Forensics Journal - Stevenson University 2013

FORENSICS JOURNAL ing plans of mass destruction or other illegal content is increasing daily. Traditional forensics tools provide investigators with the ability to create hash sets that can be used to detect steganographic content, however, the changes to the carrier files are made at such a low level, that the forensic tools are not able to detect the hidden content on their own. By incorporating steganalysis tools as part of a forensic investigator’s professional toolkit, the investigator will be better prepared to detect hidden content during an investigation. RYAN SPISHOCK, CISSP, completed his Masters Degree in Forensic Studies, Information Technology concentration from Stevenson University in July 2012. He received his Bachelor of Science degree in Information Assurance with a minor in Legal Studies from Pennsylvania College of Technology in May 2009. In addition to his BS degree, Ryan also completed Associate of Applied Science degrees in both Cisco and Network Technologies, also from Pennsylvania College of Technology in December 2008. Ryan holds numerous industry certifications including; Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (C|EH), Certified Digital Forensic Examiner (CDFE), Certified Digital Media Collector (CDMC), as well as certifications from CompTIA and Cellebrite Inc. Ryan currently works as a digital forensic examiner at the Department of Defense Computer Forensics Lab (DCFL). Before joining DCFL, he worked as a Information Systems Security Engineer performing Certification and Accreditation security testing for a large defense contractor. REFERENCES Cole, Eric. Hiding in Plain Sight Steganography and the Art of Covert Communication. Indianapolis: Wiley, 2003. Print. Graves, Kimberly. CEH Certified Ethical Hacker Study Guide. Indianapolis: Sybex, 2010. 114-115. Print. Kellen, Michael. “Hiding in Plain View: Could Steganography Be A Terrorist Tool.” SANS Institute. N.p., 31 Oct. 2003. Web. 5 Mar 2012. http://www.sans.org/reading_room/whitepapers/stenganography/hiding_in_plain_view_could_steganography_be_a_terrorist_tool_551 Kessler, Gary. “File Signatures.” N.p., 27 Feb. 2012. Web. 6 Mar. 2012. http://www.garykessler.net/library/file_sigs.html Lau, Stephen. “An Analysis of Terrorist Groups Potential Use of Electronic Steganography.” SANS Institute. N.p., 2003. Web. 5 Mar. 2012. http://www.sans.org/reading_room/whitepapers/stenganography/analysis-terrorist-groups-potential-electronic-steganography_554 McGill, Lachlan. “Steganography The Right Way.” SANS Institute. N.p., 31 Oct. 2003. Web. 2005. http://www.sans.org/reading_room/ whitepapers/stenganography/steganography_the_right_way_1584 NTFS Alternate Streams: What, When, and How To. 2007. Graphic. flexhexWeb. 4 Mar. 2012. http://www.flexhex.com/docs/articles/alternatestreams.phtml Richer, Pierre. “Steganalysis, Detecting Hidden Information with Computer Forensic Analysis.” SANS Institute. N.p., 31 Oct. 2003. Web. 5 Mar. 2012.http://www.sans.org/reading_room/whitepapers/ stenganograp/steganalysis_detecting_hidden_iformation_with_computer_forensic_analysis_1014 “Operating Systems Market Share/Usage.” Stat Owl. N.p.. Web. 11 Dec. 2012. http://www.statowl.com/operating_system_market_share. php 35

Forensics Journal - Stevenson University 2013 | Page 36