Professional Documents
Culture Documents
DF011G07_Steganalysis
DF011G07_Steganalysis
DF011G07_Steganalysis
Welcome to:
Steganalysis - Data Hiding/Recovery
• Steganography has become increasingly popular in the past years, due to the explosion of
the internet and multi-media use in general.
• Most of the attention has been drawn now because of the malicious use of the technique.
• It has become a threat not only to individuals and businesses, but to government agencies
across the world.
• Not only are there several programs that hide information, there are several different
methods for doing so.
• There are three basic ways:
– injection,
– substitution, and
– generation.
Steganography in Images
• Steganography in images is mainly classified into:
– >Least significant bit (LSB) insertion method.
– >Masking and filtering.
– >Algorithms and transformation.
• There are mainly three transformation techniques:
1. Fast Fourier transformation technique (FFT)
2. Discrete cosine transformation technique (DCT).
3. Discrete Wavelet transformation technique (DWT).
• Steganography tools aim to ensure robustness against modern forensic methods, such as
statistical steganalysis.
• A relatively new field, since the new technology behind steganography is just becoming
popular.
Figure2:
This color selection dialogue box shows the red,
green, and blue (RGB) levels of this selected color.
• Rapid advancement of the Voice over Internet Protocol (VoIP) and various Peer-to-Peer
(P2P) audio services offer numerous opportunities for covert communication.
• Minor alteration in the binary sequence of audio samples with existing steganography tools
can easily make covert communication, a reality.
• Audio signals are ideal to be used as a cover for covert communications to hide secret
messages.
• Xiao Steganography
• Image Steganography
• Steghide
• Crypture
• SteganographX Plus
• rSteg
• SSuite Picsel
• Our Secret
• Camouflage
• OpenStego
• SteganPEG
• Hide’N’Send
• Hydan
• StegFS
• FreeOTFE
• TrueCrypt
• Steghide
• And, of course, there are more extreme cases, like when a hard drive is recovered from a
plane crash; amazingly, some data recovery specialists can retrieve data from storage media
that’s been almost completely destroyed.
The methods used to recover lost data depend on how the data was lost in the first place; let’s
take a look at some of the most common forms here.
• File Deletion
• File Corruption
• File System Format or Damage
• Physical Damage
– Physical damage may be dealt with by replacing old parts.
The process of repairing physical damages may allow the user to use the hard disk, though it may not
be sufficient for the computer to run in its entirety since Logical damage may be still be present.
• Logical Damage
– Logical damage means that the system or storage may be corrupted due to unintentional partition,
accidental formatting and deletions, power failure, virus attacks or memory overflow.
The methods used to recover lost data depend on how the data was lost in the first place.
• To get the best possible data recovery result it is strongly recommended to stop any write
access to the storage and run data recovery software immediately.
• Electronic data is part of all of our lives, some is business and some is pleasure.
• The loss of either can devastate you financially, emotionally or both. There are several ways
that data can become inaccessible to you.
• Most of these failures are recoverable, some of them are not.
• The best way to address data loss is to prevent it from occurring in the first place.
• Data backup permits the user to restore any file or data if ever logical or physical damage
occurs.
• External protection must also be observed. Hard disk drives are sensitive.
• Not all data can be recovered. There may be cases where it is impossible to repair or retrieve
any data because of the severe damage obtained by the hard disk, particularly the platter.
• There is specialized software that can extract corrupt data with the exception to physically
damaged disc. Although it is no way complete, any data recovered can be reconstructed for
reference. Mostly, data recovery through Imaging involves the following:
– Access the hard drive directly instead of being dependent to the Operating System as set by its BIOS
configuration.
– Reading the Bad Sector instead of skipping it.
– Overriding resetting / restarting command when reading the disk.
• The imaging technique specializes on getting what can be "read" on the entire disk by
avoiding any command that will restart the process once an error is detected, after this data
reconstruction follows.
4. ____________ was implemented in order to allow compatibility with the Hierarchical File System(HFS).
A. Active Data System
B. Active Data System
C. Forensic Data System
D. Alternate Data Streams
1. C
2. B
3. B
4. D
5. B