Using Stegdetect on Windows Drive

View previous topic View next topic Go down

Using Stegdetect on Windows Drive

Post  joetekno on Thu Feb 19, 2009 7:29 pm

To use Stegdetect on a mounted Windows Drive do the following:

NOTE: I always use a physical write blocker before conducting any forensic investigation.

Mount the drive (example of a 20 GB hard drive)
Start... Places... [20.0 GB media]

Verify the device has been mounted read only
Open a terminal windows, type "mount", device should be read only
(example output /dev/sda1 on /media/sda1 type ntfs (ro, noexec, nosuid...)

Create a symbolic link to the directory you are analyzing on the hard drive if it contains any spaces (ie /media/sda1/Documents and Settings/Student/Pictures)

In your terminal window...
type: cd Desktop <press enter key>
type: ln -s /media/sda1/Documents\ and\ Settings/Student/Pictures steg

Open the Caine Interface
"Start"... CAINE... Caine Interface
Click Create Report
Select Analysis
Click Stegdetect
Click input directory
Click file system...home...caine...Desktop...steg
Click OK
Click Run Steg detect

joetekno

Number of posts: 50
Località: Wisconsin, United States
Registration date: 2009-02-19

View user profile http://network.nwtc.edu

Back to top Go down

Re: Using Stegdetect on Windows Drive

Post  Giancarlo on Thu Feb 19, 2009 8:30 pm

Thank you so much... Very detailed!

Giancarlo

Number of posts: 76
Age: 31
Località: Modena, Italy
Registration date: 2008-10-26

View user profile http://www.caine-live.net/

Back to top Go down

Re: Using Stegdetect on Windows Drive

Post  putosusio on Thu Nov 04, 2010 4:54 am

Joe:

Is this assuming you know stenography was used or simply run to the tool to see if it was used? I've read a little about stenography and from what I remember the tool that was used to do the stenography has to be used to "decipher" the file. Is that not the case?

putosusio

Number of posts: 4
Registration date: 2010-11-04

View user profile

Back to top Go down

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum