NCJ Number
218688
Date Published
July 2004
Length
27 pages
Annotation
This paper presents a high-level technical introduction to steganography (covered or hidden writing) for forensic computer examiners in need of a practical understanding of steganography.
Abstract
Coined at the end of the 15th century, steganography is the art of covered or hidden writing. The purpose of steganography is covert communication to hide a message from a third party. Steganography hides the covert message but not the fact that two parties are communicating with each other. The steganography process generally involves placing a hidden message in some transport medium, called the carrier. Many common digital steganography techniques employ graphical images or audio files as the carrier medium. There are many ways in which messages can be hidden in digital media. Examiners are familiar with data that remains in file slack or unallocated space. Information can also be hidden on a hard drive in a secret partition. Another digital carrier can be the network protocols. Steganalysis, the detection of steganography by a third party, is a relatively young research discipline with few articles appearing before the late 1990s. Steganalysis is intended to detect or estimate hidden information based on observing some data transfer and making no assumptions about the steganography algorithm. Steganalysis techniques can be classified based on how much prior information is known. This paper presents examples of currently available software that can detect the presence of steganography programs, detect suspect carrier files, and disrupt steganographically hidden messages. The paper is intended as a high-level technical introduction to steganography for those unfamiliar with the field. It is directed at forensic computer examiners who need a practical understanding of steganography without delving into the mathematics. The emphasis of the paper is on digital applications, focusing on hiding information in online image or audio files. Figures, table, references, and appendixes A-C