Few people know that when you take photos there is also a thumbnail embeded inside the file, even some forensic guys may have no idea about this important clue. That means if you see a damaged photo, you could try to extract the thumbnail inside the photo, thus you could see it clearly. Let me show you how to do it manually with Winhex.

1. A damaged photo, some part of it is missing, so we could not see the face of our suspect clearly...

2.Open it with Winhex, and search hex value "FFD8FF" which means the file header of JPGs. There are two hits, and the second one is the header of thumbnamil we're looking for.

3. Go to the second hit and mark it as the begining of block.

4.Search hex value "FFD9" which means the footer of JPGs and go to the footer of thumbnail we're looking for. Also mark it as the end of block.

5. Now we could copy this block into a new file.

6. That's it. Now you could see the face of our suspect, including the weapon on his/her hans and viechle...

7. Of course some tools could do this for you, still you have to know why and how and take it into practice.

Recover damage pictures to see the crime scene的更多相关文章

  1. [转帖]IOC Security: Indicators of Attack vs. Indicators of Compromise

    IOC Security: Indicators of Attack vs. Indicators of Compromise https://www.crowdstrike.com/blog/ind ...

  2. A planning attack on a commuter train carriage in Taipei

    Last night an explosion on a commuter train carriage in Taipei Songshan railway station wounded at l ...

  3. 犯罪现场调查第一季/全集CSI迅雷下载

    英文译名 CSI (第1季) (2000首播)CBS. 本季看点:<犯罪现场调查>赌城拉斯维加斯吸引着做发财梦的人,也吸引着形形色色的罪犯,该市警察局的犯罪现场调查局在全美国名列第二.该剧 ...

  4. [C5] Andrew Ng - Structuring Machine Learning Projects

    About this Course You will learn how to build a successful machine learning project. If you aspire t ...

  5. 1163 - Bank Robbery

    1163 - Bank Robbery   In one very cold morning, Mark decides to rob a bank. But while trying hacking ...

  6. oracle_How to Recover Data (Without a Backup!)

    How to Recover Data (Without a Backup!) It's the classic career-limiting maneuver(职业限制机动): accidenta ...

  7. Leetcode 笔记 99 - Recover Binary Search Tree

    题目链接:Recover Binary Search Tree | LeetCode OJ Two elements of a binary search tree (BST) are swapped ...

  8. [LeetCode] Recover Binary Search Tree 复原二叉搜索树

    Two elements of a binary search tree (BST) are swapped by mistake. Recover the tree without changing ...

  9. Unity Game窗口中还原Scene窗口摄像机操作 强化版

    之前写的那个版本看来真的是不行啊.最近研究了一下官方第一人称脚本,人家的平滑过渡真的是没得说.借鉴了一下,写出来了一个新的比较完美的控制. 之前我们的操作是通过鼠标输入的开始坐标和转动坐标.其实官方有 ...

随机推荐

  1. php 信号量

    一些理论基础: 信号量:又称为信号灯.旗语 用来解决进程(线程同步的问题),类似于一把锁,访问前获取锁(获取不到则等待),访问后释放锁. 临界资源:每次仅允许一个进程访问的资源. 临界区:每个进程中访 ...

  2. make[1]: *** [pcrecpp.lo] 错误 1

    在安装:pcre-8.30 时,报如下错误: [root@localhost pcre-8.30]# make && make installmake  all-ammake[1]: ...

  3. linux查看和开放某端口

    查看某端口是否已打开: netstat -nulp //UDP端口netstat -ntlp //TCP端口 或者:lsof -i:port-num 开放某端口: 在/etc/sysconfig/ip ...

  4. PHP的require()函数可以在一行代码中多次读取

    [root@NJ232:~]$[root@NJ232:~]$more tt.php m#!/opt/php/bin/php -q<?phpwhile(1){ sleep(2); $arr = r ...

  5. Linux下修改网卡的mac地址

    方法1: # ifconfig ethX down # ifconfig ethX hw ether NEW_MAC_ADDR # ifconfig ethX up 但是这样重启后就失效了,需要再敲一 ...

  6. ViewPager切换动画

    http://blog.csdn.net/lmj623565791/article/details/38026503 http://www.cnblogs.com/tianzhijiexian/p/4 ...

  7. [ActionScript 3.0] LocalConnection示例

    下例包含两个 ActionScript 类,这两个类应当编译到两个单独的 SWF 文件中: 在 LocalConnectionSenderExample SWF 文件中,将创建 LocalConnec ...

  8. 为何你的php代码没有写结束标签

    PHP闭合标签"?>"在PHP中对PHP的分析器是可选的.但是,如果使用闭合标签,任何由开发者,用户, 或者FTP应用程序插入闭合标签后面的空格都有可能会引起多余的输出.ph ...

  9. Eclispe 安装PropertiesEditor插件

    一个不错的编写properties文件的Eclipse插件(plugin),有了它我们在编辑一些简体中文.繁体中文等Unicode文本时,就不必再使用native2ascii编码了.您可以通过Ecli ...

  10. [HDU 2126] Buy the souvenirs (动态规划)

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=2126 题意:给你n个物品,m元钱,问你最多能买个多少物品,并且有多少种解决方案. 一开始想到的是,先解 ...