The art of applying stegnography to analyze the images is known as Steganalysis. It can be termed as the art as well as the science of detection of hidden messages. This can be done by stegnography. In some form it can be related or compared with cryptanalysis that is applied to cryptography. The aim or goal of steganalysis is to identify the packages that are suspected and determine if any payload is encoded into them.
It is the task of the computer forensics professional to do steganalysis in order to find out the criminal in the computer crime. And also one of the tasks is to recover that payload. There are many complications involved in steganalysis also. There are primarily four things which lead to complicated behavior to do analysis of stegnographic images. First of all is that the suspect files or data information may or may not have any data that is encrypted or encoded into them.
The next or the second complication that may arise is the payloads. It is also possible that the payloads may have been encoded before being encrypted into the carriers. The third thing that is to be kept in mind is the complicacy that may arise if some of the file or information that is considered to be suspected has any irrelevant data in it.
The irrelevant data or information is called as the noise - the unwanted information. This encoded data or information causes analysis of the file a difficult task. The computer forensics professional has the task to first identify the unwanted information in order to extract any valid evidence from it. The stealth setting increases the analysis time of the file or information.
The fourth or the last complicacy that may arise in case of steganalysis is that unless the computer forensics professional can completely recover, decrypt and decode as well as inspect the payload. It is only the probability which can decide whether a correct file is under investigation.
The different in steganalysis and cryptanalysis is that there is prior information regarding the file that is under investigation. There is sufficient proof that the file which is intercepted has the data containing a message. Even thought that message is encrypted. The process of steganalysis usually begins with huge information that needs to be sorted out in order to get proper evidence.
The pile of data files generally starts with suspects data files. But there exists little information regarding which of the files have the payload. The person who performs the operation of steganalysis is called as steganalyst. Steganalyst usually deals with some sort of computer forensic statistician. He has the task to reduce the set of data files.
It is also possible that all the files over a computer system are considered as suspect’s data or files. There is generally a problem encountered in handling the statistical analysis. If there are any unmodified files of the same type and that too from the same source for inspection then some sort of compression techniques may be employed to achieve this. For examples the images those are stored over a digital camera are all of the same type. For proper utilization of the memory a compression technique needs to used which need to be decoded first.
No comments:
Post a Comment