How to implement robust file carving for fragmented JPEG files with missing headers in Python?
I'm developing a digital forensics tool in Python that needs to recover JPEG images from raw disk images where the file system metadata is corrupted or missing. Standard header-footer carving fails when dealing with fragmented files, embedded thumbnails, or missing Start of Image (SOI) markers.
Current Setup:
Input: Raw .dd disk images and memory dumps.
Language: Python 3.11
Libraries tried: binwalk , scapy (for packet carving), custom regex on b'\xFF\xD8\xFF'.
What I've Tried:
# استخراج رأس-ذيل
def carve_jpeg_naive(data):
start = data.find(b'\xFF\xD8\xFF')
while start != -1:
end = data.find(b'\xFF\xD9', start)
if end != -1:
yield data[start:end+2]
start = data.find(b'\xFF\xD8\xFF', start+1)