Search:
[Title Bar]

FAUST: Forensic artifacts of uninstalled steganography tools

Abstract

Images and data, such as child pornography and credit card numbers, can be hidden in files through the use of steganography. Many steganography programs are freely available on the Internet. Searching data files for hidden, embedded content through steganalysis is a time-consuming process. Often steganography programs leave traces behind, such as files, directories, or registry keys, even after they have been removed or uninstalled from the system. An alternative to steganalysis is for a forensic investigator to perform a quick search for these telltale indications that steganography has been used. In this paper, we present the results of a study to detect traces left behind after a number of freely available steganography tools were installed, run, and uninstalled.

Return to the Publication list.


This page last modified Oct 23, 2009.
Home
RSS Feed
feed