Enforce File Permissions

A subject modifies the modified, accessed, created (MAC) file time attributes to hide new files or obscure changes made to existing files to hinder an investigation by removing a file or files from a timeframe scope.

nTimestomp is part of the nTimetools repository, and it provides tools for working with timestamps on files on the Windows operating system. This tool allows for a user to provide arguments for each timestamp, as well as the option to set all timestamps to the same value.

Linux has the built-in command touch that has functionality that allows a user to update the access and modified dates of a file. The command can be run like this:

touch -a -m -d ‘10 February 2001 12:34' <file>

The argument -a refers to the access time, -m refers to the modify time, and -d refers to the date applied to the target file.

A subject may search for, or otherwise explore files on a Network Attached Storage (NAS) device to identify sensitive information.

A subject may search for or otherwise explore files on a Collaboration Platform (such as SharePoint, OneDrive, Confluence, etc) to identify sensitive or valuable information.

A subject uses image steganography to hide data in an image, to exfiltrate that data and to hide the act of exfiltration.

Image steganography methods can be categorised based on how data is embedded within an image. These methods vary in capacity (amount of data stored), detectability (resistance to steganalysis), and robustness (resistance to compression or modification). Below are the primary techniques used:

Least Significant Bit (LSB) Steganography

• One of the most common and simple methods.
• Modifies the least significant bits (LSBs) of pixel values to encode secret data.
• Minimal visual impact since changes occur in the lowest bit planes.

How it works:

• Each pixel in an image consists of three color channels (Red, Green, and Blue).
• The LSB of each channel is replaced with bits from the hidden message.

Example:

• Original pixel: (10101100, 11011010, 11101101)
• After encoding: (10101101, 11011010, 11101100)
• Only minor changes, making detection difficult.

Advantages:

• High capacity when applied to all three channels.
• Simple and easy to implement.

Disadvantages:

• Highly susceptible to detection and compression (JPEG compression removes LSB changes).
• Easily detected by statistical analysis methods.

Masking and Filtering Steganography

• Works similarly to watermarking by altering the luminance or contrast of an image.
• Best suited for lossless formats like BMP and PNG, not JPEG.

How it works:

• Hidden data is embedded in textured or edge-rich areas to avoid easy detection.
• Modifies pixel intensity slightly, making it harder to detect through simple LSB analysis.

Advantages:

• More robust than LSB against lossy compression and scaling.
• Works well for grayscale and color images.

Disadvantages:

• Lower capacity than LSB.
• More complex to implement.
   

Transform Domain Steganography

• Instead of modifying pixel values directly, this technique embeds data in frequency components after applying a mathematical transformation.

Types of Transform Domain Methods:

a. Discrete Cosine Transform (DCT) Steganography

• Used in JPEG images, where data is embedded in DCT coefficients instead of pixels.
• Common algorithm: F5 steganography (JSteg is an older, less secure method).

How it works:

• The image is converted to frequency domain using DCT.
• The hidden data is embedded in the mid-frequency DCT coefficients to avoid detection.
• The image is recompressed using JPEG encoding.

Advantages:

• Resistant to LSB steganalysis.
• Works with JPEG, making it more practical.

Disadvantages:

• Lower data capacity than LSB.
• Can be detected by statistical steganalysis.

b. Discrete Wavelet Transform (DWT) Steganography

• Uses wavelet transformation to embed data in high or low-frequency components.

How it works:

• The image is broken into multiple frequency bands using DWT.
• Data is embedded in high-frequency coefficients, ensuring robustness.
• Common in medical image steganography for secure data transmission.

Advantages:

• More robust against compression and noise than DCT.
• Can embed more data than traditional DCT methods.

Disadvantages:

• Requires more complex computation.
• Can be detected by advanced steganalysis tools.

c. Fourier Transform-Based Steganography

• Uses Fast Fourier Transform (FFT) to embed secret data in the frequency spectrum.
• More resistant to image processing operations like scaling and rotation.

Advantages:

• High robustness.
• Harder to detect using common LSB-based analysis.

Disadvantages:

• Requires complex processing.
• Limited in data capacity.

Palette-Based and Color Modification Techniques

a. Palette-Based Steganography (GIF, PNG)

• Modifies indexed color tables instead of pixels.
• Works by shifting palette entries in GIF or PNG images.

Advantages:

• No direct pixel modifications, making it hard to detect visually.

Disadvantages:

• Can be detected by comparing original and modified color palettes.
• Limited to certain file formats.

b. Alpha Channel Manipulation

• Uses transparency layers in images (e.g., PNG with alpha channels) to store hidden data.

Advantages:

• Harder to detect in images with multiple layers.

Disadvantages:

• Only works in formats supporting alpha transparency (PNG, TIFF).

Edge-Based and Texture-Based Steganography

a. Edge Detection Steganography

• Embeds data only in edge regions of an image, avoiding smooth areas.
• Uses Canny edge detection or similar algorithms.

Advantages:

• Harder to detect using basic LSB analysis.
• Can withstand minor modifications.

Disadvantages:

• Requires pre-processing.
• Lower capacity than LSB.

b. Patchwork Algorithm

• Uses redundant patterns to embed data, making detection harder.
• Works well for texture-rich images.

Advantages:

• High resistance to compression and cropping.

Disadvantages:

• Complex encoding and decoding process.

Spread Spectrum and Noise-Based Techniques

a. Spread Spectrum Steganography

• Mimics radio communication techniques, distributing data across the entire image.
• Uses pseudo-random noise patterns to hide data.

Advantages:

• Harder to detect due to randomness.

Disadvantages:

• Lower data capacity.

b. Statistical Steganography

• Alters color distributions or histogram properties to encode data.
• Ensures changes remain within natural variations.

Advantages:

• Very stealthy and hard to detect.

Disadvantages:

• Limited data capacity.

Adaptive and AI-Based Steganography

• Uses machine learning to optimize embedding locations.
• Adaptive algorithms select least noticeable areas dynamically.

Advantages:

• Extremely stealthy and resistant to detection.

Disadvantages:

• Requires computational power.

Comparison Table of Image Steganography Methods