Steganography and Steganalysis are two different sides of the same coin. Therefore, do not confuse both of them to be the same. Steganography is the method of hiding messages in plain sight. Whereas, Steganalysis tries to detect the hidden message and retrieve the embedded data. Being said that, cyber-criminals are extensively using Steganography to hide incriminating material in their possession. Therefore, having an understanding about Steganalysis and learning the art of detecting hidden messages plays a very important role in computer forensics.
In this article, we will discuss Steganalysis, how to identify steganography, and the tools required for Steganalysis.
What Is Steganalysis In Computer Forensics?
Steganalysis in computer forensics is the technology of defeating steganography by identifying the hidden information, extracting it, and destroying it. Being said that, anyone who makes use of Steganalysis for detecting and defeating the hidden information is referred to as a Steganalyst.
The overall purpose of Steganalysis in computer forensics to identify the existence of a hidden message is to identify the tools which were used to hide the message in the first place. If the Steganalyst is able to identify the tool that was used for hiding the message, then the analyst can use the same tool for extracting the original message and subsequently destroying that message. Being said that, some of the most common hiding techniques includes appending to a file, hidden information in the unused header portion of the file, or the algorithm which is used to disperse the hidden message throughout the file.
How to Identify Steganography
There are a number of different methods of identifying steganography based on the kind of information available with the analyst. The following are some of them.
- Stego-only attack – In this type of attack, only the stego-object is available for analysis with the Steganalyst.
- Known cover attack – In this type of attack, both the stego-object and the original medium is available with the Steganalyst. Being said that, the stego-object is compared with the original medium to determine any hidden information.
- Known message attack – In this type of attack, the hidden message as well as the corresponding stego-image are known to the Steganalyst. The patterns which corresponds to the information being hidden can help in discovering the information in future.
- Known stego attack – In such attack, both the stenography algorithm as well as the stego-object and original object are known to the Steganalyst.
- Chosen stego attack – In such attack, both the stenography algorithm as well as the stego-object are known to the Steganalyst.
- Chosen message attack – In such attack, the Steganalyst generates the stego-object by using a tool or algorithm of the chosen message. The overall goal is to understand the patterns in the stego-object.
Digital Forensic Tools Required For Steganalysis
Stegdetect is one of the most commonly use Steganalysis tool. This digital forensic tool can help in finding the hidden information in the JPEG images by using steganography schemes such as invisible secrets, JPHide, F5, and JSteg. Moreover, the tool also has a graphical interface that is known as Xsteg.
Stego Suite from WetStone Tecnologies is another digital forensic tool that can help with Steganalysis. It the suite consist of three different products such as Stego Watch, Stego Analyst, and Stego Break. All of these three different products can help the Steganalyst in their digital forensic investigation.
Computer Hacking Forensic Investigator Certification
The EC-Council Computer Hacking Forensic Investigator (CHFI) Certification Program helps you in detecting and extracting evidence properly so as to report crime and audits to prevent such attacks from happening in the future. The tools and techniques covered in EC-Council’s CHFI program will prepare you to conduct computer investigations using ground-breaking digital forensics technologies.