Attached is the assignment right along with the documents that assist with completing assignment
ISSC458
Week 8 Assignment
Name: _________________________
Date: _____________
Fill in your name above, put your full response below each question, save the file using the file naming convention: “
ISSC458_Week8_Assignment_LastName_FirstName ” where LastName is your last name and FirstName is your first name, then return this document for grading.
Instructions: Steganography allows hiding sensitive information inside image (and audio) files. During a computer forensic investigation, you will need to analyze image files as part of the evidence. In addition to viewing the image looking for any illicit content, you should also consider analyzing all images files concealed data by means of steganography.
For this exercise, each student will use steghide to embed a Word document within an image file, but keep a copy of the original file. Next, students post both the original image file and the modified image to the Week 8 – Assignment forum. Finally, each student will analyze both images from another student with any image viewer and with WinHex to determine the original file and the modified image.
Submission Instructions: Answer the questions
Assignment Rubric ( 100 Points)
Synthesis of Concepts
60
Writing Standards – APA format
20
Timeliness
20
Hardware/Software Setup Required
Steghide (available at
http://sourceforge.net/projects/steghide/files/
or the EC-Council Certification Portal
http://portal.eccouncil.org/
)
WinHex 15-1 SR-8 (available at
http://www.x-ways.net/winhex/
or the EC-Council Certification Portal
http://portal.eccouncil.org/
)
StegDetect 0.4 (available at
http://www.outguess.org/download.php
or the EC-Council Certification Portal
http://portal.eccouncil.org/
)
Optional resources
DocumentToHide
Stega01
Problem Description
Steganography allows hiding sensitive information inside image (and audio) files. During a computer forensic investigation, you will most likely need to analyze image files as part of the evidence. In addition to viewing the image looking for any illicit content, you should also consider analyzing all images files for concealed data by means of steganography.
For this exercise, each student will use steghide to embed a Word document within an image file, but keep a copy of the original image file. Next, students post both the original image file and the modified image to the Week 8 – Assignment forum. Finally, each student will analyze both images form another student with any image viewer and with WinHex to determine the original file and the modified image.
In addition, use stegdetect with the modified file and comment on the outcome.
Estimated completion time: 80 minutes
Outcome
Report the required steps for these tasks.
Validation/Evaluation
· What are some of the options for the steghide command?
· Do the original and modified images look the same?
· Can a hex editor help revealing the presence of hidden information?
· Can stegdetect recognize the presence of hidden information? If not, why not?
Assignment Specific Directions:
1. Download steghide from the EC-Council Certification Portal.
2. Unzip the steghide-0.5.1-win32.zip file to C:\steghide.
3. Click Start->Run, write cmd and press Enter to open a new command prompt window.
4. In the command prompt window type
cd c:\steghide and press Enter.
5. Type
steghide –help and press Enter to get more information about the steghide command.
6. Now, choose the file that you want to hide and move it to
c:\steghide.
Note: For this exercise, we will be using DocumentToHide . Students are welcome to replace this file and the image file with their own files.
7. In addition, check the size of the file to hide. In our case, the size of DocumentToHide is 323KB.
8. Next, choose the image file that will conceal the file selected in the previous step and also move it to
c:\steghide.
Note: For this exercise we will be using Stega01 . Again, students can change this file for their own image files.
9. We need to check the capacity of the image file and match it with the size of the file to hide. If the image file has a smaller capacity, we either select a different image or modify the original image file to be bigger.
Note: Stega01 was modified with an image editor to increase its capacity so DocumentToHide could be embedded within it. Any student using his or her own image file should modify it accordingly.
10. To check an image capacity type
steghide –info Stega01 and press Enter.
11. When asked if you want to get information about the embedded data, just type
n.
12. The following are the options for embedding the file:
a. Encryption algorithm: AES (Rijndael)
b. Passphrase: “steganography”
c. Compression level: maximum supported
13. To find out the information about supported encryption algorithms, type
steghide –encinfo and press Enter.
Note that there are two Rijndael options: rijndael-128 and rijndael-256.
14. In step 5, we learned that the –p
15. Use Windows Explorer to make a copy of the original image file.
Note: We will call this copy Copy of Stega01 .
16. Now, to conceal the information within the image file, type
steghide –embed -ef DocumentToHide -cf Stega01 -p steganography -e rijndael-128 -z 9 -v and press Enter.
Note: you can refer back to step 5 for an explanation of each of these options or type steghide –help for more information.
17. Next, we will open both the original image file and the modified image file with any image viewer to verify that they are the same image
.
18. Finally, rename both images as Img01 and Img02 and exchange images with your lab partner for the second part of this lab
.
At this point, students should exchange files. The next steps will apply to the files received from each student’s lab partner.
19. We will try to determine what file is the original image and what file contains the modified image.
20. First, open both received files with an image viewer to check for differences in both images.
21. As shown above, both images look very alike
.
22. This time, use WinHex (download and install it if you haven’t done that before) to open both files
.
23. A quick inspection shows that although both files display the same image, their contents are indeed different.
24. A closer inspection reveals the following:
a. Img02 has a header with Adobe Photoshop information.
b. Img02 has several blocks with 00 values; this is very rare for Img01 .
Note: Large blocks of 00 values are used by steganography tools to conceal information.
25. Based on the above observations, one can conclude that Img02 is the original image. Check these results with your partner.
26. For the final part of the lab, download StegDetect 0.4- Windows Binary from
http://www.outguess.org/download.php
27. Unzip the stegdetect.zip file to
c:\stegdetect.
28. Run xsteg.exe.
29. Open the Img01 file using the File->Open option.
30. Stegdetect will automatically examine the file looking for concealed information and report the results. In this case, the results were negative for all scan options.
Final Comments
Steganography is a powerful tool for concealing information. As shown before, an image hiding information looks very similar to the original image, being almost impossible for the naked eye to detect the difference. A hex editor is required for this task.
Although there are several automated steganalysis tools, they are often tailored for specific steganography flavors or tools. The experience and judgment of the investigator is essential for the entire analysis process and cannot be replaced by any tool.
Even if you find a tool that can tell that an image file is hiding some other information, it is common for steganography tools to encrypt the information before hiding it. This additional step complicates the entire process even further. Now, the investigator not only needs to extract the concealed information but also decrypt it. This last task can prove very difficult if the steganography tool used known standard encryption algorithms and a strong key.
However, a crafty investigator can detect a modified image by following the steps above, using steganalysis tools, or any other technique. In various countries, the presence of concealed information can be considered an attempt to commit a crime, which can be the basis for a warrant for the concealing process and key. This information can be later used to reveal the hidden information.
Secret information concealed using steganography.
Field 1
Field 2
Field 3
Description 1
Value 1
Value 1.1
Description 2
Value 2
Value 2.1
Description 3
Value 3
Value 3.1
Description 4
Value 4
Value 4.1
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
