The post Best forensic tools to hide secrets passwords and recover files appeared first on Information Security Newspaper | Hacking News.
]]>Every images we see electronically such as in mobile, television, computers consists of some pixels. Those pixels are called smallest component of an image. In each image pixels are produce by three to four colors. Those colors are red, green, blue, white. The RGB model is common for video displays and other video components which are used in watching an image on the electronic screen. These rgb model are added together to create an array of color. These colors are knowns are primary supplement when they are muixed in equal amounts. These colors create while. And when thery are mixed with different amounts other colors are formed.
As shown above the RGB forms different colors on screen. In binary codes it forms different colors in steganography. When images are combined in steganography the rgb changes its colors as shown below, explain cyber forensics professors.
As shown above when two images are combined an new image is formed. In steganography right most bits are changed as it shows very minor visual effect on the image.
As you can see when image 2 is hiding is hiding data in it. As steganography changes right most bit in the image.
As shown above the left most is an simple image. But the right most is an image hiding another image. If you look carefully second image in the above figure holds an encrypted data. The below is the python code shows how image is hided in another image, cyber forensics consultants demonstrate.
#encoding
steg = LSBSteg(cv2.imread("image_1.png")
new_im = steg.encode_image(cv2.imread("image_2.jpg")) cv2.imwrite("Desert.png", new_im)
#decoding
steg = LSBSteg("new_image.png")
orig_im = steg.decode_image()
cv.SaveImage("Desert.png", orig_im)
As shown above in code image 1 is hided in image 2. The above is the common code used to hide images in image. Now we will see txt code that how txt is hidden in image. The above code uses an simple parameters to hide images.
#encoding
steg = LSBSteg(cv2.imread("my_image.png"))
img_encoded = steg.encode_text("sensitive_data") cv2.imwrite("Desert.png", img_encoded)
#decoding
im = cv2.imread("Desert.png")
steg = LSBSteg(im)
print("Text value:",steg.decode_text())
The above is the basic code shows that how text is hided inside an image. The above code consists of encoded method which are used in hiding text files. Now we will show you some of the tools that are used in hiding data inside an image.
Stegohide is an simple program used in hiding data inside an image. According to digital forensic expert of International Institute of Cyber Security, the color frequencies are not changed in this program as it hides only minimal data. Stegohide current version is 0.5.1. This program encrypts data. When a user hide txt file inside this program it ask to put passphrase. Passphrase is the key which is used to encrypt and decrypt the sensitive information, cyber forensics teachers say.
Foremost is the another Linux utility that recovers deleted files in Linux system. Data recovery is the process in which deleted or corrupted data is recovered. Foremost is an simple utility that are pre-installed in many systems. An initial configuration is already done in Kali Linux for using foremost. If you are using any other Linux Distros.
root@kali:/home/iicybersecurity/Downloads/foremost# foremost -h
foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus.
$ foremost [-v|-V|-h|-T|-Q|-q|-a|-w-d] [-t ] [-s ] [-k ]
[-b ] [-c ] [-o
] [-i <file]
-V - display copyright information and exit
-t - specify file type. (-t jpeg,pdf …)
-d - turn on indirect block detection (for UNIX file-systems)
-i - specify input file (default is stdin)
-a - Write all headers, perform no error detection (corrupted files)
-w - Only write the audit file, do not write any detected files to the disk
-o - set output directory (defaults to output)
-c - set configuration file to use (defaults to foremost.conf)
-q - enables quick mode. Search are performed on 512 byte boundaries.
-Q - enables quiet mode. Suppress output messages.
-v - verbose mode. Logs all messages to screen
root@kali:/home/iicybersecurity# ls
core Desktop Documents Downloads Music output Pictures Public sample.pdf Templates Videos
root@kali:/home/iicybersecurity# cat sample.pdf
%PDF-1.3
%▒▒▒▒
1 0 obj
<<
/Type /Catalog
/Outlines 2 0 R
/Pages 3 0 R
>
endobj
2 0 obj
<<
/Type /Outlines
/Count 0
>
endobj
3 0 obj
<<
/Type /Pages
/Count 2
/Kids [ 4 0 R 6 0 R ]
>
endobj
4 0 obj
<<
/Type /Page
/Parent 3 0 R
/Resources <<
/Font <<
/F1 9 0 R
>
/ProcSet 8 0 R
>
/MediaBox [0 0 612.0000 792.0000]
/Contents 5 0 R
>
endobj
5 0 obj
<< /Length 1074 >>
stream
2 J
BT
0 0 0 rg
/F1 0027 Tf
57.3750 722.2800 Td
( A Simple PDF File ) Tj
root@kali:/home/iicybersecurity# ls
core Desktop Documents Downloads Music output Pictures Public sample.pdf Templates Videos
root@kali:/home/iicybersecurity# rm sample.pdf
root@kali:/home/iicybersecurity# ls
root@kali:/home/iicybersecurity# ls
core Desktop Documents Downloads Music output Pictures Public Templates Videos
root@kali:/home/iicybersecurity# foremost -i sample.pdf -T pdf
Processing: stdin
root@kali:/home/iicybersecurity#
root@kali:/home/iicybersecurity# foremost -i sample.pdf -T pdf -o /home/iicybersecurity
Processing: stdin
root@kali:/home/iicybersecurity#
root@kali:/home/iicybersecurity# ls
core Desktop Documents Downloads Music output output_Thu_Jan_31_06_08_40_2019 Pictures Public Templates Videos
root@kali:/home/iicybersecurity# cd output
root@kali:/home/iicybersecurity/output# ls
audit.txt pdf
root@kali:/home/iicybersecurity/output# cat audit.txt
Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus
Audit File
Foremost started at Thu Jan 31 06:08:13 2019
Invocation: foremost -i sample.pdf
Output directory: /home/iicybersecurity/output
Configuration file: /usr/local/etc/foremost.conf
File: sample.pdf
Start: Thu Jan 31 06:08:14 2019
Length: 2 KB (3028 bytes)
Num Name (bs=512) Size File Offset Comment
0: 00000000.pdf 2 KB 0
Finish: Thu Jan 31 06:08:14 2019
1 FILES EXTRACTED
pdf:= 1
Foremost finished at Thu Jan 31 06:08:14 2019
root@kali:/home/iicybersecurity/output/pdf# cat 00000000.pdf
%PDF-1.3
%▒▒▒▒
1 0 obj
<<
/Type /Catalog
/Outlines 2 0 R
/Pages 3 0 R
>
endobj
2 0 obj
<<
/Type /Outlines
/Count 0
>
endobj
3 0 obj
<<
/Type /Pages
/Count 2
/Kids [ 4 0 R 6 0 R ]
>
endobj
4 0 obj
<<
/Type /Page
/Parent 3 0 R
/Resources <<
/Font <<
/F1 9 0 R
>
/ProcSet 8 0 R
>
/MediaBox [0 0 612.0000 792.0000]
/Contents 5 0 R
>
endobj
5 0 obj
<< /Length 1074 >>
stream
2 J
BT
0 0 0 rg
/F1 0027 Tf
57.3750 722.2800 Td
( A Simple PDF File ) Tj
The post Best forensic tools to hide secrets passwords and recover files appeared first on Information Security Newspaper | Hacking News.
]]>