±Forensic Focus Partners
New Today: 7
New Yesterday: 2
±Follow Forensic Focus
· Development of Digital Forensic Tools on Mobile Device, a Potential Area to Consider?
· Can You Get That License Plate?
· How To Decrypt WeChat EnMicroMsg.db Database?
· A guide to RegRipper and the art of timeline building
· Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions
· FT Cyber Security Summit 2014 – Recap
· Why Offender Profiling is Changing Thanks to Mobile Forensics and Increasingly ‘Social’ Criminal Activity
· Understanding Cyber Bullying – Notes for Digital Forensics Examiners
· Investigating the Dark Web – The Challenges of Online Anonymity for Digital Forensics Examiners
An Analytical Approach to SteganalysisBack to top Back to main Skip to menu
An Analytical Approach to Steganalysis
Rapidly evolving computer and networking technology coupled with a dramatic expansion in communications and information exchange capability within government organizations, public and private corporations and even our own homes has made our world smaller. As a society, we are substantially more invested in information technologies than ever before. Use of the Internet and multimedia technologies for communication have become commonplace and have become an integral part of both business and social activity. This has changed how societies across the globe operate.
To make matters worse, criminals are adapting to evolving law enforcement technologies in the field of computer forensics by finding new ways to conceal their criminal activities. Law enforcement forensic examiners are beginning to discover data hiding applications on seized media that have been used to evade detection by popular computer forensic tools by hiding a digital file inside of another digital file. This technique is called digital steganography.
Steganography, literally meaning "covered writing," is a means of covert communication that encompasses a variety of techniques used to embed data within a cover medium in such a manner that the very existence of the embedded information is undetectable.
Hundreds of steganography applications are readily available on the Internet, and most of those are available as freeware or shareware, for use by criminals and terrorists. Computer security, law enforcement, and intelligence professionals need the capability to both detect the use of digital steganography applications to hide information and then extract the hidden information. Accordingly, there is much current interest in steganalysis, or the detection and extraction of information hidden with digital steganography applications.
There are two major schools of thought for conducting steganalysis: one of which involves an approach known as "blind detection" and the other is a more analytical approach. This document will describe both techniques and how they can be employed together to conduct steganalysis.