Forensics Journal - Stevenson University 2013 | Page 31

STEVENSON UNIVERSITY Impact of Steganography on a Forensic Investigation Ryan Spishock, CISSP messages. Now, instead of using slaves or invisible ink to relay messages, people are using digital audio and picture files to send information in plain sight. By hiding information in digital files and placing them on the Internet, a virtual dead drop has been created. A dead drop is when someone places sensitive information in a secret location to be retrieved by an individual who is not authorized to possess it. It is called a dead drop because the two individuals never meet each other. This provides a certain level of security and anonymity among all parties involved. INTRODUCTION During the past twenty years, technology has helped society perform some of the most challenging tasks faster than was previously possible. While computers have helped law abiding citizens, they have also helped criminals and terrorists commit their crimes with the same level of ease. One technology, which is helping criminals, terrorists, and regular citizens alike, is steganography: the method of concealing electronic files in other files. Steganography has given people a means to pass information across a public medium, such as the Internet, while avoiding detection from those who should not view the file. Despite being in use for over two thousand years, steganography has adapted to current trends in technology thus continuing to provide a method of concealing data. Despite all of the nefarious uses of steganography, it can also have beneficial results. One of the most common uses is watermarking documents. Watermarking is the addition of either an image or words to a document in order to prove its authenticity. Watermarks are usually significantly lighter than the document and are often difficult to discern. The most common usage of watermarking is on United States paper currency where the image of the president’s face is duplicated off to the side of the bill. HISTORY OF STEGANOGRAPHY Steganography is not a new technology. In fact, it dates back to the time of the Roman Empire and the ancient Greeks. As Tom Kellen writes: HOW STEGANOGRAPHY WORKS The Greek historian Herodotus recorded one of the earliest recorded uses of steganography. He tells of how one of his countrymen sent secret messages by writing them on the wooden base of wax tablets. The wax on top was blank; therefore the tablet was thought not to contain any information. (Kellen) Digital steganography works by altering discrete portions of a digital file that will not affect the overall quality of the carrier file; these are called the least significant bits. The carrier file is the original document used to transport the hidden payload. All digital files are composed of a series of “0’s” and “1’s,” called bits, written in the binary language. In his book Hiding in Plain Sight, Dr. Eric Cole describes how to hide the word “HI” in an audio file using steganography. In another paper submitted to the SysAdmin, Audit, Network, Security (SANS) Institute (one of the most truste