An overview and computer forensic challenges in image steganography

The development of powerful imaging tools, editing images for changing their data content is becoming a mark to undertake. Tempering image contents by adding, removing, or copying/moving without leaving a trace or unable to be discovered by the investigation is an issue in the computer forensic world. The protection of information shared on the Internet like images and any other confidential information is very significant. Nowadays, forensic image investigation tools and techniques objective is to reveal the tempering strategies and restore the firm belief in the reliability of digital media. This paper investigates the challenges of detecting steganography in computer forensics. Open source tools were used to analyze these challenges. The experimental investigation focuses on using steganography applications that use same algorithms to hide information exclusively within an image. The research finding denotes that, if a certain steganography tool A is used to hide some information within a picture, and then tool B which uses the same procedure would not be able to recover the embedded image

Survey of the Use of Steganography over the Internet

This paper addressesthe use of Steganography over the Internet by terrorists. There were ru-mors in the newspapers that Steganography is being used to covert communication between terrorists, without presenting any scientific proof. Niels Provos and Peter Honeyman conducted an extensive Internet search where they analyzed over 2 million images and didn’t find a single hidden image. After this study the scientific community was divided: some believed that Niels Provos and Peter Honeyman was conclusive enough other did not. This paper describes what Steganography is and what can be used for, various Steganography techniques and also presents the studies made regarding the use of Steganography on the Internet.Steganography, Secret Communication, Information Hiding, Cryptography

Steganography and steganalysis for digital image enhanced Forensic analysis and recommendations

Image steganography and steganalysis, which involve concealing and uncovering hidden data within images, have gained significant attention in recent years, finding applications in various fields like military, medicine, e-government, and social media. Despite their importance in real-world applications, some practical aspects remain unaddressed. To bridge this gap, the current study compares image steganography and steganalysis tools and techniques for Digital Forensic Investigators (DFIs) to uncover concealed information in images. We perform a thorough review of Artificial Intelligence, statistical, and signature steganalysis methods, assesses both free and paid versions, and experiments with various image features like size, colour, mean square error (MSE), root mean square error (RMSE), and peak signal-to-noise ratio (PSNR) using a JPEG/PNG dataset. The research provides valuable insights for professionals in cybersecurity. The originality of this research resides in the fact that, although previous studies have been conducted in this area, none have explicitly examined the analysis of the selected tools—F5, Steghide, Outguess for image steganography, and Aletheia, StegExpose for image steganalysis—and their application to JPEG image analysis

New Algorithm to Enhance the Accuracy of Extracting Steganography Hidden Data

Cybercriminals are employing various techniques to conceal evidence from investigators, allowing them to avoid tracking the traces of the attack or the traces of crimes. Steganography of information was techniques and tactics used to hide the traces of a hacking or electronic attack. Steganography is one of the most severe methods of obfuscating traces to make it harder for investigators to uncover reliable evidence that can be used in court. In this research study, the problem was that the steganography tools that the authors used in previous studies in their research were not accurate in extracting all the hidden data, and their efficiency was poor.  The objectives of this research are to evaluate the accuracy of extracting the hidden data by creating different scenarios using python script. Furthermore, develop a new algorithm to enhance the accuracy of extracting veiled data by using Tkinter framework. Finally, to evaluate the performance of the proposed new algorithm by comparing the proposed algorithm with different steganography tools. The proposed algorithm was able to increase the accuracy by 90% and extract the hidden data compared with different tools such as openstego stegspy and stegovirtas

The Automation of the Extraction of Evidence masked by Steganographic Techniques in WAV and MP3 Audio Files

Antiforensics techniques and particularly steganography and cryptography have become increasingly pressing issues that affect the current digital forensics practice, both techniques are widely researched and developed as considered in the heart of the modern digital era but remain double edged swords standing between the privacy conscious and the criminally malicious, dependent on the severity of the methods deployed. This paper advances the automation of hidden evidence extraction in the context of audio files enabling the correlation between unprocessed evidence artefacts and extreme Steganographic and Cryptographic techniques using the Least Significant Bits extraction method (LSB). The research generates an in-depth review of current digital forensic toolkit and systems and formally address their capabilities in handling steganography-related cases, we opted for experimental research methodology in the form of quantitative analysis of the efficiency of detecting and extraction of hidden artefacts in WAV and MP3 audio files by comparing standard industry software. This work establishes an environment for the practical implementation and testing of the proposed approach and the new toolkit for extracting evidence hidden by Cryptographic and Steganographic techniques during forensics investigations. The proposed multi-approach automation demonstrated a huge positive impact in terms of efficiency and accuracy and notably on large audio files (MP3 and WAV) which the forensics analysis is time-consuming and requires significant computational resources and memory. However, the proposed automation may occasionally produce false positives (detecting steganography where none exists) or false negatives (failing to detect steganography that is present) but overall achieve a balance between detecting hidden data accurately along with minimising the false alarms.Comment: Wires Forensics Sciences Under Revie

Defending Against Insider Use of Digital Steganography

The trusted insider is among the most harmful and difficult to detect threats to information security, according to the Federal Plan for Information Assurance and Cyber Security Research and Development released in April 2006. By default, employees become trusted insiders when granted the set of privileges needed to do their jobs, which typically includes access to the Internet. It is generally presumed the insiders are loyally working to achieve the organization’s goals and objectives and would not abuse the privileges given to them. However, some insiders will inevitably abuse some of their privileges. For example, a trusted insider might abuse their privilege of access to the Internet to download, install, and use an information hiding tool, such as one of the hundreds of digital steganography applications available on the Internet, to steal sensitive, classified, or proprietary information. Effective countermeasures to this threat must begin with an organizational policy prohibiting installation of information hiding tools on user workstations and must also include automated tools capable of detecting attempts to download and use digital steganography applications. This paper will describe the threat from insider use of digital steganography applications; a new approach to detecting the presence or use of these applications; and extraction of hidden information when a known signature of one of these applications is detected. The analytical approach to steganalysis involves the development and use of computer forensic tools that can detect fingerprints and signatures of digital steganography applications. These tools can be employed in both an off-line forensic-based mode as well as a real-time network surveillance mode. Detection of fingerprints or signatures in either mode may lead to the discovery and extraction of hidden information. Accordingly, this approach represents a significant improvement over traditional blind detection techniques which typically only provide a probability that information may be hidden in a given file without providing a capability to extract any hidden information. Keywords: insider, steganography, steganalysis, computer forensics, artifacts, fingerprints, hash values, signature

Steganalysis Techniques: A Comparative Study

Steganography is the art of hiding information within cover objects like images or audio/video files. It has been widely reported that there has been a surge in the use of steganography for criminal activities and therefore, implementing effective detection techniques is an essential task in digital forensics. Unfortunately, building a single effective detection technique still remains one of the biggest challenges. This report presents a comparative study of three steganalysis techniques. We investigated and compared the performances of each technique in the detection of embedding methods considered. Based on the results of our analysis, we provide information as to which specific steganalysis technique needs to be used for a particular steganographic method. Finally, we propose a procedure which may help a forensic examiner to decide an order in which different steganalysis techniques need to be considered in the detection process to achieve the best detection results in terms of both time and accuracy