Steganography Analysis

StegoHunt™ MP

StegoHunt MP is the next generation of WetStone’s industry-leading steganography program detection tool and steganalysis suite. StegoHunt effectively detects the presence of both steganography and data hiding programs as well as the files in which the data payload may have been hidden (carrier files).

StegoHunt MP’s new modern codebase improves upon the previous version of StegoHunt, giving users exciting new features.

These features include:

  • Expanded filetype support
  • Enhanced reporting, including HTML and CSV reports
  • Configurable data appending thresholds
  • Hash file generation supports efficient re-scanning of suspect systems to detect steganography and encryption programs
  • Suspicious Files archive to quickly access files identified in the StegoHunt MP report
  • Extraction of image files from other files, including Office documents and PDFs
  • Additional archive filetypes supported
  • Improved statistical analysis checks to reduce false positives and improve detection capabilities
  • User option to whitelist files and exclude them from a report if determined to be a false positive
  • Modern codebase allows for quicker turnaround on product enhancements and higher performance compared to the legacy version of StegoHunt
  • Factory-provided whitelists improve scanning performance and reduce false positives for files known to originate from reputable sources, such as operating system files and popular applications

FEATURES OF STEGOHUNT™ MP

  • Identify the presence of carrier files on a system through statistical analysis techniques
  • Identify the presence of data hiding tools and artifacts on a system
  • View data about images, such as the bitmap, and utilize color filters for more information
  • Crack and extract payloads from carrier files using encryption by launching a dictionary attack against the data hiding password
  • Comprehensive reporting
  • Compatible with a variety of Windows desktop and server platforms:
    • Windows 7
    • Windows 8
    • Windows 8.1
    • Windows 10
    • Windows Server 2008 and 2008 R2
    • Windows Server 2012 and 2012 R2
    • Windows Server 2016
    • Windows Server 2019

FILE TYPES SUPPORTED BY STEGOHUNT™ MP

  • JPEG
  • BMP
  • GIF
  • PNG
  • WAV
  • MP3
  • JPEG 2000
  • TIFF
  • PCX
  • 3GP
  • M4V
  • 7z
  • M4A
  • MOV
  • MP4
  • AVI
  • FLV
  • MPG
  • ASF
  • OLE (.doc, .ppt, .xls, etc)
  • Office files (.docx, .pptx, .xlsx, etc)
  • PDF
  • ZIP
  • TAR

StegoHunt™MP

  • Quickly identify if steganography is present in your investigations by scanning for thousands of steganography, stegware and data hiding applications using advanced, fast search methods
  • Identify suspect carrier files that otherwise go undetected, including program artifacts, program signatures, and statistical anomalies
  • Generate case-specific reports for management or court presentation
  • Utilize multiple operational discovery modes, including directory, drive, archives, drive image, and network path

StegoAnalyst™

  • Steganography analysis tool that provides deep investigation of detected images and audio files
  • Utilize the file viewing panel to display the individual file attributes, including image details, discrete cosine transform (DCT) coefficients, and color pairs
  • Select from various filter options for further presentation and analysis, such as least significant bit (LSB) of specific colors.

StegoBreak™

  • Quickly and easily crack and extract payloads from many carrier files using a simple point and click interface
  • Leverage the popular password dictionaries included in order to execute a dictionary attack
  • Easily bring in other dictionaries, as well as create your own, to expand your dictionary attack