±Forensic Focus Partners
New Today: 2
New Yesterday: 4
±Forensic Focus Partner Links
· Data Recovery As A Medium For Email Forensics
· Carving out the Difference between Computer Forensics and E-Discovery
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
· Investigation and Intelligence Framework (IIF) – an evidence extraction model for investigation
· Extracting data from dump of mobile devices running Android operating system
· Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?
An Analytical Approach to SteganalysisBack to top Back to main Skip to menu
An Analytical Approach to Steganalysis
Rapidly evolving computer and networking technology coupled with a dramatic expansion in communications and information exchange capability within government organizations, public and private corporations and even our own homes has made our world smaller. As a society, we are substantially more invested in information technologies than ever before. Use of the Internet and multimedia technologies for communication have become commonplace and have become an integral part of both business and social activity. This has changed how societies across the globe operate.
To make matters worse, criminals are adapting to evolving law enforcement technologies in the field of computer forensics by finding new ways to conceal their criminal activities. Law enforcement forensic examiners are beginning to discover data hiding applications on seized media that have been used to evade detection by popular computer forensic tools by hiding a digital file inside of another digital file. This technique is called digital steganography.
Steganography, literally meaning "covered writing," is a means of covert communication that encompasses a variety of techniques used to embed data within a cover medium in such a manner that the very existence of the embedded information is undetectable.
Hundreds of steganography applications are readily available on the Internet, and most of those are available as freeware or shareware, for use by criminals and terrorists. Computer security, law enforcement, and intelligence professionals need the capability to both detect the use of digital steganography applications to hide information and then extract the hidden information. Accordingly, there is much current interest in steganalysis, or the detection and extraction of information hidden with digital steganography applications.
There are two major schools of thought for conducting steganalysis: one of which involves an approach known as "blind detection" and the other is a more analytical approach. This document will describe both techniques and how they can be employed together to conduct steganalysis.