Steganographic Techniques on Social Media: Investigation Guidelines

Steganographic Techniques on Social Media: Investigation Guidelines

Steganographic Techniques on Social Media: Investigation Guidelines AIMIE CHEE B.S. Computer Science (Southwest Minnesota State University, USA) A thesis submitted to the graduate Faculty of Design and Creative Technologies AUT University in partial fulfilment of the requirements for the degree of Master of Forensic Information Technology School of Computing and Mathematical Sciences Auckland, New Zealand 2013 ii Declaration I hereby declare that this submission is my own work and that, to the best of my knowledge and belief, it contains no material previously published or written by another person nor material which, to a substantial extent, has been accepted for the qualification of any other degree or diploma of a University or other institution of higher learning, except where due acknowledgement is made in the acknowledgements. .......................................... Aimie Chee (20 May 2013) iii Acknowledgements This thesis was completed at the Faculty of Design and Creative Technologies in the School of Computing and Mathematical Sciences at Auckland University of Technology. I would like to express my deepest gratitude to everyone who has supported me through the two years of my thesis journey. First of all, I would like to thank my father, Shout Twong, and my mother, You Laa, who have financially supported my entire post graduate study and have given me the courage to fulfil my dream. I would also like to thank my best friend, Cathy, who has continuously guided, helped, and encouraged me whenever I was stressed and lost during my post graduate study. I would like to thank my thesis supervisor, Dr. Brian Cusack, who has provided valuable advice on and inspiration for the thesis project, without him, I would not have been able to achieve this much. Thanks also to my course mates, Ting and Muteb for sharing their brilliant ideas and providing valuable suggestions in regard to my thesis project. I would like to offer my deepest appreciation to all the postgraduate staff and lecturers for supporting my two years of postgraduate study, without you, I would not have successfully completed my degree. I appreciate the services of Catriona Carruthers who proof-read this dissertations. Last but not least, I would like to thank Magnet Forensic software for providing the full trial version of Internet Evidence Finder and Mr. Jad Saliba from the Magnet Forensic support desk for supporting me and addressing the Facebook chat recovery issues that occurred during the execution of this thesis project. I would also like to extend my appreciation to Backbone Security for providing me with the opportunity of using their trial version of StegAlyzerAS and StegAlyzerSS and to thank Mr. Robert W. Lipscomb for answering queries in regard to the tool‘s technical issues. iv Abstract Online social networking is available to anyone who wants to sign up to the many sites available. The web-based services allow users to communicate with many media sources and to build relationship networks that have personal meaning. The medium permits open communication and, consequently, the propagation of hidden messages (steganography) and the exchange of images, text, sound files and so on, that may contain hidden information. The purpose of this research is to find out whether or not it is necessary to include steganography as a routine check when conducting digital forensics examinations in relation to online social networking. This is a challenge to digital forensic investigators as the hidden messages will not be found if they are not being searched for. The research testing was carried out in a laboratory environment under an empirical approach. In the pre-test, five steganographic techniques with different image formats were uploaded on Facebook and Google+ social network websites and then downloaded to identify the techniques that can and cannot be used on Facebook and Google+ for the complete process of covert communication up to the extraction of the hidden messages. Two suitable techniques, JP Hide and Seek and StegHide with common JPEG images were chosen for the experimental case scenarios, based on the pre-test results. The experimental case scenarios were simulated on laboratory computers and digital forensic examinations were undertaken to identify both the uploaded hidden messages in different images and to extract the hidden messages in the uploaded and downloaded image files. Based on the digital forensic examination performed on the experimental case scenarios, a guideline for the steganographic examination process was established. The findings from the pre-test results showed that steganography is difficult to perform in the Facebook photo upload feature. Here the hidden message cannot be extracted after the image is downloaded from Facebook, but it can be successfully performed through the message file attachment and group file sharing features with a variety of image formats such as JPEG, PNG, BMP, and GIF. On Google+ photo sharing, on the other hand, the complete cycle of steganography communication from embedding up to the extraction of hidden messages was successfully undertaken with JPEG, PNG, BMP or GIF image v formats. The results show that steganography can be propagated in social media; therefore it is necessary to include steganographic evaluation in the standard digital investigation procedures. It was discovered during the research experiment that there is a lack of effective forensic tools in the area of steganographic image analysis or signature detection. The current steganalysis tools are designed for specific signatures but there are very many steganographic tools that are capable of embedding hidden messages using different techniques. This is a challenge for the digital forensic investigator. Therefore, there is an opportunity for further research in this area where the capabilities of detection tools can be further developed with more steganographic signatures. vi Table of Contents Declaration .......................................................................................................... ii Acknowledgements ............................................................................................ iii Abstract ............................................................................................................... iv Table of Contents ................................................................................................ vi List of Tables .....................................................................................................xii List of Figures ................................................................................................... xiv List of Abbreviations ......................................................................................... xvi Chapter 1: Introduction 1.0 BACKGROUND....................................................................................... 1 1.1 MOTIVATIONS ....................................................................................... 2 1.2 THE RESEARCH APPROACH ................................................................ 4 1.3 THE RESEARCH FINDINGS .................................................................. 4 1.4 STRUCTURE OF THESIS ...................................................................... 6 Chapter 2: Literature Review 2.0 INTRODUCTION ..................................................................................... 8 2.1 STEGANOGRAPHY OVERVIEW .......................................................... 8 2.1.1 Steganography vs Cryptography .................................................. 10 2.1.2 Steganography vs Watermarking ................................................. 11 2.1.3 The Prisoner‘s Problem ............................................................... 12 2.1.4 Steganography Classification ....................................................... 13 2.1.4.1 Semagrams .................................................................. 14 2.1.4.2 Open Codes ................................................................. 14 2.1.4.3 Spam Mimics............................................................... 15 2.1.4.4 Digital Media............................................................... 16 2.1.4.5 Disk Space ................................................................... 17 2.1.4.6 Protocol ....................................................................... 17 2.1.4.7 Other Files ................................................................... 17 2.2 DIGITAL IMAGE FORMAT.................................................................. 18 2.2.1 Colour Representation .................................................................. 19 vii 2.2.2 Raster Format ............................................................................... 20 2.2.3 Palette Format .............................................................................. 21 2.2.4 Transform Format - JPEG ............................................................. 21 2.3 IMAGE STEGANOGRAPHY ................................................................ 22 2.3.1 Text File (.txt) Injection into Image File ....................................... 23 2.3.2 Zip File (.rar / .zip) Injection into Image File ................................ 24 2.3.3 Hiding in EXIF ............................................................................. 26 2.3.4 Least Significant Bits (LSB) Substitution in Spatial Domain Images ...............................................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    272 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us