Esc

File Content Decompression Checking

D3-FCDC (File Content Decompression Checking)

Definition

Checking if compressed or encoded data sections can be successfully decompressed or decoded. Can follow with further analysis with semantic knowledge

How it works

Some file formats such as JPEGs include encoded or compressed sections. This technique verfies that those expected sections are present and can be properly decoded according to the spec.

json

References

All

Academic Paper

The following references were used to develop the File Content Decompression Checking knowledge-base article.

(Note: the consideration of references does not imply specific functionality exists in an offering.)

Carving Contiguous and Fragmented Files with Fast Object Validation

Reference Type: Academic Paper Author: Simson L. Garfinkel

Source:

https://www.sciencedirect.com/science/article/pii/S1742287607000369?viewFullText=true#sec4

Gathering Evidence: Model-Driven Software Engineering in Automated Digital Forensics

Reference Type: Academic Paper Author: van den Bos, J.

Source:

https://pure.uva.nl/ws/files/1739225/132135_thesis.pdf

D3FEND^™

A knowledge graph of cybersecurity countermeasures