STEGANOGRAPHY

EXCELLENT COMPILE LIST OF STEGANOGRAPHY TOOLS PUT TOGETHER BY DR. NEIL F. JOHNSON

http://www.jjtc.com/Steganography/toolmatrix.htm

STEGALYZERAS (COMMERCIAL)

http://www.sarc-wv.com/stegalyzeras.aspx

THE STEGANOGRAPHY ANALYZER ARTIFACT SCANNER (STEGALYZERAS) IS A DIGITAL FORENSIC ANALYSIS TOOL DESIGNED TO EXTEND THE SCOPE OF TRADITIONAL DIGITAL FORENSIC EXAMINATIONS BY ALLOWING THE EXAMINER TO SCAN SUSPECT MEDIA, OR FORENSIC IMAGES OF SUSPECT MEDIA, FOR KNOWN ARTIFACTS OF STEGANOGRAPHY APPLICATIONS.
RESIDUAL ARTIFACTS MAY BE IDENTIFIED BY SCANNING THE FILE SYSTEM AS WELL AS THE REGISTRY ON A MICROSOFT WINDOWS® SYSTEM. STEGALYZERAS ALLOWS FOR THE SEARCH OF FILES BY USING CRC-32, MD5, SHA-1, SHA-224, SHA-256, SHA-384, AND SHA-512 HASH VALUES STORED IN THE STEGANOGRAPHY APPLICATION FINGERPRINT DATABASE (SAFDB) AND REGISTRY ENTRIES STORED IN THE REGISTRY ARTIFACT KEY DATABASE (RAKDB) DISTRIBUTED WITH STEGALYZERAS.

PRODUCT HIGHLIGHTS IN STEGALYZERAS:

  • CASE GENERATION AND MANAGEMENT
  • CAPABILITY TO MOUNT AND SCAN FORENSIC IMAGES OF STORAGE MEDIA IN ENCASE, RAW (DD), AND SMART FORMATS
  • AUTOMATED SCANNING OF AN ENTIRE FILE SYSTEM, INDIVIDUAL DIRECTORIES, OR INDIVIDUAL FILES ON SUSPECT MEDIA FOR THE PRESENCE OF STEGANOGRAPHY APPLICATION FILE ARTIFACTS
  • AUTOMATED SCANNING OF THE MICROSOFT WINDOWS® REGISTRY FOR THE PRESENCE OF REGISTRY ARTIFACTS ASSOCIATED WITH PARTICULAR STEGANOGRAPHY APPLICATIONS
  • FILE AND REGISTRY ARTIFACT EVIDENCE VIEWERS ALLOW THE EXAMINER TO VIEW EVIDENCE ACCORDING TO THE PERCENTAGE OF ARTIFACTS THAT WERE DISCOVERED FOR EACH STEGANOGRAPHY APPLICATION DETECTED
  • SCAN SUMMARY VIEWER ALLOWS THE EXAMINER TO QUICKLY VIEW A STATISTICAL SUMMARY OF ANY PREVIOUS SCAN PERFORMED DURING A PARTICULAR EXAMINATION
  • EXTENSIVE REPORT GENERATION IN HTML FORMAT
  • AUTOMATED LOGGING OF KEY EVENTS AND INFORMATION OF POTENTIAL EVIDENTIARY VALUE
  • INTEGRATED HELP FEATURE TO EXPLAIN SPECIFIC FEATURES AND FUNCTIONS

STEGALYZERSS (COMMERCIAL)

http://www.sarc-wv.com/stegalyzerss.aspx

THE STEGANOGRAPHY ANALYZER SIGNATURE SCANNER (STEGALYZERSS) IS A DIGITAL FORENSIC ANALYSIS TOOL DESIGNED TO EXTEND THE SCOPE OF TRADITIONAL DIGITAL FORENSIC EXAMINATIONS BY ALLOWING THE EXAMINER TO SCAN FILES ON SUSPECT MEDIA, OR FORENSIC IMAGES OF SUSPECT MEDIA, FOR UNIQUE HEXADECIMAL BYTE PATTERNS, OR KNOWN SIGNATURES, LEFT INSIDE FILES WHEN PARTICULAR STEGANOGRAPHY APPLICATIONS ARE USED TO EMBED HIDDEN INFORMATION WITHIN THEM.
STEGALYZERSS EXTENDS THE SIGNATURE SCANNING CAPABILITY BY ALSO ALLOWING THE EXAMINER TO USE OTHER TECHNIQUES FOR DETECTING WHETHER INFORMATION MAY HAVE BEEN APPENDED TO, OR HIDDEN WITHIN, POTENTIAL CARRIER FILES. STEGALYZERSS HAS BEEN FOUND TO BE EFFECTIVE IN IDENTIFYING FILES THAT CONTAIN HIDDEN STEGANOGRAPHIC DATA BY THE DEFENSE CYBER CRIME INSTITUTE (DCCI) AND THE CYBERSCIENCE LABORATORY (CSL).

PRODUCT HIGHLIGHTS IN STEGALYZERSS:

  • CASE GENERATION AND MANAGEMENT
  • CAPABILITY TO MOUNT AND SCAN FORENSIC IMAGES OF STORAGE MEDIA IN ENCASE, RAW (DD), OR SMART FORMATS
  • AUTOMATED SCANNING OF AN ENTIRE FILE SYSTEM, INDIVIDUAL DIRECTORIES, OR INDIVIDUAL FILES ON SUSPECT MEDIA FOR THE PRESENCE OF KNOWN SIGNATURES OF PARTICULAR STEGANOGRAPHY APPLICATIONS
  • IDENTIFY FILES THAT HAVE INFORMATION APPENDED BEYOND THE FILE'S END-OF-FILE MARKER WITH THE APPEND ANALYSIS FEATURE AND ANALYZE THE FILES IN A HEX EDITOR VIEW TO DETERMINE THE NATURE OF THE HIDDEN INFORMATION
  • IDENTIFY FILES THAT HAVE INFORMATION EMBEDDED USING LEAST SIGNIFICANT BIT (LSB) IMAGE ENCODING WITH THE LSB ANALYSIS FEATURE AND EXTRACT AND REARRANGE THE LSBS FOR ANALYSIS IN A HEX EDITOR VIEW TO DETERMINE IF INFORMATION HAS BEEN HIDDEN WITHIN THE FILE
  • EXCLUSIVE AUTOMATED EXTRACTION ALGORITHM FUNCTIONALITY FOR SELECTED STEGANOGRAPHY APPLICATIONS GIVES EXAMINERS A "POINT-CLICK-AND-EXTRACT" INTERFACE TO EASILY EXTRACT HIDDEN INFORMATION FROM SUSPECT FILES
  • EXTENSIVE REPORT GENERATION IN HTML FORMAT
  • AUTOMATED LOGGING OF KEY EVENTS AND INFORMATION OF POTENTIAL EVIDENTIARY VALUE
  • EXPORT SESSION ACTIVITY AND EVIDENCE LOGS IN COMMA SEPARATED VALUE (.CSV) FORMAT
  • INTEGRATED HELP FEATURE TO EXPLAIN SPECIFIC FEATURES AND FUNCTIONS

STEGDETECT

http://www.outguess.org/download.php

STEGDETECT IS AN AUTOMATED TOOL FOR DETECTING STEGANOGRAPHIC CONTENT IN IMAGES. IT IS CAPABLE OF DETECTING SEVERAL DIFFERENT STEGANOGRAPHIC METHODS TO EMBED HIDDEN INFORMATION IN JPEG IMAGES.
CURRENTLY, THE DETECTABLE SCHEMES ARE:

  • JSTEG,
  • JPHIDE (UNIX AND WINDOWS),
  • INVISIBLE SECRETS,
  • OUTGUESS 01.3B,
  • F5 (HEADER ANALYSIS),
  • APPENDX AND CAMOUFLAGE.

STEGBREAK IS USED TO LAUNCH DICTIONARY ATTACKS AGAINST JSTEG-SHELL, JPHIDE AND OUTGUESS 0.13B.

STEGHIDE

http://steghide.sourceforge.net/

STEGHIDE IS A STEGANOGRAPHY PROGRAM THAT IS ABLE TO HIDE DATA IN VARIOUS KINDS OF IMAGE- AND AUDIO-FILES. THE COLOR- RESPECTIVELY SAMPLE-FREQUENCIES ARE NOT CHANGED THUS MAKING THE EMBEDDING RESISTANT AGAINST FIRST-ORDER STATISTICAL TESTS.

OUTGUESS

http://www.outguess.org/

OUTGUESS IS A UNIVERSAL STEGANOGRAPHIC TOOL THAT ALLOWS THE INSERTION OF HIDDEN INFORMATION INTO THE REDUNDANT BITS OF DATA SOURCES. THE NATURE OF THE DATA SOURCE IS IRRELEVANT TO THE CORE OF OUTGUESS. THE PROGRAM RELIES ON DATA SPECIFIC HANDLERS THAT WILL EXTRACT REDUNDANT BITS AND WRITE THEM BACK AFTER MODIFICATION. IN THIS VERSION THE PNM AND JPEG IMAGE FORMATS ARE SUPPORTED. IN THE NEXT PARAGRAPHS, IMAGES WILL BE USED AS CONCRETE EXAMPLE OF DATA OBJECTS, THOUGH OUTGUESS CAN USE ANY KIND OF DATA, AS LONG AS A HANDLER IS PROVIDED.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License