Automating JPEG Recovery and EXIF Metadata Extraction with Bash Scripting

Hans WangHans Wang
2 min read

This is another study from my Master’s in Cyber Security and Digital Forensics program at Auckland University of Technology. This article focuses on digital forensics, which often requires the recovery of lost images and metadata for investigations. This blog highlights my research on automating JPEG recovery and EXIF metadata extraction using Bash scripting, a critical tool for digital forensic analysis.

The research developed a script named “recover.sh,” combining the power of Photorec for file recovery and ExifTool for metadata extraction. By processing a .dd disk image, the script efficiently recovered JPEG files and extracted critical metadata, including GPS location, camera details, and timestamps. To ensure data integrity, MD5 and SHA-1 hash algorithms verified that files remained unaltered during recovery and analysis.

Here’s the full Bash script used in the research:

#!/bin/bash

# Create a directory to store recovered JPEGs and initialize an EXIF data table
mkdir -p /root/Documents/jpegs
table_file=/root/Documents/jpegs/"exif_data.txt"
echo "File Name, GPS Position, Make, Model, Create Date, Modify Date" >"$table_file"

# Recover JPEG files using Photorec
photorec /d /root/Documents/ /root/Documents/dataset.dd

# Generate MD5 and SHA-1 hashes for recovered files
md5sum /root/Documents/recup_dir.*/f*.jpg >> /root/Documents/STEM/MD5_recovered.txt
sha1sum /root/Documents/recup_dir.*/f*.jpg >> /root/Documents/STEM/SHA-1_recovered.txt

# Move recovered files to the main directory
cp /root/Documents/recup_dir.*/f*.jpg /root/Documents/jpegs

# Generate MD5 and SHA-1 hashes for copied files
md5sum /root/Documents/jpegs/f*.jpg >> /root/Documents/STEM/MD5_copied.txt
sha1sum /root/Documents/jpegs/f*.jpg >> /root/Documents/STEM/SHA-1_copied.txt

# Extract EXIF metadata for each JPEG and append to the EXIF data table
for file in /root/Documents/jpegs/*.jpg; do
  filename=$(basename -- "$file")
  gps_position=$(exiftool -c %.6f -GPSPosition "$file")
  make=$(exiftool -Make "$file")
  model=$(exiftool -Model "$file")
  create_date=$(exiftool -CreateDate "$file")
  modify_date=$(exiftool -ModifyDate "$file")
  echo "$filename, $gps_position, $make, $model, $create_date, $modify_date" >>"$table_file"
done

The script successfully recovered 34 of 35 JPEG files and extracted EXIF metadata for most. This process significantly streamlines traditional manual methods, offering reliability and efficiency. This simple script helps achieve automation in recovering JPEG files and enhances skills in scripting.

0
Subscribe to my newsletter

Read articles from Hans Wang directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#photorecBashforensicssha 1hash functions, MD5, SHA-1, SHA-2, checksum

Written by

Hans Wang
Hans Wang