YCEP Day 3: Hiding and extracting information

Notes:

- Forensics: how was the impact or damage determined

- Acquisition, analysis, documentation, presentation

- Forensic tool kit (FTK)

- Reconstructing the image: make sure there is no tampering, get a golden copy

- GUI: graphic user interface

- Encryption: make things secure and you can decrypt to get the file back

- Hashing: used for comparing but cannot get it back (defend against man in the middle attacks, compare to find any tampering)

- Slack space: put in secret information into files which others can’t see (an important form of evidence in the field of forensic investigation. Often, slack space can contain relevant information about a suspect that a prosecutor can use in a trial)

- HxD

- Multihasher

- Autopsy

- WireShark

Using autopsy to analyze images in forensics:

Hiding and extracting hidden information(Steganography) from an image(jpeg):

~17 June 2021