Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


Steganography has long been regarded as a tool used for illicit and destructive purposes such as crime and warfare. Currently, digital tools are widely available to ordinary computer users also. Steganography software allows both illicit and legitimate users to hide messages so that they will not be detected in transit. This article provides a brief history of steganography, discusses the current status in the computer age, and relates this to forensic, security, and legal issues. The paper concludes with recommendations for digital forensics investigators, IT staff, individual users, and other stakeholders.


Act 328 of 1931, Michigan Penal Code. §750.540c (2004).

Agrawal, R., Haas, P., and Kiernan, J. (2003).’Watermarking Relational Data: Framework, Algorithms and Analysis’, The International Journal on Very Large Databases, 12(2):157-159.

American Civil Liberties Union. (2003). ‘Privacy and Technology’, http://www.aclu.org/Privacy/PrivacyMain.cfm, October 29.

Anderson, R. J., and Petitcolas, F. A. P. (1998). ‘On the limits of Steganography’, IEEE Journal on Selected Areas in Communications, 16(4): 474-481.

Backbone Security (2008a). ‘Steganography Application Fingerprint Database’, http://www.sarc-wv.com/docs/safdb.pdf, June 20.

Backbone Security (2008b). ‘Steganography Analyzer Artifact Scanner’, http://www.sarc-wv.com/docs/stegalyzeras.pdf, June 25.

Bartlett, J. (2003). ‘The ease of steganography and camouflage’, http://www.sans.org/rr/paper.php?id=762, October 29.

Charny, B. (2003). ‘Disposable cell phones spur debates’, http://news.com./2102-1033_3-273084.html?tag=st_util_print , October 15.

Cohen, A. (2001). ‘When Terror Hides Online’, Time, November 12.

Cole, E. (2003). ‘Hiding in plain sight: Steganography and the art of covert communication’, Wiley Publishing, Inc., Indianapolis.

Johnson, N. (2008). ‘Steganography’, http://www.jjtc.com/stegdoc/steg1995.html, June 25.

Johnson, N. (2008). ‘Steganography Software’, http://www.jjtc.com/Steganography/tools.html, June 25.

Johnson, N., Duric, Z., Jajodia, S. (2001) ‘Information Hiding, and Watermarking - Attacks and Countermeasures’, Kluwer.

Kahn, D. (1996). Codebreakers: The Story of Secret Writing. Revised ed. Scribner, New York. Kerckhoff, A. (1883). ‘La Cryptographie Militaire’, Journal des Sciences Militaires.

Koops, B-J. (2008). ‘Summary of International Crypto Controls’, http://rechten.uvt.nl/koops/cryptolaw/cls-sum.htm, June 25.

Mazurczyk, W. and Szczypiorski, K.(2008) ‘Steganography of VOIP Streams’, http://arxiv.org/ftp/arxiv/papers/0805/0805.2938.pdf, June 25.

Moulin, P., and O’Sullivan, J. A. (2003). ‘Information-theoretic analysis of information hiding’, IEEE Transactions on Information Theory, 49(3): 563- 593.

Palmer, G. (2008). ‘A Road Map for Digital Forensic Research. Report from the First Digital Forensic Research Workshop’, http://www.dfrws.org/2001/dfrws-rm-final.pdf, June 25.

Petitcolas, F. (2000). ‘Information Hiding: Techniques for Steganography and Digital Watermarking’, Artech House Books.

Pfitzmann, B. (1966).'Information Hiding Terminology - Results of an Informal Plenary Meeting and Additional Proposals'. First International Workshop on Information Hiding, May 30 - June 1, Cambridge, U.K.

Provos, N. (2008) ‘Steganography Detection with Stegdetect’, http://www.outguess.org/detection.php, June 20.

Radcliff, D. (2002). ‘Quickstudy: Steganography: Hidden Data’, http://www.computerworld.com/securitytopics/security/story/0,10801,71726,0 0.html, June 10.

Schmidt, M. B., Bekkering, E., and Warkentin, M. (2004). ‚On the Illicit Use of Steganography and Its Detection’. ISOneWorld International Conference. April 14-16. Las Vegas, NV.

Schotti, G. (1665). ‘Steganographia’. Unknown publisher.

Standage, T. (1999). ‘The Victorian Internet’, Berkley Books.

Trithemius, J. (ca. 1499). ‘Steganographia’, Unknown publisher.

Warkentin, M., Schmidt, M.B., and Bekkering, E. (2006). ‘Steganography and Steganalysis’, in Warkentin, M. and R. Vaughn (eds.) Enterprise Information Systems Assurance and System Security: Managerial and System Security. Idea Group Publishing, Hershey, PA.

Wetstone Technologies (2008). ‘Stego Suite’, https://www.wetstonetech.com/cgi/shop.cgi?view,1, June 25.

Wingate, J. (2007). ‘Digital Steganography: Threat or Hype?’ Homeland Defense Journal, 5(4): 60-63.

Wired News. (2003). ‘Internet phone calls stymie FBI’, http://www.wired.com/news/print/0,1294,58350,00.html, October 27



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.