OBJECTIVES

1. Distinguish between the three basic classifications of steganography.

2. Create a grille cipher.
3. Apply the insertion technique to hide a message within a file.
4. Disguise a secret message in spam.
5. Recognize the digital formats used to conceal files and communications.
6. Employ a variety of steganography tools to hide messages.
7. Use steganalysis tools to detect and extract hidden content.
8. Examine HTML source code for hidden communications.

1 2

Steganography can be categorized into three

distinct classifications:

Linguistic
Technical
Digital

Figure 7-1: Electronic Article Surveillance Tag

3 4

1
 Figure 7-3: Null Cipher
Figure 7-2: Visual Semagram

5 6

Digital steganography can be classified into

two distinct techniques:

Insertion
Substitution

Figure 7-4: Technical Steganography

7 8

2
 Figure 7-5: Spammimic Figure 7-6: Substitution Method in Images

9 10

The formula for calculating image size using

Example: A 24-bit image file using an 800 x 600
more than 8-bit color can be calculated by using
resolution.
the following steps:

Step 1 – Multiply horizontal pixels by

Step 1 – 800 x 600 = 480000
vertical pixels

Step 2 – Multiply the product of step 1

Step 2 – 480000 x 24 = 11520000
by the bit depth

Step 3 – Divide the product of step 2

Step 3 – 11520000 / 8 = 1440000 bytes
by 8

11 12

3

Figure 7-7: Hidden Message Located in the Altered
Image
13
There are numerous software programs that can
be used to conceal messages. These programs are
known collectively as steganography tools:
BlindSide is a steganography program that
uses a command-line interface. It hides files
within bitmap (.bmp) files. As its name implies,
the original file and the encoded file appear to
be the same to the human eye. Therefore,
Blindside is not susceptible to visual attacks, a
visual comparison of two similar image files.
(continued)
15
Several areas should be investigated for the
possible use of steganography:
Program files
Altered file and folder names
Browser history
Domain ownership
Multimedia content
Email attachments
Websites and social media accounts
14
There are numerous software programs that can
be used to conceal messages. These programs are
known collectively as steganography tools:
(continued)
Crypture is a free steganographic program
used to hide a message within an image file.
Gifshuffle is a steganography program that uses
a colormap to hide messages with a .gif file.
OpenPuff, as shown in Figure 7-8, can be used
to hide messages within image files. It can also
be used for watermarking.
(continued)
16
4
 There are numerous software programs that can
be used to conceal messages. These programs are
known collectively as steganography tools:
(continued)

OpenStego, as shown in Figure 7-9, can be

used to hide messages in images and
perform watermarking functions.

Figure 7-8: OpenPuff

(continued)

17 18

There are numerous software programs that can

be used to conceal messages. These programs are
known collectively as steganography tools:
(continued)

Our Secret, as shown in Figure 7-10, is a

steganography program that can be used to
hide data in single files or multiple files. It can
also be used to perform digital watermarking.

Figure 7-9: OpenStego

(continued)

19 20

5
 There are numerous software programs that can
be used to conceal messages. These programs are
known collectively as steganography tools:
(continued)
Outguess is a steganography application that
can be used to hide text and images within
images. It was designed to run on Linux.
However, it can be run on Windows using
Cygwin.

QuickStego, as shown in Figure 7-11, can be

used to hide text within an image.

Figure 7-10: Our Secret

(continued)

21 22

There are numerous software programs that can

be used to conceal messages. These programs are
known collectively as steganography tools:
(continued)
Steg is a Windows-based application that
allows the user to embed text within an image
file.

SSuite Picsel Security, as shown in Figure 7-12,

is a portable steganography tool that is
compatible with .bmp, .jpg, .png and .wmf
image formats.
Figure 7-11: QuickStego
(continued)

23 24

6
 There are numerous software programs that can
be used to conceal messages. These programs are
known collectively as steganography tools:
(continued)
Steganos, as shown in Figure 7-13, offers a
suite of software that includes a steganography
tool that hides pictures and documents to help
protect them from detection in the event a
portable device is stolen.

Figure 7-12: SSuite Picsel

(continued)

25 26

There are numerous software programs that can

be used to conceal messages. These programs are
known collectively as steganography tools:
(continued)
Steganographic Nature of Whitespace, commonly
called SNOW, is a free steganography tool. It
hides messages in ASCII by adding whitespace to
the end of lines.

SteganPEG, as shown in Figure 7-14, hides files

with .jpeg images because jpeg is a popular
image format.

Figure 7-13: Steganos

(continued)

27 28

7
 There are numerous software programs that can
be used to conceal messages. These programs are
known collectively as steganography tools:
(continued)
StegoShare, as shown in Figuree 7-15, is a
steganographic tool that can hide large files
into multiple files.

Figure 7-14: SteganPEG

(continued)

29 30

There are numerous software programs that can

be used to conceal messages. These programs are
known collectively as steganography tools:
(continued)
Xiao Steganography, as shown in Figure 7-16,
is a user-friendly program that can be used to
hide messages in image files. Xiao is compatible
with Windows.

Figure 7-15: StegoShare

31 32

8
 Several methods can be used to uncover
information hidden within a file.

Comparison
Steganalysis Tools

Figure 7-16: Xiao Steganography Software

33 34

The Stego Suite has the ability to analyze images

and audio files. Stego Suite provides both case
management and reporting features.

StegDetect, as shown in Figure 7-18, is a tool

that can be used to detect hidden messages in
.jpeg images.

StegSpy, from AmbitWire, detects the presence

of several steganography programs in addition
to identifying the location of hidden content.

Figure 7-17: Stego Suite

35 36

9
 CASE STUDY QUESTION

1 Had the agent not discovered the password,

what digital evidence could the examiner
have uncovered that would point to the use
of steganography?

Figure 7-18: StegDetect

37 38

CASE STUDY QUESTION KEY POINTS

2 What image properties would distinguish

the carrier image, containing the hidden Steganography is a method used to hide a
image of the airport, stand out from other message in plain sight.
images stored on the computer?

39 40

10
 KEY POINTS KEY POINTS

Steganography can be categorized into Linguistic steganography uses language

three distinct classifications. as the carrier.

41 42

KEY POINTS KEY POINTS

Semagrams use symbols and signs to The two basic types of semagrams are
hide messages. visual semagrams and text semagrams.

43 44

11
 KEY POINTS REVIEW QUESTIONS

1 The presence of what type of device

Visual semagrams use symbols, physical
indicates a domain structure?
objects, music, letters and art to convey
secret messages.

45 46

REVIEW QUESTIONS REVIEW QUESTIONS

2 The presence of what type of device 3 The presence of what type of device
indicates a domain structure? indicates a domain structure?

47 48

12
 REVIEW QUESTIONS REVIEW QUESTIONS

4 The presence of what type of device 5 The presence of what type of device
indicates a domain structure? indicates a domain structure?

49 50

REVIEW QUESTIONS REVIEW QUESTIONS

6 The presence of what type of device 7 The presence of what type of device
indicates a domain structure? indicates a domain structure?

51 52

13
 REVIEW QUESTIONS REVIEW QUESTIONS

8 The presence of what type of device 9 The presence of what type of device
indicates a domain structure? indicates a domain structure?

53 54

REVIEW QUESTIONS REVIEW QUESTIONS

10 The presence of what type of device 11 The presence of what type of device
indicates a domain structure? indicates a domain structure?

55 56

14
 REVIEW QUESTIONS REVIEW QUESTIONS

12 The presence of what type of device 13 The presence of what type of device
indicates a domain structure? indicates a domain structure?

57 58

REVIEW QUESTIONS REVIEW QUESTIONS

14 The presence of what type of device 15 The presence of what type of device
indicates a domain structure? indicates a domain structure?

59 60

15
 EXAM QUESTIONS EXAM QUESTIONS

1 The presence of what type of device 2 The presence of what type of device
indicates a domain structure? indicates a domain structure?

a. Who a. Who
b. How b. How
c. When c. When
d. How d. How

61 62

EXAM QUESTIONS EXAM QUESTIONS

3 The presence of what type of device 4 The presence of what type of device
indicates a domain structure? indicates a domain structure?

a. Who a. Who
b. How b. How
c. When c. When
d. How d. How

63 64

16
 EXAM QUESTIONS EXAM QUESTIONS

5 The presence of what type of device 6 The presence of what type of device
indicates a domain structure? indicates a domain structure?

a. Who a. Who
b. How b. How
c. When c. When
d. How d. How

65 66

EXAM QUESTIONS EXAM QUESTIONS

7 The presence of what type of device 8 The presence of what type of device
indicates a domain structure? indicates a domain structure?

a. Who a. Who
b. How b. How
c. When c. When
d. How d. How

67 68

17
 EXAM QUESTIONS EXAM QUESTIONS

9 The presence of what type of device 10 The presence of what type of device
indicates a domain structure? indicates a domain structure?

a. Who a. Who
b. How b. How
c. When c. When
d. How d. How

69 70

18