StegAlyzerAS
StegAlyzerSS
StegAlyzerRTS

StegAlyzerAS

Product Description:

The Steganography Analyzer Artifact Scanner (StegAlyzerAS) is a digital forensic analysis tool designed to extend the scope of traditional digital forensic examinations by allowing the examiner to scan suspect media, or forensic images of suspect media, for known artifacts of steganography applications.

Residual artifacts may be identified by scanning the file system as well as the registry on a Microsoft Windows® system. StegAlyzerAS allows for the search of files by using CRC-32, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 hash values stored in the Steganography Application Fingerprint Database (SAFDB) and registry entries stored in the Registry Artifact Key Database (RAKDB) distributed with StegAlyzerAS.

StegAlyzerAS has been found to be effective in identifying file and registry artifacts known to be associated with steganography applications by the Defense Cyber Crime Institute (DCCI).

Product highlights in StegAlyzerAS:

  • Case generation and management
  • Capability to mount and scan forensic images of storage media in EnCase, ISO, RAW (dd), and SMART formats
  • Automated scanning of an entire file system, individual directories, or individual files on suspect media for the presence of steganography application file artifacts
  • Automated scanning of the Microsoft Windows® Registry for the presence of registry artifacts associated with particular steganography applications
  • File and registry artifact evidence viewers allow the examiner to view evidence according to the percentage of artifacts that were discovered for each steganography application detected
  • Scan summary viewer allows the examiner to quickly view a statistical summary of any previous scan performed during a particular examination
  • Extensive report generation in HTML format
  • Automated logging of key events and information of potential evidentiary value
  • Integrated help feature to explain specific features and functions

Features to be incorporated in a future release of StegAlyzerAS:

  • Expanded artifact scanning capability as additional steganography applications are found and artifacts associated with those applications are added to SAFDB and RAKDB
  • Profiles of steganography applications in SAFDB to give examiners additional information about the application when artifacts of the application are detected