Detecting steganography?

Have a little read if this PDF.

https://www.sans.org/reading-room/whitepapers/stenganography/steganalysis-detecting-hidden-information-computer-forensic-analysis-1014

Karol,

WetStone Technologies has their Stego Suite software. May want to check that out.

Thanks,
Mike

Hi,
what are you using to detect steganography of the acquired data you are analyzing?

At the moment, nothing…there's not yet been any reason to suspect that stego has been used.

However, if I were conducting an investigation and found that a stego tool was installed on a system, or if there were indications that such a tool had been used, I might consider the need. But to this point, with the DFIR work I've been doing (ranging from "is this box infected/compromised" to full-on targeted threat), there hasn't been any reason to suspect that stego was used.

Hi,
what are you using to detect steganography of the acquired data you are analyzing?

At the moment, nothing…there's not yet been any reason to suspect that stego has been used.

Same here.

As for Stego, it's either plaintext or encrypted. Plaintext would be easy and encryption compresses really badly - so that's a hint.

I know there was the StegAlyzer software but it is not available anymore.

Isn't it? ?
http//www.sarc-wv.com/products/stegalyzeras/learn_more.aspx

jaclaz