Abstract
In this paper we introduce a new software concept specifically designed to allow the digital forensics professional to clearly identify and attribute instances of LSB image steganography by using the original cover image in side-by-side comparison with a suspected steganographic payload image. The “CounterSteg” software allows detailed analysis and comparison of both the original cover image and any modified image, using sophisticated bit- and color-channel visual depiction graphics. In certain cases, the steganographic software used for message transmission can be identified by the forensic analysis of LSB and other changes in the payload image. The paper demonstrates usage and typical forensic analysis with eight commonly available steganographic programs. Future work will attempt to automate the typical types of analysis and detection. This is important, as currently there is a steep rise in the use of image LSB steganographic techniques to hide the payload code used by malware and viruses, and for the purposes of data exfiltration. This results because of the fact that the hidden code and/or data can more easily bypass virus and malware signature detection in such a manner as being surreptitiously hidden in an otherwise innocuous image file.
Original language | American English |
---|---|
State | Published - May 18 2018 |
Externally published | Yes |
Disciplines
- Aviation Safety and Security
- Computer Law
- Computer Sciences
- Defense and Security Studies
- Forensic Science and Technology
- Information Security
- National Security Law
- OS and Networks
- Other Computer Sciences
- Social Control, Law, Crime, and Deviance