Home
Latest images
Search
Register
Log inUsing Stegdetect on Windows Drive
3 posters
Page 1 of 1
Using Stegdetect on Windows Drive
joetekno Thu Feb 19, 2009 9:29 pm
To use Stegdetect on a mounted Windows Drive do the following:
NOTE: I always use a physical write blocker before conducting any forensic investigation.
Mount the drive (example of a 20 GB hard drive)
Start... Places... [20.0 GB media]
Verify the device has been mounted read only
Open a terminal windows, type "mount", device should be read only
(example output /dev/sda1 on /media/sda1 type ntfs (ro, noexec, nosuid...)
Create a symbolic link to the directory you are analyzing on the hard drive if it contains any spaces (ie /media/sda1/Documents and Settings/Student/Pictures)
In your terminal window...
type: cd Desktop <press enter key>
type: ln -s /media/sda1/Documents\ and\ Settings/Student/Pictures steg
Open the Caine Interface
"Start"... CAINE... Caine Interface
Click Create Report
Select Analysis
Click Stegdetect
Click input directory
Click file system...home...caine...Desktop...steg
Click OK
Click Run Steg detect
NOTE: I always use a physical write blocker before conducting any forensic investigation.
Mount the drive (example of a 20 GB hard drive)
Start... Places... [20.0 GB media]
Verify the device has been mounted read only
Open a terminal windows, type "mount", device should be read only
(example output /dev/sda1 on /media/sda1 type ntfs (ro, noexec, nosuid...)
Create a symbolic link to the directory you are analyzing on the hard drive if it contains any spaces (ie /media/sda1/Documents and Settings/Student/Pictures)
In your terminal window...
type: cd Desktop <press enter key>
type: ln -s /media/sda1/Documents\ and\ Settings/Student/Pictures steg
Open the Caine Interface
"Start"... CAINE... Caine Interface
Click Create Report
Select Analysis
Click Stegdetect
Click input directory
Click file system...home...caine...Desktop...steg
Click OK
Click Run Steg detect
joetekno- Number of posts : 50
Località : Wisconsin, United States
Registration date : 2009-02-19 -
Re: Using Stegdetect on Windows Drive
Giancarlo Thu Feb 19, 2009 10:30 pm
Thank you so much... Very detailed!
Giancarlo- Number of posts : 76
Age : 41
Località : Modena, Italy
Registration date : 2008-10-26 -
Re: Using Stegdetect on Windows Drive
putosusio Thu Nov 04, 2010 6:54 am
Joe:
Is this assuming you know stenography was used or simply run to the tool to see if it was used? I've read a little about stenography and from what I remember the tool that was used to do the stenography has to be used to "decipher" the file. Is that not the case?
Is this assuming you know stenography was used or simply run to the tool to see if it was used? I've read a little about stenography and from what I remember the tool that was used to do the stenography has to be used to "decipher" the file. Is that not the case?
putosusio- Number of posts : 4
Registration date : 2010-11-04
Similar topics» Free Windows Drive tools
» Caine 2.0 on a USB flash drive
» Using CAINE and AIR to wipe a drive
» Hard Drive Recovery
» Problem of Security Hadr Drive. Please Help
» Caine 2.0 on a USB flash drive
» Using CAINE and AIR to wipe a drive
» Hard Drive Recovery
» Problem of Security Hadr Drive. Please Help
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum