computer forensics L Lase, such as explosives, bombs ililtll Ih your preferred c

Question

computer forensics

L Lase, such as explosives, bombs ililtll Ih your preferred computer forensics tool, and write cartl in your pre a report on any relevant findings. Case Project 9-2 Several graphics files were transmitted via e-mail from an unknown source to a suspect in an ongoing investigation. The lead investigator gives you these gra- phics files and tells you that at least four messages should be embedded in them. Use your problem-solving and brainstorming skills to determine a proce- dure to follow. Write a short report outlining what to do. Case Project 9-3 A drive y drive you're investigating contains several password-protected files and other les with headers that don't match the extension. Write a report describing the proced file passwords ures you need to follow to retrieve the evidence. Identify the mismatched ders to extensions and discuss techniques you can apply to recover from the protected files.

Explanation / Answer

Answer:

Report on embedding the messages into the graphic files:

To embed the messages into the graphic files a techniques is used it is known as steganography. In this technique, there is a special case of steganography which is a Unicode steganography. This uses the process of look-a-like characters of the ASCII set to make the data look alike. When the technique is used, along with the original data, extra bits would be carried out.

The result of the graphic files is displayed properly without disturbance, and then it implies that there are no difference between the original and the modified one. But, in certain systems, the graphic files will not display the fonts or images properly. This results to easily spotting of the extra bits.

The analysis of encoding the embedded messages into graphic files is known as steganalysis.

The goals of steganalysis are:

To detect the suspected packages,

To identify the packages with the extra encoded payload

If identified, recover the payload.

This analysis first reduces the set of data files into sub files with most of them being altered.

Steganalysis Basic techniques:

This strategy uses the statistical analysis to handle the problem. A set of unmodified files are inspected for various statistical analysis which are of same type and from the same sources.

In this process of analysis, some of them are similar and simple as spectrum analysis. But now a days the audio and image are being compressed by using the lossy compression algorithm in which they attempt to verify for inconsistency of the data the way they are been compressed.

In a JPEG compression, it uses an edge ringing compression technique in which high frequency components will disturb the other nearby pixels. This disturbance is easily predictable and to detect a simple steganographic encoding algorithms are used.

Detection of the suspected files can be done by straight forward process by comparison, in which the original and un-modified carriers are available. The difference between the payloads of the received files and the original files during encoding will result to extraction of the payloads.

Steganalysis Advance techniques:

Irrespective to the huge files, there might be some files that contain a single image. This may need to implement a complicated analysis to detect.

According to steganography, this tries to disturb the in-distinguishable carriers from noise floor carrier. But, this is difficult to simplify the modifications to make the carrier resemble similar to white noise than analyzing, designing and matching with the actual noise’s carrier characteristics.

In general, the steganography systems can make easy modifications to the Least Significant bits(LSBs) over the samples. This modified samples results to overall modification of the LSBs to generate different noise profiles than the expected analysis of their higher order bits which shows some amount of noises.

These types of LSBs modifications can be detected by the appropriate algorithms.

Some of the challenges to be considered are encrypted payloads and barrage noise.

At times, the encrypted loads are also be detected, where the steganography encoding technique is also difficult to generate the distributed signal energy evenly.

if the storage device is inspected similar to the embedding the messages, where the steganography place a barrage over a potential analyst with respect to the effective misinformation. In this, the encoding density of these files may slightly higher than the original one. In such cases, different type of algorithms can be used as varying detections.

The steganalyst first looks into these decoys in wasting the time and wasting the resources.

Extra checking is to be provided in filtering the irrelevant data and in prioritizing the investigation.

The cautions have to be taken basing on the steganalyst evidences which is may lead to danger until the payload is detected and decrypted. If not statistics data collected by the analyst might lead to implying that the file is modified. These again lead to modifications made by the steganography encoding. Thus, in very case there need to be a backup for the steganalysis suspicious over the other investigating techniques.

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.