Few people know that when you take photos there is also a thumbnail embeded inside the file, even some forensic guys may have no idea about this important clue. That means if you see a damaged photo, you could try to extract the thumbnail inside the photo, thus you could see it clearly. Let me show you how to do it manually with Winhex.

1. A damaged photo, some part of it is missing, so we could not see the face of our suspect clearly...

2.Open it with Winhex, and search hex value "FFD8FF" which means the file header of JPGs. There are two hits, and the second one is the header of thumbnamil we're looking for.

3. Go to the second hit and mark it as the begining of block.

4.Search hex value "FFD9" which means the footer of JPGs and go to the footer of thumbnail we're looking for. Also mark it as the end of block.

5. Now we could copy this block into a new file.

6. That's it. Now you could see the face of our suspect, including the weapon on his/her hans and viechle...

7. Of course some tools could do this for you, still you have to know why and how and take it into practice.

Recover damage pictures to see the crime scene的更多相关文章

  1. [转帖]IOC Security: Indicators of Attack vs. Indicators of Compromise

    IOC Security: Indicators of Attack vs. Indicators of Compromise https://www.crowdstrike.com/blog/ind ...

  2. A planning attack on a commuter train carriage in Taipei

    Last night an explosion on a commuter train carriage in Taipei Songshan railway station wounded at l ...

  3. 犯罪现场调查第一季/全集CSI迅雷下载

    英文译名 CSI (第1季) (2000首播)CBS. 本季看点:<犯罪现场调查>赌城拉斯维加斯吸引着做发财梦的人,也吸引着形形色色的罪犯,该市警察局的犯罪现场调查局在全美国名列第二.该剧 ...

  4. [C5] Andrew Ng - Structuring Machine Learning Projects

    About this Course You will learn how to build a successful machine learning project. If you aspire t ...

  5. 1163 - Bank Robbery

    1163 - Bank Robbery   In one very cold morning, Mark decides to rob a bank. But while trying hacking ...

  6. oracle_How to Recover Data (Without a Backup!)

    How to Recover Data (Without a Backup!) It's the classic career-limiting maneuver(职业限制机动): accidenta ...

  7. Leetcode 笔记 99 - Recover Binary Search Tree

    题目链接:Recover Binary Search Tree | LeetCode OJ Two elements of a binary search tree (BST) are swapped ...

  8. [LeetCode] Recover Binary Search Tree 复原二叉搜索树

    Two elements of a binary search tree (BST) are swapped by mistake. Recover the tree without changing ...

  9. Unity Game窗口中还原Scene窗口摄像机操作 强化版

    之前写的那个版本看来真的是不行啊.最近研究了一下官方第一人称脚本,人家的平滑过渡真的是没得说.借鉴了一下,写出来了一个新的比较完美的控制. 之前我们的操作是通过鼠标输入的开始坐标和转动坐标.其实官方有 ...

随机推荐

  1. whois配置

    $itemRules = array ( 'default' => array ( 'registry_domain_id' => 'Registry Domain ID:(.*?)', ...

  2. Android之BroadcastReceiver 监听系统广播

    绑定广播有两种方式 一.配置文件绑定,在程序未启动也能监听 二.代码方式绑定,在程序启动后才能监听 1.绑定和取消绑定广播 public class MainActivity extends Acti ...

  3. 创建指定日期java Date对象

    import java.text.DateFormat;import java.text.ParseException;import java.text.SimpleDateFormat;import ...

  4. [Java] 过滤流BufferedInputStream和BufferedOutputStream

    package test.stream; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import ...

  5. Delphi 在线程中如何使用TClientSocket组件并自动检测该组件

    在线程中如何使用TClientSocket组件并自动检测该组件的事件?我想在一个线程中动态创建一个TClientSocket组件,并要求该组件能够自动检测Socket事件(例如OnRead.OnErr ...

  6. SQL Server中易混淆的数据类型

    1)char.varchar.text和nchar.nvarchar.ntextchar和varchar的长度都在1到8000之间,它们的区别在于char是定长字符数据,而varchar是变长字符数据 ...

  7. MongoDB条件查询

    1.查询集合中的所有记录 db.users.find() { "_id" : ObjectId("528b1173613e3289197a6486"), &qu ...

  8. HDU 3062 Party

    Party Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others)Total Submi ...

  9. iOS 7.0获取iphone UDID 【转】

    iOS 7.0 iOS 7中苹果再一次无情的封杀mac地址,使用之前的方法获取到的mac地址全部都变成了02:00:00:00:00:00.有问题总的解决啊,于是四处查资料,终于有了思路是否可以使用K ...

  10. 翻译:Knockout 快速上手 - 5: 你需要知道的顶级特性 续

    Utilities Knockout 提供了许多可以你开发中使用的工具,你可以在 ko.utils 命名空间中找到它们,我最喜欢的工具如下所示: extend: 这个方法将两个对象合并在一起,调用这个 ...