±Partners and Sponsors
New Today: 1
New Yesterday: 4
±Follow Forensic Focus
· Webmail Forensics – Digging deeper into Browsers and Mobile Applications
· Operation Endeavour: The Tip of the Iceberg?
· Forensic analysis of the ESE database in Internet Explorer 10
· WhatsApp – discovering timestamps of deleted messages
· Man In The Middle Attack: Forensics
· Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases
· Windows 8 File History Analysis
· Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection
· Bitcoin Forensics Part II: The Secret Web Strikes Back
An Analytical Approach to SteganalysisBack to top Back to main Skip to menu
An Analytical Approach to Steganalysis
Rapidly evolving computer and networking technology coupled with a dramatic expansion in communications and information exchange capability within government organizations, public and private corporations and even our own homes has made our world smaller. As a society, we are substantially more invested in information technologies than ever before. Use of the Internet and multimedia technologies for communication have become commonplace and have become an integral part of both business and social activity. This has changed how societies across the globe operate.
To make matters worse, criminals are adapting to evolving law enforcement technologies in the field of computer forensics by finding new ways to conceal their criminal activities. Law enforcement forensic examiners are beginning to discover data hiding applications on seized media that have been used to evade detection by popular computer forensic tools by hiding a digital file inside of another digital file. This technique is called digital steganography.
Steganography, literally meaning "covered writing," is a means of covert communication that encompasses a variety of techniques used to embed data within a cover medium in such a manner that the very existence of the embedded information is undetectable.
Hundreds of steganography applications are readily available on the Internet, and most of those are available as freeware or shareware, for use by criminals and terrorists. Computer security, law enforcement, and intelligence professionals need the capability to both detect the use of digital steganography applications to hide information and then extract the hidden information. Accordingly, there is much current interest in steganalysis, or the detection and extraction of information hidden with digital steganography applications.
There are two major schools of thought for conducting steganalysis: one of which involves an approach known as "blind detection" and the other is a more analytical approach. This document will describe both techniques and how they can be employed together to conduct steganalysis.