| CPC G06F 16/48 (2019.01) [G06F 16/40 (2019.01); G06F 16/41 (2019.01); G06F 21/552 (2013.01)] | 19 Claims |
|
1. A method of performing a forensic analysis of a multimedia file, comprising the steps of:
providing a system including:
one or more processors; and
a database including a plurality of profile structural signatures corresponding to at least one of known hardware and software;
a memory storing computer-readable instructions that, when executed by the one or more processors, cause the system to:
receiving a multimedia file for analysis;
identifying a multimedia file format of the multimedia file;
determining whether a multimedia file type of the multimedia file is a supported multimedia file;
parsing the multimedia file to separate structural elements of the multimedia file, wherein the structural elements that are parsed include complete binary structures and incomplete binary structures in the multimedia file;
generating at least one Media Examiner profile structural signature for the multimedia file that characterizes a combination of attributes specific to a type of device that wrote the multimedia file, the combination of attributes including an appearance of a structure heading within the multimedia file, a position of the structure heading within a sequence of a plurality of structure headings within the multimedia file, and a relative depth of the structure heading within a hierarchy of the plurality of structure headings within the multimedia file;
determining a percentage match of the generated at least one Media Examiner profile structural signature with the plurality of profile structural signatures of the database; and
providing an indication of the at least one of the known hardware and software of at least one of the plurality of profile structural signatures when at least one of the plurality of profile structural signatures has a percentage match with the generated at least one Media Examiner profile structural signature that satisfies a predetermined value.
|