Steganalysis
What is Steganalysis?
SteganalysisThe forensic discipline of detecting, and where possible extracting, hidden information embedded within seemingly innocuous files using steganography.
Steganalysis is the counterpart of steganography. Investigators look for statistical anomalies, unusual file sizes, palette irregularities, modified least-significant bits, or inconsistencies in metadata that suggest a carrier file (image, audio, video, document, or network protocol) hides a covert payload. Techniques include chi-square attacks, RS analysis, and machine-learning classifiers trained on known steganographic algorithms (JSteg, F5, OutGuess, Steghide). Tools such as StegExpose, zsteg, stegseek, and binwalk help triage suspect files. Steganalysis is relevant to insider-threat investigations, malware command-and-control hidden in images, and data-exfiltration cases where confidential data leaves an organization disguised as media.
● Examples
- 01
Detecting LSB modifications in PNG attachments emailed from an executive account.
- 02
Cracking a Steghide-protected JPEG with stegseek to recover an exfiltrated document.
● Frequently asked questions
What is Steganalysis?
The forensic discipline of detecting, and where possible extracting, hidden information embedded within seemingly innocuous files using steganography. It belongs to the Forensics & IR category of cybersecurity.
What does Steganalysis mean?
The forensic discipline of detecting, and where possible extracting, hidden information embedded within seemingly innocuous files using steganography.
How do you defend against Steganalysis?
Defences for Steganalysis typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Steganalysis?
Common alternative names include: Steganography detection, Covert-channel analysis.