGB, and YCbCr images

URL
http://www.prepressure.com/library/compression_algori thms/rle http://www.fileformat.info/mirror/egff/ch09_05.htm http://help.arcgis.com/en/arcgisdesktop/10.0/help/index .html#//001w00000020000000.htm http://www.fileformat.info/mirror/egff/ch09_05.htm http://www.prepressure.com/library/compression_algori thms/huffman http://www.prepressure.com/library/compression_algori thms/lzw http://help.arcgis.com/en/arcgisdesktop/10.0/help/index .html#//001w00000020000000.htm http://www.prepressure.com/library/compression_algori thms/flatedeflate

Lossless Lossless Lossless Lossless Lossless

Gray Scale, Palette, Bitonal images Flate/deflate

JPEG2000 JPEG

Loosy Loosy

Color images Gray Scale, RGB, and YCbCr images

http://www.prepressure.com/library/compression_algori thms/jpeg2000 http://www.prepressure.com/library/compression_algori thms/jpeg

However, some files like the TIFF file format are somewhat flexible in the compression algorithm they accept, they either take lossy or lossless format, depending on the desired output quality and acceptable loss tolerance.

How compression algorithms work: A particular compression algorithm is not universally applied for all types of data; Images, video and audio files have different types of Compression algorithms that work for each file type. Also, it is presently difficult to pin-down a particular compression algorithm that can be said to be best for all classes of files but for a particular file and content type. Selecting a Compression algorithm for a particular image requires knowledge of file to be compressed, file content and the level of tolerance for losses on the image. An example is like in the use of JPEG compression where it is obviously unacceptable to lose any embedded details in the images; this is often the case with original forensic evidential image management and therefore underlines the purpose of this discussion.

Use of Compression algorithms in managing forensic images: SMANZFL is the Australasian Guidelines for Digital Imaging Processes (v2) produced in 2004 by the Electronic Evidence Specialist Advisory Group. This primarily describes recommended compression applications for forensic organisations. Though, the newest version Guidelines for Quality Control Testing for Digital (CR DR) Mammography (v3) got approval on the 3 August 2012. Imperatively, evidence needed for forensic use requires the implementation of stricter measures for ensuring the preservation of the evidence integrity seeing that they are very important to deciding the case. This necessitates the use of a file format that is capable of retaining the entire information as captured by the computer systems, mobile phones, cameras and other electronic devices. However, it should be noted that admissibility of evidence in court is not determined by the file format choice but by its quality and the evidential materials handling. In digital forensics, the Primary Images exact binary copy is considered as the original Image while a copy of the said original is usually termed a working copy. Producing a working copy involves certain process which may impact the data format; such processes will often involve image enhancement, compression, cropping, filtering, etc.

It is always helpful to keep in view that the vital role of compression is to encode the file's data in a more compact way to make it potable and easily manageable: this is driven by the fact that forensic image files are often very large of which compression is the only way to make the image compact, gain space and enhance portability. Conversely, the trade-off is the extra time it takes to load the file during decompression, the available memory and working space on the computer; more so, the image quality may be affected by certain compression techniques. Lossless compression is recommended for original copy of forensic images to ensure that information of the smallest size is not permanently lost in the process. A loselessly compressed image will always appear exactly as the original whenever it is decompressed. The recommendations allow also Lossy compression for a kind of forensic working images in the ones used in image delivery.

References:
ArcGIS Resource Center (2010), Compression (Environment setting); available at:

http://help.arcgis.com/en/arcgisdesktop/10.0/help/index.html#//001w00000020000 000.htm (accessed 22nd Dec 2010). CCITT (Huffman) Encoding; available at: http://www.fileformat.info/mirror/egff/ch09_05.htm (accessed 22nd Dec 2010). Computer- forensics.sans.org (2010), SANS Computer Forensics and e-Discovery site; available at: http://computer-forensics.sans.org/community/papers/reviewfoundstone-vision-forensic-tool_89 (accessed 22nd Dec 2010). ECMA (1995), Standard ECMA-222: Adaptive Lossless Data Compression Algorithm; available at: http://www.ecma-international.org/publications/files/ECMA-ST/Ecma222.pdf (accessed 22nd Dec 2010). Prepressure.com (n.d.), Compression algorithms; available at: http://www.prepressure.com/library/compression_algorithms (accessed 22nd Dec 2010).