I hope this is ok to post…
Hi! I'm working on my final project which our school claims to have prepped us for, but really, they didn't.
First, I know there is a hidden file in a specific *.jpg file. We are using steghide to extract the hidden information. My professor says my unability to use the following command is no big deal, despite the fact that it will tell you the name of the hidden file. The cmd is "steghide info filname.file extension" I'm told only to use the extract cmd which is "steghide extract -sf filename.file extension" but I get the message "steghide could not open the file filename.file extension"
The scope of the project is to use FTK to determine the source of a source code exposre, along with possible suspects and logs. I don't even know where to look for this.
Any and all help would be greatly appreciated!!!
-Mariesa Limmer
P.S. I fully intend to enroll in a master's program after this horrid experience so I can really learn computer forensics!
The cmd is "steghide info filname.file extension" I'm told only to use the extract cmd which is "steghide extract -sf filename.file extension" but I get the message "steghide could not open the file filename.file extension"
Mariesa,
The issue is simple and may be something that you have overlooked…
The "filename.file extension" is not the command, you need to substitute this with the file you are looking at. For example, I have a file called DangerMouse.jpg that has used StegHide to place a txt file inside it, use this command;
steghide info dangermouse.jpg
You should get a report telling you first about the jpg file, then it will ask if you want to view info about the embedded data. You can go
The scope of the project is to use FTK to determine the source of a source code exposre, along with possible suspects and logs. I don't even know where to look for this.
What file type have they given you? Are they logs or a disk image? You may need to do a full analysis to find any data. FTK is merely a tool to assist in the analysis, not a push button to find the answers.
DM
I get what you're saying, but that command doesn't work. The exact commands
steghide info Sunset.jpg
Error "steghide could not open the file Sunset.jpg"
steghide extract -sf Sunset.jpg
Error "steghide could not open the file Sunset.jpg"
I know there is a hidden file - another student confrimed.
As for the logs, I have no clue where to find them in FTK. The logs are from a disk image I have in FTK. I have no clue how to analyze them - we weren't taught this.
Thank you!
Mariesa Limmer
Can you post the image to this board? I will have a look for you.
DM
what OS are you running?
Danger - I had a dumb moment! - the files were in the wrong folder. I moved it and got my file extracted. Re-ran the rest of the files to make sure I didn't miss anything since it doesn't take long.
Beetle - I'm running Windows Vista.
Now I'm working on the source code breach by going through files in FTK. Not sure what to look for - or search for. But I did fine one "employee" has nmap on their system for some reason. Any ideas about what to look for?
So, I was freaking out over nothing. I had a lot of the "evidence" already, but didn't realize it! Another student I just met has taken this course and did the same project. So we were able to go over everything. )
Thanks for the steghide help and offer to check the file danger!
-Mariesa Limmer