±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36768
New Yesterday: 0 Visitors: 105

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

X-ways - Steganography tools

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Dimi
Member
 

X-ways - Steganography tools

Post Posted: Jun 27, 18 17:20

Hello,

Can X-ways detect the use of steganography tools ?

Can X-ways detect text files, zip files, other pictures in a picture when steganography tools are used?

Kind regards,

Dimi  
 
  

keydet89
Senior Member
 

Re: X-ways - Steganography tools

Post Posted: Jun 28, 18 13:30

- Dimi

Can X-ways detect the use of steganography tools ?

Can X-ways detect text files, zip files, other pictures in a picture when steganography tools are used?


Well, depending on the OS and version you're examining, you can use any tool to pull out the info you need.

For example, was there a stego tool installed? Was a stego tool used on the system (i.e., check JumpLists, UserAssist, Prefectch if Win7, all that and AmCache/BAM key if Win10...)?  
 
  

Dimi
Member
 

Re: X-ways - Steganography tools

Post Posted: Jun 30, 18 15:30

Hello all,

Sorry for my late response.

Im investigating an image with Windows 10.
There is no steganography tool installed.
There might be a file (picture) downloaded with a zip file with cp files inside.

I'm using x-ways. I have done the Rvs.(refine volume snapshot)

Can i be sure that x-ways has found the embedded zip file?

Kind regards  
 
  

passcodeunlock
Senior Member
 

Re: X-ways - Steganography tools

Post Posted: Jun 30, 18 15:34

Compressing something with zip has nothing to do with stenography or stenography tools.

Do a raw search on your image based on file header signatures of picture types, you might discover more then the results by the default search for pictures.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

keydet89
Senior Member
 

Re: X-ways - Steganography tools

Post Posted: Jul 03, 18 00:54

- passcodeunlock
Compressing something with zip has nothing to do with stenography or stenography tools.


True, but what the OP said was, "There might be a file (picture) downloaded with a zip file with cp files inside."  
 
  

keydet89
Senior Member
 

Re: X-ways - Steganography tools

Post Posted: Jul 03, 18 01:02

- Dimi

There might be a file (picture) downloaded with a zip file with cp files inside.


Sure, there might be...there might be a lot of things.

What data do you have that points to a downloaded image file with a zipped archive of images stego'd inside it?

In the DF field, we can really caught up in the "maybes" and "what ifs", to the point where we never actually finish anything.

Look at it this way...*if* a suspect downloaded an image file that has a zipped archive of images stego'd inside it, they would then need an application to access/retrieve the stego'd file, right? Otherwise, how would they access it?

Yes, opening a JPG file for viewing is easy. Opening a zipped archive is easy. But retrieving a zipped archive that is stego'd inside a JPG file is not, and requires a specialized application, one specific to the method of steganography used.

Also, something of a side thought...for an image file to have a zipped archive of images stego'd inside it, it's gonna have to be HUGE. (I know you just said the word "HUGE" in your best Donald Trump voice...)  
 

Page 1 of 1