Technical Tuesday – 21 February 2012 – An Introduction to the (Ninja) Art of Data Carving and Steganography by Keith Bertolino
Since 2001 we’ve all heard the media buzz about “nameless U.S. officials” claiming that terrorists and foreign intelligence services have been using “steganography” applications to facilitate covert communication between their operatives. Steganography applications attempt to conceal digital data within other benign-appearing digital files. However, it wasn’t until June of 2010, when the FBI caught a ring of Russian spies in DC, that steganography really entered the limelight. That summer, it was openly confirmed that these spies had, in fact, been communicating with Moscow via covert communication channels afforded to them through custom-written steganography applications.
Although equally mysterious and intriguing, data carving, which is the art of recovering deleted files from unallocated disk space, sees even less media attention than steganography. However, it typically plays a critical role in almost every digital forensic examination.
During this presentation, we will discuss the conceptual fundamentals of both steganography and data carving techniques and will unveil exactly how the underlying algorithms work. With an eye toward understanding underlying methodology instead of tool sets, come learn how these technologies really work. You’ll leave with new insight affording you the ability to pick better tools for the job or, better yet, the knowledge to begin writing your own.
Presented by: Keith Bertolino of Cipher Tech Solutions, Inc.
Keith Bertolino is the co-founder and CEO of Cipher Tech Solutions, Inc. (Cipher Tech). Cipher Tech is a 17-person software engineering and technical solutions firm which primarily supports the Defense and Intelligence Communities. Cipher Tech engineers pride themselves in tackling some of the toughest problems in the industry; from reverse engineering advanced malware to developing custom tools in direct support of digital forensic operations and various “black” programs.
In 2008, Keith conducted research on steganography jamming techniques while attending Northeastern University as an undergrad. The research was presented at the May 2008 Homeland Security conference and was published in the August 2008 international IEEE periodical “Spectrum” under an article titled “Spy vs Spy.”
Additionally, Keith conducted graduate research in 2009 focusing on advancing data carving algorithms and published a master’s thesis on the topic titled “FoRCE: Forensic Recovery Carving and Extraction.”