Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Steganalysis Best Practices

from [Suresh Ponnusami] Network Security [Permanent Link]
Subject: Re: Steganalysis Best Practices
Date: Mon, 16 Aug 2004 16:10:07 +0530 
Hi All,

Here are my 2 cents for the Steganalysis practices.

=> There are no fool proof method that'll identify the contents of a file.
=> Steganography should not only be limited to Media files but to all
    files too. Because any file type can be used over the carrier media
    files. Once the file content is identified, it can still be obscured by
    various methods.
=> Challenges are in identifying the contents of the file with respect to
the
    file format, file specifications(size of the image, sound length etc.,).
    Applicable to media files only. Other file types have to be normalized
to
    some extent.
=> Identifying the Anomaly patterns in the files with respect to the above
    statement. (Multiple versions of the format needs to be considered).
=> Next step is to recover the anomaly data with respect to the file type
    specifications. Also, spreading patterns and calculations have been
    done only for certain media files. (next to impossible task?. this has
    only been done for a very few types of media files. correct me if i'm
    wrong)
=> And then identifying the type of encryption, (if it is a modified version
of
    the popular encryption algorithms, (ok, the attacker thinks he achieves
    security through obscurity!), analysis will be hanging without much
sample
    data.
=> And identifying the file that was used over the carrier (The original
image)
    Even that can be manipulated to get sufficient time from being detected.
=> Other factors like splitting, other human factors, etc.

Regards,
Suresh Ponnusami,
Technical Architect,
NSECURE SOFTWARE PVT LIMITED,
Bangalore,
India.
Phone_: +91 802 535 1551
Fax___: +91 802 535 1545

----- Original Message -----
From: "Jack Seward" <JackSeward@msn.com>
Subject: Re: Steganalysis Best Practices


Chad and the Group,

I'm the bad guy and I'm about four week late getting back to the subject
that I started.
I have about 25+ that have responded, including some for this group.  This
weekend I will get the list together and the outline and hopefully Monday,
that part will be done.  I have done some work on this but not ready to

send

it out. Its no excuse, but I took some time off over July 4th and
thereafter, got busy on a case and when I was not busy I had two major
articles for publication to get done and out, which I did.

BTW I talked about the need for steganalysis in one those journal pieces.
So feel free to write and blast me because I'm re-energized now.

Regards,

Jack

917-450-9328
Fax:  212-656-1486




-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Steganalysis Best Practices, kumquat
Next by Date:  Strings & Unicode, Byrne Ghavalas
Previous by Thread:  NIST proposed guidelines on PDA Forensics, farrell
Next by Thread:  Strings & Unicode, Byrne Ghavalas
Indexes:  [Date] [Thread] [Top] [All Lists]