More robust audio detection in MOVCarver (#2110)

sepinf-inc / IPED

IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by private examiners.

Other

884 stars 209 forks source link

More robust audio detection in MOVCarver (#2110) #2113

Closed wladimirleite closed 4 months ago

wladimirleite commented 4 months ago

@lfcnassif, not setting the mime type while carving "ftypmp42" as you suggested seems much better. I had to add a custom signature for "audio/mp4", as the default behavior was detecting these audios as videos. I tested with a synthetic case (with few videos and audios merged with random bytes in a large binary block) and a real case (no "audio/mp4" files in that case, but many videos), and it behaved as expected. Sorry for overlooking this!

lfcnassif commented 4 months ago

Thank you @wladimirleite!

I had to add a custom signature for "audio/mp4"

I guessed it maybe would be required, since I already have seen Tika misdetect some similar audio and video formats.