August 24, 2004

An Overview of Steganography for the Computer Forensics Examiner

A pretty good review of steganography. The taxonomy and references look good, and the explanations and examples are easy to understand: there are innocent looking pictures, and the maps that are hidden in them.

The only thing that dampened the scientific credibility was the conclusion that because we can't find any steganography (references well supplied and well analysed!) that doesn't mean there isn't any! As the author drifts off into law enforcement wet dreams, his grip on reality diminishes: "Steganography will not be found if it is not being looked for." Nonsense. It'll be found when it does some damage, and the correct posture is to ignore it, until found, along with all the MITM attacks, alien abductions, snipers in the street, and other things that go bump in the night.

Still, aside from that one little blemish, it's a good resource that refers to a lot of good stego programs for making and for searching.

http://www.garykessler.net/library/fsc_stego.html

Posted by iang at August 24, 2004 06:46 PM | TrackBack
Comments

If upon finding a problem those that are responsible know they are not looking in a particular area of concern they must at that time move to that square on the matrix and resolve if that is the issue for concern prove or disprove the theory. The wrong solution it to burn resources looking for something that is not there or may never be. Yet there is a need to keep the dark arts availible to those that may need to look into areas to solve problems. So the ranting about keeping a running check for something of no concern is falling on deaf ears. This shouting to the deaf might provoke a small response keeping the dark arts alive another day.

So the standard operting procedure is have a tangent of knowledge about everything and specialize according to need.

Posted by: Cha Cha at August 24, 2004 10:02 PM