Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact email@example.com.
This paper presents a method that can be used to detect HYDAN based steganography. This is simply an initial means and should be improved if it is to be used in any serious endeavor. To do this, the code could be compiled into a single program that incorporates the disassembly and comparison in a single binary. This would then return a value for those segments that have embedded data.
In this paper I shall give a brief definition of steganography and steganalysis in general to provide a good understanding of these two terms, but more importantly, I shall talk about how to detect the existence of hidden information such as innocent looking carriers of digital media like text, JPEG images, and MP3 audio files with the help of various tools.