Welcome to the Steganography Analysis and Research Center

A Backbone Security Center of Excellence

Support > Frequently Asked Questions > Steganography Analyzer Signature Scanner (StegAlyzerSS)

1. What is included with the licensed version of StegAlyzerSS?
2. Why should I be concerned about the presence of steganography?
3. Can all steganography applications be detected with 100% certainty?
4. Why not just look for the presence of steganography applications?
5. How often are the signatures used by StegAlyzerSS updated?
6. How do I receive updates to StegAlyzerAS?
7. Do you offer training on steganography signature detection?
8. How does StegAlyzerSS detect the presence of steganography?
9. Can StegAlyzerSS scan forensic drive images?
10. Can StegAlyzerSAS scan machines connected to my network?
11. What carrier file types might contain steganography?
12. What logging and reporting capabilities are available with StegAlyzerAS?
13. Why protect information using steganography instead of using encryption?
14. What types of steganography can StegAlyzerSS detect?
15. I think I've detected a file containing steganography. Now what?

1. What is included with the licensed version of StegAlyzerSS?

Upon verification of payment, the licensed version of StegAlyzerSS will be available for immediate download via the protected area of the SARC website. All user documentation is included in electronic format. A licensing dongle and quick start guide will be mailed to you. All licenses include one year of software updates, including steganography artifact database updates and enhanced software features.

2. Why should I be concerned about the presence of steganography?

Digital steganography represents a particularly significant threat because of the large number of digital steganography applications freely available on the internet that can be used to hide any digital file inside of another digital file. Use of these applications, which are both easy to obtain and simple to use, allows criminals to conceal their activities in cyber space.

3. Can all steganography applications be detected with 100% certainty?

Like other computer software applications, steganography applications leave some evidence that they are, or were at one time, on a particular computer system. Files and Windows® registry keys are usually created and modified as a result of installing and running these applications. It is possible that some of the files associated with a particular steganography application may also be associatied with other legitimate software applications. These files may produce a limited number of false positives. The Steganography Application Fingerprint Database (SAFDB) used by StegAlyzerAS is scanned against various "known good" datasets to minimize the potential for false positives. The registry scanning capability, a feature exclusive to StegAlyzerAS, is extremely accurate with virtually no false positives. The Defense Cyber Crime Institute (DCCI) found StegAlyzerAS to have minimal false positive results in their evaluation of StegAlyzerAS.

4. Why not just look for steganography applications in the Add/Remove Programs or Program Files directory?

You can, but consider the motives of a steganography user.

5. How often is the Steganography Application Fingerprint Database (SAFDB) for StegAlyzerAS updated?

SARC staff routinely search the internet for new and updated versions of steganography applications for addition to SAFDB. SAFDB used by StegAlyzerAS is updated quarterly.

6. How do I receive updates to StegAlyzerAS?

After purchasing a license to StegAlyzerAS, you will receive an account for access to the protected area of the SARC website. Updates to StegAlyzerAS are available for download there.

7. Do you offer training on steganography application detection?

The Certified Steganography Examiner Training course is provided at various times during the year by the SARC.

8. How does StegAlyzerAS detect the presence of steganography applications?

StegAlyzerAS is the only commercially available product to detect both files and Windows® Registry keys associated with steganography applications. StegAlyzerAS detects files using any of seven hashing algorithms: CRC-32, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.

9. Can StegAlyzerAS scan forensic drive images?

StegAlyzerAS can natively mount and scan EnCase, ISO, RAW (dd), and SMART disk images.

10. Can StegAlyzerAS scan machines connected to my network?

StegAlyzerAS can scan shared network drives using UNC paths.

11. How does StegAlyzerAS differ from other security/software auditing tools?

Unlike other security/software auditing tools, StegAlyzerAS is concerned only with detecting the presence of steganography applications. Typical anti-virus and anti-spyware programs do not have this capability. The SARC is committed to an exclusive focus on steganography applications and not general malware detection.

12. What logging and reporting capabilities are available with StegAlyzerAS?

As with most digital forensic tools, logging of key events and reporting of evidence is very important. StegAlyzerAS produces an extensive evidence report in HTML format.