±Partners and Sponsors

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 3
Overall: 26796
Visitors: 51

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

An Analytical Approach to Steganalysis

An Analytical Approach to Steganalysis



Page: 1/8


by James E. Wingate, CISSP-ISSEP, CISM, IAM
Director, Steganography Analysis & Research Center
www.sarc-wv.com

Chad W. Davis
Computer Security Engineer
Backbone Security.Com
www.backbonesecurity.com


Introduction

Rapidly evolving computer and networking technology coupled with a dramatic expansion in communications and information exchange capability within government organizations, public and private corporations and even our own homes has made our world smaller. As a society, we are substantially more invested in information technologies than ever before. Use of the Internet and multimedia technologies for communication have become commonplace and have become an integral part of both business and social activity. This has changed how societies across the globe operate.

The rapid evolution of the Internet has also been somewhat of a "double-edged sword." Not only has it provided a medium for exchanging vast amounts of information and knowledge for the benefit of mankind it has also provided a new medium for conducting activities detrimental to mankind. No longer confined to the bounds of physical space, criminals, including terrorists, have discovered a virtual world where they can take advantage of the vast expanse of cyber space to conceal their activities from the prying eyes of law enforcement and the intelligence community. In the pre-Internet era, criminals often operated under the cloak of darkness. Now they operate 24x7 under the cloak of cyber space—with little concern for being detected, arrested, prosecuted and convicted because by and large much criminal activity goes unreported. Even when it is reported, law enforcement is already so overwhelmed with CP investigations they don't have the time or resources to investigate other cyber crimes. This fact is not lost on those who would use the Internet for illegal or otherwise nefarious purposes.

To make matters worse, criminals are adapting to evolving law enforcement technologies in the field of computer forensics by finding new ways to conceal their criminal activities. Law enforcement forensic examiners are beginning to discover data hiding applications on seized media that have been used to evade detection by popular computer forensic tools by hiding a digital file inside of another digital file. This technique is called digital steganography.

Steganography, literally meaning "covered writing," is a means of covert communication that encompasses a variety of techniques used to embed data within a cover medium in such a manner that the very existence of the embedded information is undetectable.

Hundreds of steganography applications are readily available on the Internet, and most of those are available as freeware or shareware, for use by criminals and terrorists. Computer security, law enforcement, and intelligence professionals need the capability to both detect the use of digital steganography applications to hide information and then extract the hidden information. Accordingly, there is much current interest in steganalysis, or the detection and extraction of information hidden with digital steganography applications.

There are two major schools of thought for conducting steganalysis: one of which involves an approach known as "blind detection" and the other is a more analytical approach. This document will describe both techniques and how they can be employed together to conduct steganalysis.






Next Page (2/8) Next Page