Raising the Threshold of Perception
Home News Events Products Training Support Partners Forums Protected

Backbone Security

  Contact Us:

  Address:
  320 Adams Street
  Suite 105
  Fairmont, WV 26554

  Tel: 866-401-9392
  Tel: 304-333-SARC
  Fax: 304-366-9163

  Email:

Backbone Security

An affiliate of
DSD Laboratories

Welcome to the Steganography Analysis and Research Center

A Backbone Security Center of Excellence

Support > Frequently Asked Questions > Steganography Analyzer Artifact Scanner (StegAlyzerAS)

1. What is included with the licensed version of StegAlyzerAS?
2. Why should I be concerned about the presence of steganography applications?
3. Can all steganography applications be detected with 100% certainty?
4. Why not just look for steganography applications in the Add/Remove Programs or Program Files directory?
5. How often is the Steganography Application Fingerprint Database (SAFDB) for StegAlyzerAS updated?
6. How do I receive updates to StegAlyzerAS?
7. Do you offer training on steganography application detection?
8. How does StegAlyzerAS detect the presence of steganography applications?
9. Can StegAlyzerAS scan forensic drive images?
10. Can StegAlyzerAS scan machines connected to my network?
11. How does StegAlyzerAS differ from other security/software auditing tools?
12. What logging and reporting capabilities are available with StegAlyzerAS?

1. What is included with the licensed version of StegAlyzerAS?

Upon verification of payment, the licensed version of StegAlyzerAS will be available for immediate download via the protected area of the SARC website. All user documentation is included in electronic format. A licensing dongle and quick start guide will be mailed to you. All licenses include one year of software updates, including steganography artifact database updates and enhanced software features.

2. Why should I be concerned about the presence of steganography applications?

Digital steganography represents a particularly significant threat because of the large number of digital steganography applications freely available on the internet that can be used to hide any digital file inside of another digital file. Use of these applications, which are both easy to obtain and simple to use, allows criminals to conceal their activities in cyber space.

3. Can all steganography applications be detected with 100% certainty?

Like other computer software applications, steganography applications leave some evidence that they are, or were at one time, on a particular computer system. Files and Windows® registry keys are usually created and modified as a result of installing and running these applications. It is possible that some of the files associated with a particular steganography application may also be associatied with other legitimate software applications. These files may produce a limited number of false positives. The Steganography Application Fingerprint Database (SAFDB) used by StegAlyzerAS is scanned against various "known good" datasets to minimize the potential for false positives. The registry scanning capability, a feature exclusive to StegAlyzerAS, is extremely accurate with virtually no false positives. The Defense Cyber Crime Institute (DCCI) found StegAlyzerAS to have minimal false positive results in their evaluation of StegAlyzerAS.

4. Why not just look for steganography applications in the Add/Remove Programs or Program Files directory?

You can, but consider the motives of a steganography user.

5. How often is the Steganography Application Fingerprint Database (SAFDB) for StegAlyzerAS updated?

SARC staff routinely search the internet for new and updated versions of steganography applications for addition to SAFDB. SAFDB used by StegAlyzerAS is updated quarterly.

6. How do I receive updates to StegAlyzerAS?

After purchasing a license to StegAlyzerAS, you will receive an account for access to the protected area of the SARC website. Updates to StegAlyzerAS are available for download there.

7. Do you offer training on steganography application detection?

The Certified Steganography Examiner Training course is provided at various times during the year by the SARC.

8. How does StegAlyzerAS detect the presence of steganography applications?

StegAlyzerAS is the only commercially available product to detect both files and Windows® Registry keys associated with steganography applications. StegAlyzerAS detects files using any of seven hashing algorithms: CRC-32, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.

9. Can StegAlyzerAS scan forensic drive images?

StegAlyzerAS can natively mount and scan EnCase, ISO, RAW (dd), and SMART disk images.

10. Can StegAlyzerAS scan machines connected to my network?

StegAlyzerAS can scan shared network drives using UNC paths.

11. How does StegAlyzerAS differ from other security/software auditing tools?

Unlike other security/software auditing tools, StegAlyzerAS is concerned only with detecting the presence of steganography applications. Typical anti-virus and anti-spyware programs do not have this capability. The SARC is committed to an exclusive focus on steganography applications and not general malware detection.

12. What logging and reporting capabilities are available with StegAlyzerAS?

As with most digital forensic tools, logging of key events and reporting of evidence is very important. StegAlyzerAS produces an extensive evidence report in HTML format.

Data protected by Backbone Security
  © 2004 - 2008 Backbone Security, an affiliate of DSD Laboratories. All rights reserved. Trademarks | Section 508 Compliance | Privacy Policy