The Association of Digital Forensics, Security and Law (ADFSL)


Steganography is the art and science of hiding information within information so that an observer does not know that communication is taking place. Bad actors passing information using steganography are of concern to the national security establishment and law enforcement. An attempt was made to determine if steganography was being used by criminals to communicate information. Web crawling technology was used and images were downloaded from Web sites that were considered as likely candidates for containing information hidden using steganographic techniques. A detection tool was used to analyze these images. The research failed to demonstrate that steganography was prevalent on the public Internet. The probable reasons included the growth and availability of large number of steganography-producing tools and the limited capacity of the detection tools to cope with them. Thus, a redirection was introduced in the methodology and the detection focus was shifted from the analysis of the ‘product’ of the steganography-producing software; viz. the images, to the 'artifacts’ left by the steganography-producing software while it is being used to generate steganographic images. This approach was based on the concept of ‘Stego-Usage Timeline’. As a proof of concept, a sample set of criminal computers was scanned for the remnants of steganography-producing software. The results demonstrated that the problem of ‘the detection of the usage of steganography’ could be addressed by the approach adopted after the research redirection and that certain steganographic software was popular among the criminals. Thus, the contribution of the research was in demonstrating that the limitations of the tools based on the signature detection of steganographically altered images can be overcome by focusing the detection effort on detecting the artifacts of the steganography-producing tools. Keywords: steganography, signature detection, file artifact detection.


Acharya, T. and Tsai, P. (2005), JPEG2000 standard for image compression: Concepts, Algorithms and VLSI Architectures, John Wiley & Sons, Inc., Hoboken, N.J.

Backbone Security (2008), ‘SARC Releases Enhanced Digital Steganography Detection Tool’, http://www.sarc-wv.com/news/stegalyzeras21.aspx, October 7, 2008.

Backbone Security (2008), ‘StegAlyzerAS’, http://www.sarc-wv.com/docs/stegalyzeras.pdf, October 7, 2008.

CyberScience Laboratory, CyberScience Laboratory Functional Analysis of StegAlyzerSS Version 1.1. (2005).

CyberScience Laboratory, Rome, New York. CyberScience Laboratory, CyberScience Laboratory Functional Analysis of StegAlyzerAS Version 3.0. (2008). CyberScience Laboratory, Rome, New York.

Davidson, I. and Goutam, P. (2004), ‘Locating secret messages in images’. International Conference on Knowledge Discovery and Data Mining. 2004. Seattle, WA, USA.

Goudy, S. (2004), ‘Embedding the evil within’. The Corrections Connection Network News. Jan 21, 2004. http://www.corrections.com/news/article?articleid=14974. July 31, 2007.

Homer-Dixon, T. (2002), The Rise of Complex Terrorism - Foreign Policy. H

irsh, M. and Kong, E. (2006), Test report for StegAlyzerSS v2.0. Defense Cyber Crime Institute.

Jackson, J. T., Gunsch, G. H., Claypoole, R. L., Jr.and Lamont, G. B. (2003), “Blind Steganography Detection Using a Computational Immune System: A Work in Progress”. International Journal of Digital Evidence, 4(1), 19.

Katzenbeisser, S. and Petitcolas, F. A. P. (2000), Information hiding techniques for steganography and digital watermarking, Artech House, Boston.

Kolata, G. (2001), ‘Veiled Messages of Terror May Lurk in Cyberspace’, The New York Times, October, 30, 2001.

NSRL, http://www.nsrl.nist.gov/, October, 7, 2008.

Provos, N. and Honeyman, P. (2002), ‘Detecting Steganographic Content on the Internet’, www.citi.umich.edu/techreports/reports/citi-tr-01-11.pdf, July 31, 2007.

Singh, S. (1999), The code book, Anchor Books, New York.

StegAlyzerSS (2006), Backbone Security, Inc.

Stego Suite (2006), Wetstone Technologies, Inc.

Wayner, P. (2002), Disappearing cryptography: information hiding: Steganography & watermarking (2nd ed.), MK/Morgan Kaufmann Publishers, Amsterdam, Boston.




To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.