3GP its one of many kinds digitall video format becoming a more common from digital evidence with increasing prevalence of video in th computers, mobile devices and cameras. Thye basic of 3GP file stucture is 3GP have "Boxes" . Generally 3GP file contains the file type box ((ftyp), the Movie Box (moov), and the Media Data Box (mdat). Boxes start with a header, which indicates both size and type (these fields are called, namely, "size" and "type").The movie box (moov) contains track boxes (trak) include information abaut track. A track box contains the track header boc (tkhd), media header box (mdhd) and media information box (minf).
It is example of file carving limitations known file header in order to salvage deleted data.
 |
| Hex View 3gp Header in Motorola flash Memory DUmp |
3GP in this example, a file carving that searched in the Motorola V3 Memory dump for several 3GP header signatures found two files in as shown in the audit log :
source :
forensic analisys
basic structure
0 comments:
Post a Comment