Steganography Analyzer Signature Scanner (StegAlyzer SS) is a digital forensic analysis tool designed to extend the scope of traditional digital forensic examinations by allowing the examiner to scan suspect media or forensic images of suspect media for uniquely identifiable hexadecimal byte patterns, or known signatures, left inside files when particular steganography applications are used to embed hidden information within them. Automated extraction algorithms unique to StegAlyzer SS can be used to recover hidden information.
StegAlyzerSS extends the signature scanning capability by also allowing the examiner to use other techniques for detecting whether information may have been appended to or hidden within potential carrier files.
StegAlyzer SS was found to be effective for identifying files that contain hidden steganographic data by the Defense Cyber Crime Institute (DCCI)1 and the CyberScience Laboratory (CSL)2.
Product highlights in StegAlyzer SS:
- Case generation and management
- Mount and scan forensic images of storage media in EnCase, ISO, RAW (dd), and SMART formats
- Automated scanning of an entire file system, individual directories, or individual files on suspect media for the presence of steganography application signatures
- Identify files that have information appended beyond a file’s end-of-file marker with the Append Analysis feature and analyze the files in a hex editor view to determine the nature of the hidden information
- Identify files that have information embedded using Least Significant Bit (LSB) image encoding with the LSB Analysis feature and extract and rearrange the LSBs for analysis in a hex editor view to determine if information has been hidden within the file
- Exclusive Automated Extraction Algorithm functionality for selected steganography applications gives examiners a “point-click-and-extract” interface to easily extract hidden information from suspect files
- Extensive report generation in HTML format
- Automated logging of key events and information of potential evidentiary value
- Export session activity and evidence logs in comma separated value (.csv) format
- Integrated help feature to explain specific features and functions