Steganography Analysis and Research Center / Backbone Security

From ForensicsWiki
Revision as of 16:00, 8 August 2008 by Tookiewana (Talk | contribs)

Jump to: navigation, search

The Steganography Analysis and Research Center (SARC) is a Center of Excellence within Backbone Security focused exclusively on steganography research and the development of advanced steganalysis products and services. The SARC has developed state-of-the-art steganography detection and extraction capabilities that address the needs of digital investigation specialists and information technology security personnel in law enforcement, government, military, intelligence, and the private sector. By providing a national repository of steganography application hash values, or fingerprints, and developing the most advanced tools, techniques, and procedures to find and extract hidden information, the SARC is rapidly evolving into a high-value asset to computer forensic examiners who wish to conduct steganalysis on seized media. The SARC has the products and support that can provide you with state-of-the-art solutions and benefits.


  • Steganography Application Fingerprint Database A fundamental goal of the SARC is to collect steganography, watermarking, and other data-hiding applications from various sources and incorporate file profiles computed from them into the SAFDB. The SAFDB can be used to review files on seized media by matching file profiles in the SAFDB. SAFDB is the most extensive steganography hash set publicly available. The file profiles contain identifying information such as filename, associated application name, file size, and several unique hash values. These hash values may be used to determine the presence of a steganography application or artifact of a steganography application on the media being examined. The SAFDB is available for download in formats compatible with most of the popular digital forensic tools and utilities: EnCase, Forensic Toolkit (FTK), HashKeeper, ILook, and ProDiscover.
  • Steganography Analyzer Artifact Scanner (StegAlyzerAS) StegAlyzerAS gives you the capability to scan the entire file system, or individual directories, on suspect media for the presence of steganography application artifacts. And, unlike other popular forensic tools, you can perform an automated or manual search of the Windows Registry to determine whether or not any Registry keys or values exist that can be associated with a particular steganography application.
  • Steganography Analyzer Signature Scanner (StegAlyzerSS) StegAlyzerSS gives you the capability to scan every file on the suspect media for the presence of hexadecimal byte patterns, or signatures, of particular steganography applications in the files. If a known signature is detected, it may be possible to extract information hidden with the steganography application associated with the signature.
  • Steganography Analyzer Real-Time Scanner (StegAlyzerRTS) StegAlyzerRTS is the first commercially available network security appliance in the world capable of detecting the fingerprints and signatures of digital steganography applications in real-time.


External Links