.

Steganography in the Forensics Field

<<

harky

Newbie
Newbie

Posts: 10

Joined: Wed Dec 19, 2007 4:42 pm

Location: Germantown Hills, IL (seeking relocation to Chicago area)

Post Mon Apr 21, 2008 2:03 pm

Steganography in the Forensics Field

My name is Daniel Harkness. I am a graduate student at Iowa State University. I have a strong interest in Computer Forensics, and am currently enrolled in a steganography (information hiding) course. For my term project I am doing some background research for a possible funding proposal to create a steganography toolkit geared towards the Computer Forensics field. As part of this background research, I would like to get an idea of how much (if any) steganography has been seen in the field thus far, and what your opinions on the topic are.

I have created a brief, anonymous survey and would appreciate your assistance. The questions on the survey ask about your experiences with steganography and what you think will be important or useful in the future. The survey consists of 10 questions (although some have multiple parts) and are a mixture of multiple choice and short answer questions. I would expect that the survey could take from 1 - 30 minutes depending on whether you have experienced steganography or not and how much detail you go into. All questions are optional and you are invited to participate even if you have no experience with steganography. No personal data will be collected.

The survey can be accessed at:
http://www.questionpro.com/akira/TakeSurvey?id=943751
(To moderator: If direct links are not allowed, please remove the link and let me know.)

Thank you very much for your time, you can PM me if you have any questions.
Daniel Harkness
MCSA, MCSE, CCE
MS - CprE and InfAs
BS - CprE
BS - ComS
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Mon Apr 21, 2008 3:13 pm

Re: Steganography in the Forensics Field

When I was still doing investigations we would encounter this from time to time.  We had some tools that would give each file on a system a score from 1 to 5 (1 low to 5 high) that would estimate the likelihood that the file contained information obscured by steg.  It wasn't common, but it wasn't rare, to find such files.  Anything that scored a 4 or 5 got sent to No Such Agency.  Interestingly enough, it wasn't used to hide classified data, it was used to hide child pr0n.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

Artful Dodger

Newbie
Newbie

Posts: 43

Joined: Tue Apr 29, 2008 8:58 am

Post Tue Apr 29, 2008 9:06 am

Re: Steganography in the Forensics Field

Ive never personally come across it.  I imagine that has alot to do with the types of issues ive worked with.  That takes a certain amount of skill and understanding.  Personally, I think it is something that may get bigger in the future if someone comes up with a poular tool to make it understandable and easy for the dodgey folks.

Cheers!
Shane
CISSP, C|HFI, Security+, Network+, XYZ...blah.
<<

shakuni

Jr. Member
Jr. Member

Posts: 80

Joined: Sun Nov 04, 2007 2:24 pm

Post Wed May 28, 2008 1:40 am

A suggestion...

For my term project I am doing some background research for a possible funding proposal to create a steganography toolkit geared towards the Computer Forensics field.

It is very easy to implement tools that hide data in image files, mp3 file or any other kind of file. It's just a matter of understanding the file format and then finding the bits in the format whose change will not effect the real work of file significantly. For example, data can be hidden in the LSBs(Least significant bits) of bmp files pixel info bits without effecting the bmp file.

But detecting good steganography is really difficult . So I suggest research further in steganalysis and statistical analysis because it is really needed to detect the covert channels of criminals.
There is no rule, law or tradition that apply universally... including this one.

Return to Forensics

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software