What tools can you locate on the Internet that can help you detect files hidden

Question

What tools can you locate on the Internet that can help you detect files hidden in other files? Are there any procedures that you would implement if you suspected someone of doing this on your network? 2) Why did, or didn’t, the file size differ between the original file and the file with the document hidden inside? 3) If you were a network administrator, or Security Officer, what policy would you implement to prevent users from using steganography? 4) Can you think of any legitimate uses for a business to use steganography?

Explanation / Answer

Hi,

Below is the answer-

The word steganography comes from the Greek name “steganos” (hidden or
secret) and “graphy” (writing or drawing) and literally means hidden writing.
Steganography uses techniques to communicate information in a way that is
hidden.
Steganography hides the existence of a message by transmitting information
through various carriers. Its goal is to prevent the detection of a secret message.The most common use of steganography is hiding information from one file within the information of another file.
The hidden information may be plaintext, ciphertext, images, or information hidden
into a bit stream. The cover carrier and the hidden information create a stegocarrier.
A stegokey, such as a password, is additional information to further
conceal a message.
Tools to identify hidden information-
1. EnCase features a intuitive GUI that
enables examiners to easily manage large volumes of computer evidence and
view all relevant files, including "deleted" files, file slack and unallocated space.The solution effectively automates core investigative procedures, replacing
archaic, time-consuming and cost-prohibitive processes and tool.

2. Comparing the MD5 hash values of two files with the program, md5sum.exe.
This program is found easily on the Internet.
Investigators use MD5, an algorithm, to generate a 128-bit fingerprint of an
file, irregardless of its size. Because there are 10 exponent, 38 possible hash
values, it is unlikely that files would have the same hash value. Furthermore,
right now, manufacturing a file that generates a particular hash value is
“computationally infeasible.” Therefore, at the moment, files are identified
reliably through their MD5 hash value

How to prevent users from using steganography?
1. They are the visual attack (actually seeing the differences in the files that are encoded) and the statistical attack: "The idea of the statistical attack is to compare the frequency distribution of the colors of a potential stego file with the theoretically expected frequency distribution for a stego file.
2. Network intrusion detection systems can help administrators to gain an understanding of normal traffic in and around your network and can thus assist in detecting any type of anomaly, especially with any changes in the behavior of increased movement of large images around your network.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.