Computer Hacking Forensic Investigator (CHFI v10) — Question 405

An organization is concerned about potential attacks using steganography to hide malicious data within image files. After a recent breach, the incident response team found that an attacker had managed to sneak past their defenses by hiding a keylogger inside a legitimate image. Given that the attacker has knowledge of the organization’s steganography detection techniques, which method of steganalysis would likely be the most effective in detecting such a steganographic attack in the future?

Answer options

• A. Chi-square attack, where the analyst performs probability analysis to test whether the stego object and original data are identical
• B. Known-message attack, where the analyst has a known hidden message in the corresponding stego-image and looks for patterns that arise from hiding the message
• C. Known-stego attack, where the analyst knows both the steganography algorithm and original and stego-object
• D. Chosen-message attack, where the analyst uses a known message to generate a stego-object in order to find the steganography algorithm used

Correct answer: D

Explanation

The Chosen-message attack is the most effective method because it allows the analyst to manipulate the input and observe how the steganography algorithm alters the output, revealing the presence of hidden data. The other methods, while useful, either rely on existing knowledge of messages or patterns without the ability to test and adapt to the specific techniques used by the attacker.