On Thu Aug 2 10:57:51 2007, Gary Warner wrote:
>
> Paul,
>
> Thanks for the link!
>
> Neal,
>
> GREAT WORK!
>
> Is the tool easily deployable? Is this something I can load on a PC and
> look at a boxload of images? or is this a major number crunching event?
>
> I've shown some of these AQ videos in InfraGard meetings where we talked
> about how they are shared and distributed, but I never imagined that
> there would be this level of manipulation in them!
>
> _-_
> gar
Hi Gar,
Thanks for the compliment.
I just got back in town. (I don't trust Defcon networks, so I went without
Internet for a week. And SSH over TOR is like a 300 baud modem.)
I intentionally design all of my tools for command-line and scripting.
Most of the analysis methods take longer to load/save the image than to
actually do the computation. However, wavelets (covered in my talk) and
color density (not covered) are VERY slow. (An 800x600 image might take a
minute for wavelets and up to 10 minutes for density; fortunately, these
are not the main algorithms that I use.)
I am currently talking to a company about possibly productizing the code.
(Right now, it is a very ugly command-line program that does all of the
analysis. It is good for me, not good for other people. Version 2 should
be much more usable.)
Finally, the analysis programs (jpegana and imgana) do not draw any
conclusions. They just generate pictures. A human still needs to look
at the pictures. This came from a law enforcement requirement: an expert
needs to explain the "how". The image analysis algorithms just make it
really easy for a human. (However, I do want to build a simple summary
system that may not be accurate but will allow the quick "bucketing" of
images.)
Gar: if you have other questions, send me an email off-list.
-Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/
Author of "Introduction to Network Security" (Charles River Media, 2006)
and "Hacking Ubuntu" (Wiley, 2007)
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
