 |
BENEFITS
- Search for artifacts of digital steganography applications
- Protect your corporation’s intellectual property
- Detect insiders using digital steganography to send sensitive or proprietary information
outside of the enterprise network
- Enforce organizational policy prohibiting use of digital steganography or other
data-hiding applications
- Search for file artifacts using the largest steganography application hash set commercially
available anywhere
- Directly import hash values into popular digital forensic analysis tools
- Verify file artifacts with any of seven different hashing algorithms
|
 |
DESCRIPTION:
A fundamental goal of the Steganography Analysis and Research Center (SARC) is to
expand the repository of digital steganography, watermarking, and other data-hiding
applications acquired from various sources and add the hash values, or fingerprints,
of all file artifacts associated with those applications to SAFDB. A file artifact
is simply a file known to be associated with a particular steganography application.
The database can be used to determine whether any files on the suspect computer’s
storage media, or a forensic image of the storage media, is associated with a particular
steganography application.
The database contains a profile of each file artifact that contains identifying
information such as file name, file size, associated application name, and seven
unique hash values: CRC-32, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.
These hash values may be used to verify the presence of a steganography application
on the media being examined.
If a digital forensic examination reveals that a steganography application is, or
was, on the storage media, it should be assumed the application was used to hide
something. Accordingly, identifying the steganography application used to hide information
is the critical first step toward attempts to find and extract information that
may have been hidden with the application. Identifying the application used to hide
information allows the examiner to focus efforts on locating the carrier files that
may have been manipulated by that application.
With the hash values of all file artifacts associated with more than
725
digital steganography applications, SAFDB is the most extensive steganography application
hash set publicly available anywhere.
SAFDB is included with the Steganography Analyzer Artifact Scanner (StegAlyzerAS),
a digital forensic analysis tool that detects file and Microsoft Windows® Registry
artifacts of digital steganography applications. Additionally, a version of SAFDB
is currently available in a format compatible with the following digital forensic
tools and utilities:
- EnCase
- Forensic Toolkit (FTK)
- HashKeeper
- ILook
- ProDiscover
Future versions of SAFDB will include additional hash values for all the file artifacts
associated with additional steganography applications.
|