Steganography using Steghide(kali Linux)

Steganography using Steghide(Kali Linux) 

What is Steganography?

Steganography is the practice of concealing information within another message or physical object to avoid detection. Steganography can be used to hide virtually any type of digital content, including text, image, video, or audio content. That hidden data is then extracted at its destination.

What is Steghide?

Steghide is a steganography program that is able to hide data in various kinds of image- and audio files.

How to use Steghide?

first, we need to install Steghide software in Kali Linux.

  • Open the terminal in Kali Linux and type Steghide
  • If already installed it will show something like the below.


  • If it is not installed it asks for installation like below.


  • Click Y and the installation will be started.
  • Steghide software is now installed now we have to hide the information
  • We need two files, one that we want to hide and the other is on which we hide

 

  • there are two files in my downloads folder, one is a JPG image and the other is a Txt folder( text.txt).


  • this is the image on which we are going to hide the information

  • the text written in the folder is "I LOVE PIZZA".
  • now we are going to hide this text in the jpg image.

  • confirm the existence of the two documents in the terminal using the "cd" command.

  • use the below command to hide the text on the image.



      -cf filename: Specify the cover file that will be used to embed data.

      -ef filename: Specify the file that will be embedded.
  • It will ask for a passphrase which will be used while retrieving data back from the image If the passphrase matches then only the data will be retrieved. so remember the passphrase given.
  • you have successfully embedded the data inside the JPG file.
  • now we delete the text file in download and get it back form the JPG file.

  • If we want to confirm if an image/audio file is embedded or not we need to use the below command (we must know the passphrase).


  • for retrieving the data we need to use the following command.
  • it asks for the passphrase and retrieves the data.



  • by opening the file we can see the text.


  • we have finally hidden and retrieved information using steganograpy.
  • this can be done on any file not only on JPG.

                                                        Some more commands:


man command
  • opens the manual 






-v(verbose)
  • Display detailed information about the status of the embedding or extracting process.


-z(compress) level
  • It compresses the file and we have to mention the level it can be from 1-9 where 1 means best speed and 9 means best compression.
  • if you write only -z without mentioning any level it will not compress the file.


-xf filename
  • If you want to extract the hidden contents to another file we should use this command.


-e encryption algorithm

  • if you want to add encryption to the hidden file you need to use this command and you have to mention the algo and mode.



-p password
  • If you have a long password you have to you this command.
  • if you have spaces in the password you have to write it inside the double quotes.




    Contributors: 
      
    1. Mr. Salagrama Aditya, B.E CSE 4th semester, MVSR Engineering College, Hyderabad, Telangana, India
     
    2. Dr. Nitesh K Bharadwaj, Assistant Professor, Dept. of CSE, IIIT Pune, India.

    3. Dr. Bhupendra Singh, Assistant Professor, Dept. of CSE, IIIT Pune, India.

Comments

Post a Comment

Popular posts from this blog

Analysis of Volatile Memory(RAM) Using Volatility3

Image
  Introduction: Volatility3 is the most advanced and newest volatile memory forensics framework in the world. It is also Open Source, this framework is written in python. It is also the most widely used framework for extracting digital artefacts from volatile memory i.e. RAM image. The framework is intended to introduce people to the techniques for extracting digital artefacts from volatile memory(RAM) samples and provide a platform for further work into this exciting area of research. Downloading and Installation: Requirements: Python 3.5.3 or higher Pefile 2017.8.1 or later. Download volatility from   here  or run the following command in command line to clone the repository. git clone https://github.com/volatilityfoundation/volatility3.git RAM Image Creation: To create a memory dump for analysis we can use DumpIt memory tool which can be downloaded from here . Also, we can use ftkimager to create a memory dump, which can be downloaded from  here . To create the image using ftkima
Read more

$Recycle.Bin Forensics: Analysis of $I (metadata file) and $R (actual content)

Image
  Forensic Insight into Windows 10 $Recycle.Bin  In Windows 10, the deleted files are temporarily located in  "C:\$Recycle.Bin>",  a sub directory under root directory. The completion of file deletion process yields two separate files placed within the $Recycle.Bin path, as follows: $I – Contains metadata specific to the deleted file (original file name path, file size, deletion timestamp, file name size and, file name). $R – Contains the actual contents of the file. The two files ($I and $R) corresponding to the deleted file are named/suffixed with a random six character value after $I and $R, resulting  into a 8–character file name. The system creates SID based folders corresponding to each user account.   In the SID sub-folder, you will find the SID of the user who deleted the file. Each time a user deletes a file from the Recycle Bin, a sub-folder is created for them. As per the requirement an analyst can analyse the contents inside the SID sub-folders.  Let’s
Read more

Usefulness of Epoch in Digital Forensics Investigation (UNIX and MacOS perspective)

Image
 Usefulness of Epoch in Digital Forensics Investigation  (UNIX and MacOS perspective)  In digital forensics investigation, epoch plays an important role in event reconstruction. Hence, we try to provide detailed insight into the UNIX and MAC OS epoch values. An epoch is a date and time that a computer uses to determine the computer's clock and timestamp values. Epoch is sometimes also referred to as epoch time, POSIX time, and Unix time. In simple words, it is the starting point of the operating system that determines a computer’s date and time by counting ticks (seconds/ nanoseconds/picoseconds). Epochs can persist into the file metadata, system files, log files, and other metadata files. The value of epoch varies from operating system (OS) to OS and file system to file system.   The epoch traditionally corresponds to 0 hours, 0 minutes, and 0 seconds Coordinated Universal Time (UTC) on a specific date, which varies from system to system, as the starting date of each system i
Read more