Skip to content

What is a .ART File and Why Do I Care?

November 11, 2015

In the 1990s AOL was a major force on the Internet.  There were people using AOL’s modems to get online and nothing else and there were people making extensive use of AOL’s content.  And everything in between these extremes.  AOL has since faded as a major force and some would say they have been replaced by Netflix, at least in terms of bandwidth consumption.

AOL was pretty interesting in bandwidth, and considering a significant number of their users were using AOL’s modems, they were interested in providing a speedy experience for their users.  Towards this end, AOL acquired a company called Johnson-Grace and integrated a graphics format developed by Johnson-Grace into the AOL experience.  What AOL was doing was translating other graphic image types into a .ART file and transferring these files to the user.  The result was better bandwidth utilization, especially at modem speeds.  Microsoft evidently agreed with this strategy and bundled the Johnson-Grace .ART decoder as a DLL with Windows up until Windows Vista.

It should be noted here that there have been other uses of the .ART extension in addition to Johnson-Grace compression format images.  Evidently this extension applies to files used by some embroidery machines.  It is also used for other things as well now.  So it you have a file with an extension of .ART, it doesn’t necessarily mean that it is a Johnson-Grace compressed image.  You can tell by looking at the file content: all Johnson-Grace files start with the letters “JG” followed by a single byte value from 1 to 4.

Microsoft evidently decided there were corrupted .ART files floating around on the Internet and these would cause a failure in the Johnson-Grace decoder which would then in turn cause Internet Explorer to fail.  To remove this and any potential security risk that an intentionally crafted corrupt .ART file might pose, Microsoft removed the Johnson-Grace decoder DLL from Windows Vista and all further versions of Windows.  Wikipedia also indicates that Internet Explorer had support for the .ART image format removed in 2006.

What this means is that if you have a computer that you upgrade to Windows 7 from Windows XP it may have the decoder DLL present, but if you acquire a new computer with an operating system later than Windows XP it will not have this decoder DLL at all.

What does this mean?  Well, because the Johnson-Grace algorithm(s) were never really disclosed there are no commonly available tools for working with the .ART format other than the decoder that Microsoft supplied.  The Johnson-Grace company was distributing a toolkit for free many years ago, but that ended.  If in the course of an examination you encounter a .ART file, you may not be able to view it without taking some steps to prepare for this.

There are two basic ways of dealing with .ART files, and this is going to depend on exactly what applications you are using and what support they have.  Applications from InfinaDyne know about the Johnson-Grace format and will utilize the decoder DLL.  Other applications may also have this support and work with the .ART format, if you have the decoder DLL.

The other way is to obtain and use an application which directly supports the .ART format.  At this time there are very, very few such applications.  One, which is obtainable, is the original America Online program.  It turns out that up until version 8 their own browser was used and it supports viewing .ART files.  You can obtain version 8 of the America Online program from here.  Note that this program works only on Windows XP and earlier versions of Windows – you cannot run it on Windows 7 or later.

If you can make use of the decoder DLL, the first thing is to get a copy of JGDW400.DLL.  You can download this from a variety of sources – check this list.   The simplest thing to do with this file, once you obtain it, is to put it into the Windows directory on your computer where it will be available to any application that requires it.  If you have only a single application or two that can make use of this DLL it may make more sense to place this DLL into the folder with these applications rather than putting it in the Windows folder.  While it is highly unlikely that this DLL can introduce any meaningful security risk on your computer, forensic workstation or not, if you can isolate it to a few applications there is no reason not to do so.

I do not know what the prevalence of .ART files in forensic examinations might be.  If many people now in 2015 have never heard of a .ART file, there may not be much call for dealing with these things.  However, if you run into one of these files, InfinaDyne still has support for this format if you have the DLL available.  If you have any comments or concerns about .ART files, please respond with comments here.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: