Digital Forensic Investigation Using Steganography

Digital Forensic Investigation Using Steganography

BY SIFS India | September 01, 2024

Digital Forensic Investigation Using Steganography

Criminals use steganography techniques to communicate in a secretive manner so that third parties cannot access the information. This is becoming challenging for a digital investigator to find out those hidden messages and read them with casual eyes as these messages are generally encrypted. Here our purpose is to find out all the information about steganography techniques and how we will be able to detect steganography by using detection tools.


How Steganography Works?

Steganography is a technique that is used to hide a secret message in any audio or video or mp3 file. It uses encryption techniques (hash algorithm) that can be used as cryptography to provide an extra layer in protecting our message. The key concept behind steganography is that message cannot be detectable by the casual eye but it can be decoded. The purpose of steganography is covert communication to hide a message from a third party. 

Let’s understand how steganography works: first, install the software from the link which is free software

  • To add a secret message into a file first we need to change the file extension from JPEG to BMP.
  • Then open the tool and add the file to it and side by side create a text file in which you will write your message.
  • After adding a file then click on next and add another file and set the password that will help this file to decrypt.


Steganography in Forensic Investigation

This is the simplest way you can hide your secret message within the image file.

Now we will understand how this secret file helps in the investigation.

During a digital forensic investigation, it is important to collect all the data from the system which can be considered as useful evidence.

While checking all the data and applications in the system we can easily get an idea if there is any tool present related to steganography. If the tool is present then there is the possibility of finding a secret message.

Or we can also check is there any bitmap file extension present which is also an indication of a secret message file.

The type of steganography software found will directly impact any subsequent steganalysis for e.g. S-tool can direct investigator to GIF, BMP, and WAV files.


Tools Used for Detection

Here is a list of tools that can be used to detect steganography:

  • Stegdetect 
  • Xstegsecret 
  • Stego Watch 
  • StegAlyzerAS 
  • StegAlyzerRTS 
  • StegAlyzerSS 
  • StegSpy 
  • Gargoyle Investigator Forensic  
  • StegMark 

We will further proceed with our analysis by using WetStone Technologies’ Gargoyle software for the detection of steganography.

The second important function of steganography detection software is to find possible files that contain secret messages.

The detection tool would also provide some clues as to the steganography algorithm used to hide information in the suspect file so that the analyst might be able to attempt recovery of the hidden information.


Conclusion

It is probably not possible to know how widespread the use of steganography is by cyber criminals and terrorists. The use of steganography will be a growing hurdle for law enforcement and counterterrorism activities and will increase in the future. Ignoring the significance of steganography because of the lack of statistics is "security through denial" and not a good strategy.


References

1.https://www.garykessler.net/library/fsc_stego.html#:~:text=Steganography%20is%20the%20art%20of%20covered%20or%20hidden%20writing.&text=Examples%20of%20software%20tools%20that,of%20covered%20or%20hidden%20writing 

2.AccessData. Forensic Toolkit product page [Online]. (December 29, 2003). Available: http://www.accessdata.com/Product04_Overview.htm.\

Need help?

Contact by WhatsApp

Hello SIFS INDIA