Decoding Stegbreak: A Deep Dive

Q 2.1: Please explain the weakness of stegbreak as a steganograph tool according to your experience in task 2.

            According to my experience in task 2, the weakness of Stegbreak results from the fact that an individual has to offer the manuscript with phrases to run the dictionary attack on it. It would be convenient and beneficial if Stegbreak contains a list of all the words within the application. Nonetheless, it is a useful tool for classifying data held by the JPEG.

Q 3.1: What are the major differences between Stegdetect and jphswin?

            The main difference between Jphswin and Stegdetect is that Jphswin employs a passphrase to encrypt and randomly place a message within the JPEG representation.

Q 3.2: Can you find a quick way to tell the difference between the two files “mall_at_night_S.gif” and ”mall_at_night.gif”? Please discuss ”how”!

            The best and quickest way to tell the disparity between ”mall_at_night.gif“ and ”mall_at_night_S.gif“ is by inserting both files into the XVI32 editor. The ”mall_at_night_S.gif“ is discovered to be a GIF89 box file while ”mall_at_night.gif“ is shown to be a GIF87 file. GIF89 include support for both animation and multiple images in the file. On the other hand, GIF87 is the original format for the initial images. As such, it is implicit that ”mall_at_night_S.gif” is a file that has an additional data entrenched inside it.

Q 3.3: Can you reveal the file inside ”mall_at_night_S.gif” (Using the password ”tyui”)? If not, please discuss why it cannot be revealed.

            From the analysis carried out within the lab, the file inside “mall_at_night_S.gif” could not be shown or exposed to the provided techniques. The rationale that the file could not be revealed is that the program file that was originally hidden with it was not recognized when the file was run through Stegdetect. The password ”tyui” did not work when tried. Thus, we did not have a password to reveal the concealed file when we run it through jphswin.exe.

Q 3.4: Can you use the provided software to detect in all the evidence files on whether they have files hidden inside or not? If not, why, please discuss!

            I suppose it’s possible to use it. To be exact, the XVI32 editor will show the hex code that can be used to tell the file that has been adjusted or modified.

Q 3.5: What are the strengths and weaknesses of Camouflage and jphs05? Please compare and discuss based on your experience of using the tools and the manuals.

            Jphs05 give one an opportunity to hide a file in a jpeg file only. Camouflage allows a user to conceal personal information that can easily be identified in the archives. Somewhat, each application is file-specific.