A Forensic Intelligence System for Identification of Data Originality Based on Signature Files

Abstract

The difficulty of maintaining the authenticity of files is a security problem that must be corrected in the process of developing information technology. One example of a case that often occurs is the modification of the file extension. This happens due to human error or deliberate and automatic factors. The method used for analysing the extension of a file is signature file analysis. This method is used to detect crimes that use techniques to change file extensions to hide content in its original form. Research related to the modification of file extensions using file signature analysis has been done before. However, this research still has many weaknesses, one of which is that the process of checking the file signature and the appropriate file extension is done manually and is too time-consuming. So, the forensic investigation process carried out in this case was not efficient. In this research, as a solution to the above problems, the forensic intelligence system was created to identify file types by automatically matching file extensions and signatures. If the file entered is modified, the output given is the name of the file entered, the size of the file, the file signature, the original extension of the file, and the time the file was uploaded to the application. In addition, this application can restore files with modified extensions to their original extensions. The extensions used for this research experiment amounted to 22 types out of a total of 130 types of extensions.