A new version of the Steganography Application Fingerprint Database (SAFDB) containing the file artifacts of more than 750 steganography applications will be created by Nov 30th.
SAFDB was developed in Backbone’s Steganography Analysis and Research Center (SARC) and is now widely recognized as the world’s largest database of hash values exclusive to digital steganography applications.
SAFDB is an integral part of StegAlyzerAS (Steganography Analyzer Artifact Scanner) and StegAlyzerRTS (Steganography Analyzer Real-Time Scanner).
StegAlyzerAS is a computer forensics tool used to detect the presence of steganography applications on seized media. In addition to detecting file artifacts, StegAlyzerAS offers the unique capability to detect Windows Registry artifacts (i.e., keys and/or values). This makes it possible to determine if a particular steganography application was ever installed by the user even if the user uninstalled the application and then deleted the files and folders associated with the application that were created in the installation process.
StegAlyzerRTS is a network security appliance that detects insiders downloading any of the applications in SAFDB in real-time.
SAFDB contains seven different hash values for each file artifact associated with each steganography application in the SARC’s steganography application archive. The hash values were computed with the CRC-32 and MD-5 hashing algorithms plus all five of the algorithms specified in FIPS 180-2, Secure Hash Standard—SHA 1, SHA 224, SHA256, SHA 384 and SHA 512.
SAFDB also includes the artifact file name, file size, associated application name, in addition to other information about each file and application.
Current plans call for the creation of new versions of SAFDB in each quarter of CY2010 with each version containing information on all file artifacts associated with at least 25 more steganography applications than the previous version.
Subscribe to:
Post Comments (Atom)
Great post guys. Good luck with the tools!
ReplyDelete