|eForensics Magazine 2020 01 Deep Dive into Data Hiding PREVIEW.pdf|
This month’s edition is focused on data. Data that is hidden in images, audio files, messages, videos, data that you probably don’t realize exists, and a lot of more..
The issue contains great publications on steganography. In “The Art of Information Hiding” the author, Ranjitha R, shows a simple steganographic system, steganography types and protocols, secret and public keys, some digital steganography techniques, detection tools etc.
There is also a great piece on the same topic by Sitsofe Elloh. He leads us through many examples of steganography usage, showing (among others) invisible link technique, appended spaces and invisible characters, graphical modifications of text, using StegoSuit, JP Hide n Seek, Stegomagic… When it comes to these tools and programs - he shows how to use them step by step.
What else is inside? “Audio Steganography with DeepSound” by Jeff Minakata. In this article, he uses the program DeepSound to conceal files within an audio file, similar to what Elliot from Mr. Robot did to conceal his information gathering on his targets.
Further you have an article “Deeper look into data Hiding” by Matthew Kafami, who focuses more on encryption, and a captivating interview with Wes Johnson, senior digital forensic examiner, who introduces us to the world of unusual data that is incredibly valuable to forensic professionals.
But of course that’s not all! This issue also cover Quantum Computing as a new Challenge for Forensic Investigators, Multimedia Forensics, Large File Forensic Analysis Using Volatility Part II (Part I is available in the Forensic Imaging issue), and Signalatory.
Thanks to all authors, reviewers, and proofreaders for participating in this project.
Have a nice read!
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
Steganography: The Art of Information Hiding
by Ranjitha R
Steganography is the practice of hiding private or sensitive information within something that appears to be nothing out of the usual. It is more of an art rather than what can be called science. Steganography aims to hide data from a third party. The word steganography originated from the Greek words ‘stegos’ and ‘graphia’ meaning ‘covered’ ‘writing’. Therefore, steganography is the art of hiding secret information.
Audio Steganography with DeepSound
by Jeff Minakata
What is steganography? Steganography is simply the practice of concealing a file, image, message or video within another file. In this article, we will be using the program DeepSound to conceal files within an audio file similar to what Eliot from Mr. Robot did to conceal his information gathering of his targets. Should someone find our audio files, they would play just like any other MP3 file, making this program and method so useful.
A Deeper Look Into Data Hiding
by Matthew Kafami
There are many different anti forensics methods and techniques available to an attacker to be able to slow an investigation. Among some of the most popular and easy to implement are encryption and steganography, which hides data inside other data. Encryption alone can bring an investigation to a screeching halt simply due to the amount of time it takes to attempt to decrypt data that has been encrypted, and the time required increases exponentially depending on the encryption protocol being used. Steganography can also thwart digital forensics practitioners due to the fact that the additional data could be hidden in so many different locations. Further, utilizing “bad sectors”, which involves storing data in a specific location within your computer’s hard drive and then spoofing the computer into thinking that particular sector is corrupt, will likely result in most forensic tools skipping over that sector entirely as a way to save time.
Large file Forensic Analysis Using Volatility (Part II)
by Paulo Pereira
In recent years, forensic digital research has advanced immensely with the emergence of frameworks that can extract information from data contained in a computer's memory. This created a turning point for forensic analysis, specifically for the area of live analysis. The advance that this modern approach has brought to malware analysis is immense, as the most advanced malware codes act on the memory used by the system, its memory sharing, and other elements.
by Sitsofe Yaw Elloh
Hiding information (data) in plain sights, thus, concealing its very existence by hiding data within another, making it undetectable to be uninformed.
Quantum Computing - A new challenge for eForensic investigators
by Kevin Coleman
Chances are, by now you have heard of quantum computers. Many people have. However, few people know what they are and far fewer really understand them, much less the scope and scale of quantum technology. Way back in the 1980s, the concept was first introduced when the quantum mechanical model of the Turing machine was proposed by physicist Paul Benioff. In the years following, progress was slow, but steady. Quantum computing is the study of a non-classical model of computation. A generally accepted definition of quantum computing refers to it as a non-traditional computing approach that uses fundamental units called qubits as opposed to bits. Its fundamental approach to processing uses the quantum theory. The unique processing capabilities will not replace conventional computers, but rather, they will augment the overall problem-solving capabilities and open up a different environment.
Ground Truth – the missing link in digital/multimedia forensic science
by Jim Hoerricks
A survey of the research on digital/multimedia forensics (as it’s generally known in the US) or digital visual media forensics (as it’s described by Singh), will yield a treasure trove of techniques that address a single forgery/hoax type. (...) Following the publication history on this topic illustrates the fatal flaw; forgers create a new variant of a forgery and then scientists arrive at a valid detection method (hopefully). Society, and the courts, will always be one or more steps behind. In the age of so-called deep fakes, we are left to wonder if we can trust any type of multimedia. Thus, the path forward is not necessarily a new tool or technique, but a return to the fundamentals of jurisprudence. This path necessarily requires something that isn’t always found or available in the retrieved evidence – ground truth. Ground truth means different things within different disciplines. As regards this paper, it can generally be thought to refer to “information provided by direct observation (i.e. empirical evidence) as opposed to information provided by inference (Wikipedia, 2019).”
Data that you Don’t Realize Exists
Interview with Wes Johnson
Signalography: Overt signals transmission
by Jaret Langston
Images are a data dense visual medium that can communicate more than one piece of information at a time. The information extracted from an image depends on the question asked about the image. Symbols, signs, and signals have been used to communicate information visually to humans for thousands of years. Computers can also intake information visually, the same as humans, and therefore symbols, signs, and signals can be used to input data or commands via the camera interface as opposed to a keyboard and mouse. Secret information can be concealed and communicated in an image through steganography. Signals can also be communicated in an image, but done overtly, and is called signalography. Signalography being used to communicate with computers could have several uses, one of which is input of authentication information.
Linux Kernel Security
by Mary Jeyanthi & Bhumica Grover
The kernel is the critical and core part of the operating system, as the heart is to Homo sapiens. It is what in mythology people call “Soul”. As there is no visibility of the soul, there is no physical presence of kernel but logically it exists. No one can mess with the operating system without the kernel’s permission. It secures and protects the operating system in a holistic manner. Here we are talking about Linux as our operating system. At the core of the kernel lies an interruption that will occur when any operation asks the kernel… do I need to continue this work or shall I do something else?