NETS1032

NETS1032 Data Forensics Lab

The purpose of this lab is to become acquainted with using steganography tools.

Install some stego tools

Install some stego tools on a Ubuntu desktop, your Windows laptop, or a Macbook. Many tools are available as packages for Linux. Using Linux as an extraction platform can help protect you from malware hidden in stego files.

Extract a hidden file from a stegofile

  1. Download the sample image file to try with the outguess tool, key for the stegofile is 1234
  2. Download the sample image file to try with the steghide tool
  3. Install steghide outguess
  4. Use the appropriate steganalysis tool to examine each stegofile
    • Does it give you evidence that this file is a stegofile?
    • What evidence does it give?
  5. Download the other original cover file
  6. Compare the stego file and extracted file for both cases
    • Which of the files is bigger?
    • What can you visually identify as differences in the two images, if anything?
  7. Try using the info subcommand of steghide with a passphrase of 1234 on the stegofile
    • Does it tell you what is embedded in the file?
  8. Extract the embedded files and try viewing them with an image viewing tool

Create a double layered stegofile

  1. Obtain 3 image files to use for your stego exercise
  2. Everyone needs to use their own images and duplicates will be rejected
  3. The 3 files to use will likely work best with sizes of approximately 30KB, 300KB, and 3MB+ - you may have to try a number of different images to get things to fit
  4. Use outguess to hide the smallest file using the middle-sized file as a cover file
  5. Use steghide to hide the outguess-encoded stegofile using the largest file as a cover file

Grading

Submit a single image file which is the steghide-encoded stegofile. Put the password for the inner outguess-encoded image and the outer steghide-encoded image) in the submission comment on blackboard.