The document discusses computer forensics and its processes, including the classification and application of steganography techniques. It highlights the historical context of steganography, its uses in digital formats, and various tools for embedding hidden messages within digital media. The text emphasizes the importance of preserving evidence integrity in forensic investigations and the implications of poor practices.

2. What is Computer Forensics?
 Uses of Computer Forensics.
 Forensic Processes.
 What is Steganography?
 Examples of Steganography in history.
 Classification of Steganography Techniques.
 Application of Steganography in Computer
Forensics.
 Steganography Tools.


3. Use of Scientific knowledge for collecting,
analyzing and presenting evidence to the
court.
 Forensics means “to bring to the court”


4. Helps to ensure overall integrity and
survivability of network infrastructure.
 Defence-in-depth.
 Bad practices of computer forensics may
result in destroying of vital evidences.


5. Computer forensics has been used since
mid 1980s as evidence in the court
BTK Killer
 Joseph E. Duncan III
 Sharon Lopatka


6. Cross-drive analysis
 Live analysis
 Deleted Files
 Steganography


7. 
Art of Covered or hidden writing.
Steganography (greek word)
στεγανός
γραφία
covered
writing

8. 
Invisible ink (1st century AD - WW II)

Tatoo message on head

Overwrite select characters in printed type in
pencil
› look for the gloss

Pin punctures in type

Microdots (WW II)

Newspaper clippings, knitting instructions, XOXO
signatures, report cards, …

9. 
Steganography received little attention in
computing

Renewed interest because of industry desire to
protect copyrighted digital work
›
›
›
›
audio
images
video
Text

Detect counterfeiter, unauthorized
presentation, embed key, embed author ID

Steganography ≠ Copy protection

11. Hide message among irrelevant data
 Confuse the cryptoanalyst


12. Hide message among irrelevant data
 Confuse the cryptoanalyst

Big rumble in New Guinea.
The war on
celebrity acts should end soon.
Over four
big ecstatic elephants replicated.

13. Hide message among irrelevant data
 Confuse the cryptoanalyst

Big rumble in New Guinea.
The war on
celebrity acts should end soon.
Over four
big ecstatic elephants replicated.
Bring two cases of beer.

14. 

Separate good messages from the bad ones
Stream of unencoded messages with signatures
› Some signatures are bogus
› Alice key to test
Need
M3
M2
M1
Bob
M0
M3
M3
M2
M1
M0
?
?
?
?
M1
M0
×
Irene
M2
OK
×
×

15. Spatial domain watermarking
› bit flipping
› color separation
 Frequency domain watermarking
› embed signal in select frequency bands (e.g.

high frequency areas)
› apply FFT/DCT transform first
› e.g. Digimarc
› watermark should alter the least perceptible bits
 these are the same bits targeted by lossy image
compression software

16. 


Today, it often exists within digital formats
It makes use of seemingly innocent cover files such
as text, audio, and image files
The embedded message may be anything that can
be encoded in binary

17. Perceptual coding
› inject signal into areas that will not be detected by
humans
› may be obliterated by compression
Hardware with copy-protection
› not true watermarking - metadata present on media
› DAT
› minidisc
› presence of copy protection mechanisms often failed to
give the media wide-spread acceptance

18. 
Coding still frames - spatial or frequency

data encoded during refresh
› closed captioning

visible watermarking
› used by most networks (logo at bottom-
right)

19. Digital images are made up of pixels
 The arrangement of pixels make up the image’s
“raster data”
 8-bit and 24-bit images are common
 The larger the image size, the more information you
can hide. However, larger images may require
compression to avoid detection


20. Least Significant Bit Insertion
 Masking and Filtering


21. Replaces least significant bits with the
message to be encoded
 Most popular technique when dealing
with images
 Simple, but susceptible to lossy
compression and image manipulation


22. A sample raster data for 3 pixels (9 bytes)
may be:
00100111 11101001 11001000
00100111 11001000 11101001
11001000 00100111 11101011
00100111 11101000 11001000
00100110 11001000 11101000
11001001 00100111 11101011
Inserting
the binary
value for
A
(10000001)
changes
4 bits

23. Masks secret data over the original data
by changing the luminance of particular
areas
 During masking, it embed the message
within significant bits of the cover image
 Not susceptible to lossy techniques
because image manipulation does not
affect the secret message


24. 
Digital Watermarking – provides
identification pertaining to the owner;
i.e. license or copyright information
- Invisible vs Visible

Fingerprinting – provides identification of
the user; used to identify and track illegal
use of content

25. Software
BMPSecrets
DarkCryptTC
MP3Stego
OpenPuff
PHP-Class
StreamSteganography
Supporting Files
Notes
BMP, JPG, TIFF, GIF
Allows to replace upto 5060% of picture with
information
BMP, JPG, TIFF, PNG,
PSD, TGA, MNG, WAV,
TXT, HTML, XML, EXE,
DLL
MP3
BMP, JPEG, PNG,TGA,
MP3, WAV, 3fp, MP4,
MPEG-2, FLV, VOB, Pdf
RSD mode(RNG-based
random data distribution)
Source code provided
256-bit multi-encryption,
carrier chains, Multi-layered
obfuscation
PNG
-
Steganography Studio
BMP, PNG, GIF
Different hiding methods
included (LSC, LSC
matching, SLSB, ….)
Steganographic Laboratory
(VSL)
BMP, PNG, JPG, TIFF
Open Source

26. 




Wikipedia
Exploring Steganography: Seeing the Unseen – N.
Johnson & S. Jajodia
www.jjtc.com/stegdoc/steg1995.html
Information Hiding: Techniques for Steganography
and Digital Watermarking” – S. Katzenbeisser, F.
Petitcolas
Digital Watermarking – H. Bergel,
L.
O’Gorman

28. Xavier Prathap. W
St. Claret College, Jalahalli