steganography Assignment|Course hero helper

Posted: February 26th, 2023

ISSC458 Week 8 Assignment

Name: _________________________ Date: _____________

Deadlines from 1 hour
Get A+ help
with any paper

Fill in your name above, put your full response below each question, save the file using the file naming convention: “ ISSC458_Week8_Assignment_LastName_FirstName.doc” where LastName is your last name and FirstName is your first name, then return this document for grading.

Instructions: Steganography allows hiding sensitive information inside image (and audio) files. During a computer forensic investigation, you will need to analyze image files as part of the evidence. In addition to viewing the image looking for any illicit content, you should also consider analyzing all images files concealed data by means of steganography.

For this exercise, each student will use steghide to embed a Word document within an image file, but keep a copy of the original file. Next, students post both the original image file and the modified image to the Week 8 – Assignment forum. Finally, each student will analyze both images from another student with any image viewer and with WinHex to determine the original file and the modified image.

Submission Instructions: Answer the questions

Assignment Rubric ( 100 Points)

Synthesis of Concepts 60
Writing Standards – APA format 20
Timeliness 20

Hardware/Software Setup Required

Steghide (available at http://sourceforge.net/projects/steghide/files/ or the EC-Council Certification Portal http://portal.eccouncil.org/ )

WinHex 15-1 SR-8 (available at http://www.x-ways.net/winhex/ or the EC-Council Certification Portal http://portal.eccouncil.org/ )

StegDetect 0.4 (available at http://www.outguess.org/download.php or the EC-Council Certification Portal http://portal.eccouncil.org/ )

Optional resources

DocumentToHide.doc

Stega01.jpg

Problem Description

Steganography allows hiding sensitive information inside image (and audio) files. During a computer forensic investigation, you will most likely need to analyze image files as part of the evidence. In addition to viewing the image looking for any illicit content, you should also consider analyzing all images files for concealed data by means of steganography.

For this exercise, each student will use steghide to embed a Word document within an image file, but keep a copy of the original image file. Next, students post both the original image file and the modified image to the Week 8 – Assignment forum. Finally, each student will analyze both images form another student with any image viewer and with WinHex to determine the original file and the modified image.

In addition, use stegdetect with the modified file and comment on the outcome.

Estimated completion time: 80 minutes

Outcome

Report the required steps for these tasks.

Validation/Evaluation

· What are some of the options for the steghide command?

· Do the original and modified images look the same?

· Can a hex editor help revealing the presence of hidden information?

· Can stegdetect recognize the presence of hidden information? If not, why not?

Assignment Specific Directions:

1. Download steghide from the EC-Council Certification Portal.

2. Unzip the steghide-0.5.1-win32.zip file to C:\steghide.

3. Click Start->Run, write cmd and press Enter to open a new command prompt window.

4. In the command prompt window type cd c:\steghide and press Enter.

image1.png

5. Type steghide –help and press Enter to get more information about the steghide command.

image2.png

6. Now, choose the file that you want to hide and move it to c:\steghide. Note: For this exercise, we will be using DocumentToHide.doc. Students are welcome to replace this file and the image file with their own files.

7. In addition, check the size of the file to hide. In our case, the size of DocumentToHide.doc is 323KB.

8. Next, choose the image file that will conceal the file selected in the previous step and also move it to c:\steghide. Note: For this exercise we will be using Stega01.jpg. Again, students can change this file for their own image files.

9. We need to check the capacity of the image file and match it with the size of the file to hide. If the image file has a smaller capacity, we either select a different image or modify the original image file to be bigger. Note: Stega01.jpg was modified with an image editor to increase its capacity so DocumentToHide.doc could be embedded within it. Any student using his or her own image file should modify it accordingly.

10. To check an image capacity type steghide –info Stega01.jpg and press Enter. image3.png

11. When asked if you want to get information about the embedded data, just type n.

image4.png

12. The following are the options for embedding the file:

a. Encryption algorithm: AES (Rijndael)

b. Passphrase: “steganography”

c. Compression level: maximum supported

13. To find out the information about supported encryption algorithms, type steghide –encinfo and press Enter.

image5.png

Note that there are two Rijndael options: rijndael-128 and rijndael-256.

14. In step 5, we learned that the –p <passphrase> option allows us to specify a passphrase. In addition, the –z <l> allows us to specify a compression level being 9 the best compression option.

15. Use Windows Explorer to make a copy of the original image file. Note: We will call this copy Copy of Stega01.jpg.

image6.png

16. Now, to conceal the information within the image file, type steghide –embed -ef DocumentToHide.doc -cf Stega01.jpg -p steganography -e rijndael-128 -z 9 -v and press Enter. Note: you can refer back to step 5 for an explanation of each of these options or type steghide –help for more information.

image7.png

17. Next, we will open both the original image file and the modified image file with any image viewer to verify that they are the same image .

image8.png image9.png

18. Finally, rename both images as Img01.jpg and Img02.jpg and exchange images with your lab partner for the second part of this lab .

At this point, students should exchange files. The next steps will apply to the files received from each student’s lab partner.

19. We will try to determine what file is the original image and what file contains the modified image.

20. First, open both received files with an image viewer to check for differences in both images.

21. As shown above, both images look very alike .

22. This time, use WinHex (download and install it if you haven’t done that before) to open both files .

23. A quick inspection shows that although both files display the same image, their contents are indeed different.

image10.png

24. A closer inspection reveals the following:

a. Img02.jpg has a header with Adobe Photoshop information.

b. Img02.jpg has several blocks with 00 values; this is very rare for Img01.jpg.

Note: Large blocks of 00 values are used by steganography tools to conceal information.

image11.png

25. Based on the above observations, one can conclude that Img02.jpg is the original image. Check these results with your partner.

26. For the final part of the lab, download StegDetect 0.4- Windows Binary from http://www.outguess.org/download.php

27. Unzip the stegdetect.zip file to c:\stegdetect.

28. Run xsteg.exe.

image12.png

29. Open the Img01.jpg file using the File->Open option.

image13.png

30. Stegdetect will automatically examine the file looking for concealed information and report the results. In this case, the results were negative for all scan options.

image14.png

Final Comments

Steganography is a powerful tool for concealing information. As shown before, an image hiding information looks very similar to the original image, being almost impossible for the naked eye to detect the difference. A hex editor is required for this task.

Although there are several automated steganalysis tools, they are often tailored for specific steganography flavors or tools. The experience and judgment of the investigator is essential for the entire analysis process and cannot be replaced by any tool.

Even if you find a tool that can tell that an image file is hiding some other information, it is common for steganography tools to encrypt the information before hiding it. This additional step complicates the entire process even further. Now, the investigator not only needs to extract the concealed information but also decrypt it. This last task can prove very difficult if the steganography tool used known standard encryption algorithms and a strong key.

However, a crafty investigator can detect a modified image by following the steps above, using steganalysis tools, or any other technique. In various countries, the presence of concealed information can be considered an attempt to commit a crime, which can be the basis for a warrant for the concealing process and key. This information can be later used to reveal the hidden information.

Secret information concealed using steganography.

Field 1 Field 2 Field 3
Description 1 Value 1 Value 1.1
Description 2 Value 2 Value 2.1
Description 3 Value 3 Value 3.1
Description 4 Value 4 Value 4.1

SOLUTION

  • Do the original and modified images look the same? The original and modified images may not look the same, depending on how the data was embedded. However, they should appear similar to the human eye. If the modified image is significantly different from the original image, this could indicate that steganography has been used to hide data. Can a hex editor help revealing the presence of hidden information? Yes, a hex editor can help reveal the presence of hidden information. When data is embedded in an image file using steganography, the file size may increase, indicating that additional data is present. A hex editor can be used to examine the file and identify any additional data that may be present.

Expert paper writers are just a few clicks away

Place an order in 3 easy steps. Takes less than 5 mins.

Calculate the price of your order

You will get a personal manager and a discount.
We'll send you the first draft for approval by at
Total price:
$0.00