Forensic investigation to detect forgeries in ASF files of contemporary IP cameras

Recent years have seen tremendous increase in crime and terrorism all over the world which has necessitated continuous surveillance of public spaces, commercial entities and residential areas. CCTV cameras are an integral part of any modern surveillance system and have evolved significantly. They are a vital part of any investigation that follows a criminal or terrorism incident by providing invaluable evidence. In this paper, we show that the Advance Systems Format (ASF) file used in most IP cameras, which is also the main file containing metadata about the streaming packets, is vulnerable to forgery. This file is stored in plain text and any technically savvy person can forge it; therefore, a mechanism is needed to prevent it. To that end, we have gathered critical artifacts from an ASF file of IP cameras and carried out their forensic analysis. The analysis performed during this study demonstrates successful detection of forgery/tampering of evidence in IP cameras.