Module‐10 - LPouliot/Soph-Spring-FOR-100-Digital-Forensics GitHub Wiki
Tools for the In-Class Activities
Other tools and videos can be found in the reading channel
Open Stego Lab
Objective:
- to test out steganography techniques using the open-source tool Open Stego.
Download:
- Download: Setup-OpenStego-0.8.6.exe from
- https://github.com/syvaidya/openstego/releases and install on your Windows machine.
Lab environment:
Directions:
- Using the Open Stego tool, hide your favorite, school appropriate meme inside of a larger file.
- You may work with a partner and exchange your carrier files and attempt to retrieve the memes.
Directions:
Download OpenStego on the VM and open the OpenStego program
Pick Two images, one normal and one to be the hidden message
- Put them in the pictures folder
Choose Hide Data
- Message file = the normal photo
- Cover file = the hidden photo
- Output sego file = Chose the folder again and named it VerySecrets (It will end up in documents)
Now sending it to a friend through email!
Time to Decrypt Friend's hidden photo
Choose Extract Data:
- Inout Stego file = The file that was just given by friend (put the download into documents first)
- Output folder for message file = The folder again it will go to Documents
- Password = Use if needed! I didn't use it
Meme located!
Find Hidden Data in Files
Instructions
There is some data hidden in each file, you are required to find that hidden data. Helpful website for decoding metadata.
Note: you will need the following files Download filesfor this activity. Make sure you extract the file so you will be working with the files named: Test01.rtf, Test02.docx, Test03.docx, and Test04.docx
Method 1:
- Open file, ctrl A to select all data in fields, hightlight/change color of text. Also show hidden formatting via the paragraph symbol in the middle top of Word.
Method 2:
- Open the file in a hex editor such as HxD and search the top and bottom of the file for hidden data.
Method 3:
- Unzip compressed files such as docx using 7zip to search for stowaways.
Method 4:
- Use exiftool to extract hidden metadata from files and use the ascii to hex site to decode potentially encoded data.
Data Hiding Case #1
Task #1: Fix the header and find the correct file extension, in order to get a working file. Write down what you did and why.
Task #2: Extract all of the metadata found within the file. Make sure you list all those that could identify the owner of the file.
Task#3: Use the ASCII to Hex website to convert any found data that was found encoded. Make sure you use the table below to list which encoding was used with each data.