Detecting steganography in images
I recently came across an odd JPEG file: Resolution 400x600 and a filesize of 2.9 MB. I got suspicious and suspected that there is some additional information hidden. I tried some straight forward things: open the file with some archive tools; tried to read its content with an editor, but I couldn't locate anything interresting.
Now my questions: What else can I do? Are there any tools available that analyze images for hidden data? Perhaps a tool that scans for known file headers?
I agree that is strange, but keep in mind it might have been encoded with very lax JPEG settings.
@Konrad, I doubt it. Even at three bits per pixel (24-bit color), a basic bitmap would be only approx 720,000 bytes. (400*600*3). I'd bet a trip to the Chinese buffet that there's something there not related to the obvious image. @Chris: Please post your findings, or even the file if you'll part with it.
To detect Steganography it really comes down to statistical analysis (not a subject I know very well).
But here are a few pages that may help you out.
- Steganography Countermeasures and detection - Wikipedia page worth a read to cover the basics.
- An Overview of Steganography for the Computer Forensics Examiner - Has quite a long list of tools and some other useful information.
- Steganography Detection - Some more information about Stegonography.
- Steganography Detection with Stegdetect - Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Tool hasn't been updated in quite a while but it was the best looking free tool I could find with a quick search.
A small matter of semantics, here: Steganography on its own isn't encryption, it's obfuscation. While the hidden data may in fact be encrypted, it is not a necessary part of steganography for it to be so.
Does Stegdetect still work or is it broken? i'm getting lots of compilation errors on ubuntu 14.04