This Is AuburnElectronic Theses and Dissertations

Digital Forensic Detection and Disruption of JPEG Steganography

Date

2010-07-28

Author

Trawick, George

Type of Degree

dissertation

Department

Computer Science

Abstract

The use of digital media and internet communications has grown for business and personal use, and so has the use of digital communications by criminal and terrorist elements. Of particular interest in both criminal investigations and national security is the use of covert communications channels by terrorists and criminals. A primary challenge faced by law enforcement is founded in the tremendous capacity of modern storage devices. The terabyte sized digital storage available to the public today allows for enormous amounts of evidence items to be hidden among millions of mundane, generic files. To forensically image and analyze these files can take days, sometimes weeks. When a criminal uses steganography to hide illicit content inside the otherwise mundane files, the investigators’ mission becomes many times more difficult, if possible at all. Criminals are using applications that implement digital steganography to secretly communicate, plan, coordinate and execute their unlawful activity. When criminals add encryption to the immense number of steganographic implementations available it results in a combination proving to be nearly insurmountable for law enforcement and government agencies. This research introduces a unique and novel method that allows for the detection and possible tracking of steganographic messages hidden on a suspect’s digital storage device. The current state of the research shows that there are opportunities in exploration of specific areas of JPEG implementation combined with non-traditional hashing techniques; to find new methods for detection of steganographic images. This research focuses on a particular genre of steganography that is implemented using JPEG images. In particular this research focuses on those steganographic implementations that exploit the transform domain of the JPEG compression algorithm. The findings in this research demonstrate that within the results from the JPEG compression algorithm are artifacts that remain constant between repeated compressions. This research uses emerging methods of non-traditional hashing to expose likely steganographic images within a finite set or database of images and identify a possible digital fingerprint allowing law enforcement new capabilities in coping with the use of steganography as a tool for criminal activities.