Digital Forensics
Due Monday, April 8

Assignment 1: A very simple example of steganography

Your assignment is to analyze this picture:

The original is at https://en.wikipedia.org/wiki/Main_Page#/media/File:Deerfire_high_res.jpg. Clearly, the two pictures appears to very similar, but doing a sha1sum shows that the files are clearly different:

$ diff Deerfire_high_res.jpg deerfire.jpg 
Binary files Deerfire_high_res.jpg and deerfire.jpg differ
$ sha1sum Deerfire_high_res.jpg deerfire.jpg 
ce30a7f9b7706d3c1733393ad4150f93b56b1a4d  Deerfire_high_res.jpg
30a4bb865637fda8e95f3e032fd1146d9414cf21  deerfire.jpg
  

I would recommend that you use your Caine image in the lab to do this analysis, since it does have the software to do this analysis (indeed, I created this via a Caine image running under QEMU.)

Please turn in your write-up at the beginning of class on Monday, April 8.