Data Hiding Steganography Obscuring Forensics Analyst Investigation

Abiodun Charles Oloye, UP2098107, MSC Cyber Security & Forensic Information Technology.  Student at the University of Portsmouth


The habit of concealed techniques started significantly during the time of the Second World War, in which the military devised several ways to send discreet and covert operations through mere-looking images. The rise in insecurity over recent development has led to lots and diverse means of securing data and information (Wojciech et al., 2018). Securing data is crucial in this information transmission and is highly important. The integration of cryptographic algorithms with Steganography techniques and message authentication gives superior security to the conventional methods of merely encrypting communication, known as steganography (Kotkar et al., 2022). Communication that is encrypted takes place across a secret pathway. This type of communication is only known to the sender and recipient who are directly involved in it.This type of communication is only known to the sender and recipient who are directly involved in it (Kavitha et al., 2022).As a result, this will thwart any easy attempts to analyze the presented data. Multimedia file compression is designed to speed up encoding and use up less storage space. Peradventure, ifhackers and forensic investigators gain access to the channel, they will not be able to decrypt the original material, which exposes the recipient’s essential information and communication times, opening the communication up to interruption, disruption, or hijacking. The “Snoop-tag” concept, which combines potent steganographic technology with the Advance Encryption Standard (AES) algorithm and the Astronomical File System (APFS) Protocol (Kavitha et al., 2022), is suggested as a solution to this problem (decentralizing the cloud storage system).Additionally, the image file will also only be accessible viathe cloud for a brieftime before being changed to a regular image. Data integrity and data security are ensured since the data are not easily retrievable even to the forensic analyst. This makes investigators’ work more tedious and difficult. The blockchain network is employed as a solution to this problem as a safe means of transmitting picture files. There are numerous reasons why blockchain is employed. One is an open, distributed record, so if a system records the transaction, which cannot be translatedor altered. It is a decentralized network, which means it will need a medium to manipulate the transcript, and if any one of the systems malfunctions, the data is not missing, or changed. Additionally, the operation’s legitimacy is established by the specific network members who are involved in the process. Ethereum is one of the most extensively used blockchain infrastructures. It is well renowned for its open-source, intelligent, and decentralized functional contract (Juha et al. 2018.


This section discusses various steganography techniques for secure data transmission as well as how steganography interacts with various image and text formats.

2.1 Background

Until the period from the early 1990s until around 2001, the majority of academics saw information concealing as a pertinent research area. However, once fresh incidents emerged in which information hiding was successfully used for harmful objectives, applied researchers, security and forensic experts turned their attention back to this research subject. The employment of covert methods to enable stealth contact between terrorists/criminals and cybercriminals is perhaps the biggest worry in Forensics space today. Data concealing can be done with a variety of multimedia items, including images, text files, audio files, and videos (Kavitha, et al. 2022). The Least Significant Bit and differentiation method was chosen for this project because it was shown to be superior and less complicated than other methods like Pixel Value Differencing when several data hiding strategies for steganography were compared. The least significant bit differentiation strategy was thoroughly discussed, and evaluated, based on a number of performance metrics, and its suggested specific scheme was presented, which is cited in this project, image steganography is elaborated along with its uses. This implies that seemingly benign network data actually contains concealed data. In addition to being appropriate for long-term covert data leaking, network information concealing can also be employed by malware as a form of

manipulation to hide its command, and control communication (alternatively, information can be concealed), for example, hackers consistently targeting an organization persistently, over a period of time. Information can also be protected with cryptography by changing the secret data into a different form using a variety of computations and algorithms. Features like non-repudiation, integrity, confidentiality, authentication, and various others are available with cryptography. Encryption in this process turns plaintext data into a cryptogram, while decryption converts the encrypted message back to plain text (see Appendix A). The communication is encrypted using solid, dependable techniques, and its existence is concealed using the Steganography approach, combining Cryptography and Steganography (Hybrid), to protect the data. Adding message authentication with the HMAC algorithm assures message secrecy and validity. By using the concepts of rotation and flips, a different approach to LSB encoding (Schiavone et al., 2016).According to, low dissipation DWT image compression can speed up and reduce the time it takes to process images (Mishra et al.,2016). However, the cryptography concept is described (Hadipour et al., 2020) along with its benefits and uses, as a crucial step in safeguarding data transmission is data encryption, which can be accomplished using a variety of symmetric cryptographic methods such as DES, AES algorithm was chosen over Blowfish after evaluations of its performance on several criteria, including different sorts of loads and reaction times, and its potential for attacks, security flaws, and efficiency (Nurgaliyev et al., 2021) and (Yassein et al., 2017).Nevertheless, the crime rate using encrypting messages has increased over time. Fig. 1.0 below depicts the proportion of malware having information-hiding capabilities between 2011 and 2016 relative to the overall amount of malware found with malicious software (the past information gathered by the Criminal Use of Information Hiding Initiative)

Fig. 1.0. Malware histogram for information hiding from 2011 to 2016.

2.2 Critical Analysis of Text/Image and Featured-based Steganography

2.2.1 Text-Steg/Image

Text steganography conceals communications by manipulating text elements like words, space, lines, and other characters in sentences of writing. The two types of text steganography techniques mentioned in this paper are feature and Text form steganography.A Text-Steg technique is known when the hidden message is used to change word patterns in the text. In contrast, an approach known as “feature-Steg” adjusts a text’s distinguishing feature characteristicbased on a code word. It might have a little incline to it, shorten or prolong the code word, or combine text data that contains portions of a secreted message. The image below displays a performance analysis of text steganography. Fig 2.0.

Fig 2.0 Analysis of Text-Steganography

The method, such as line-shift coding, is highly effective in concealing the concealed message, utilizing a second line that shifts and a special curved method. (Roy and Manasmita, 2011). Additionally, several word-coding techniques, such as the integrated inter-character approach and the distribution technique (Singh et al., 2009), have good performance. Performs admirably when it comes to disguising the secret text. The second benefit is that the methods can conceal a significant number of hidden messages in text, which incorporate it using word-shift coding. Finally, the benefits of such methods (Singh et al., 2009), particularly the length image word strategy, which is excellent for altering images (Utama et al., 2017).

However, there are a few drawbacks as well. The first is that many word-based solutions have a low level of security vulnerability. Additionally, in word coding (Nasab and Shafiei, 2011), as well as the modificationdimension in the picture method, some of the approaches are very unprotected and have low-security defense and can easily be detected by others despite the challenges of steganography (how to conceal messages and make it impractical to detect) (Roy and Manasmita, 2011). Therefore, if changes are made to the text, any hidden messages that may have been present will be gone. This drawback was present in the next level-shift approach and the exclusiveformpractice(Utama et al., 2017).

2.2.2 Feature-Steg

The characters are typically changed through a feature-based approach, which also manipulates the form, size, and placement of the feature about the font’s structure in the text. The reader is unable to discern the text’s secret content as a result (Roy and Manasmita, 2011). The two types of feature-Steg techniques are language-typed (this can be a particular tribe language) and letter-typed (using the letter A-Z, which is a letter-structured language) (Kotkar et al., 2022). Several categories of feature-based techniques frequently come to somewhat similar conclusions as the categories of word-rule-based techniques that are described. The feature-Steg method also has three advantages over the word-based method. It hasa high-performance implementation, which includes quick process embedding in the English-based ECR technique (Kataria et al., 2013), high indiscernibility in the reversed Fatah technique (Memon et al., 2008), typical perfect transition in Hindi (Changder et al., 2009), and a back-end interface web page in the letter-based technique (Mahato et al., 2013).Another feature considered in the feature-based techniques such as the Deoxyribonucleic Acid (DNA) technique (Reddy et al., 2014) and the reversed messages (Memon et al., 2008), vertical displacement technique can embed concealed text in enormous quantities (Odeh et al., 2012). Chain coding technique and Hindi-based particular matra technique (Changder et al., 2010), theSecret Steganography Code for Embedding(SSCE) approach uses all of the letters in English alphabets as the medium of the secret message (Alam and Naser. 2014), while the feature-based technique is more useful for letter English based on employing hypertext in markup letter technique (Sui and Luo, 2014), and for the Secret steganography technique, the medium of the concealed message will be an all-caps English font. (Banerjee et al., 2011), and has executedfortification in embedding the secreted message such as (Zhang et al., 2006) arithmetical code technique in Hindi based (Pathak, 2010). On the other hand, there are disadvantages, the techniques that are simple to spot, including different shapes of subheadings,quadruple depiction, and vertical conventional lines (Dulert et al. 2011), are some drawbacks of feature-based approaches. However, there were a number of techniques that were simple to exploit that might erase the secret message, including retyping in Arabic based on the inverted technique (Memon et al., 2008), vertical point displacement (Odeh et al., 2012), and a particular mantra approach (Changder et al., 2009). There is an issue with the algorithm’s implementation when employing machine translation based on English (Stutsman et al., 2006), as well as the FSM technique based on Hindi (Changder et al., 2007).

Fig. 2.1. Performance Evaluation of Future-Steganography

There are many other propounded solutions available but research and technological evolution have helped forensic analysts overcome this daunting task. Table 1.0 shows critical analyses that summarize recent research on solution limitations

ReferenceApplicationResearch and Solution FocusLimitations
(Singh et al, 2009)Text-StegUniqueness used of letters and different modifications and styleDegradation of the image during analysis and hiding short messages within the size of the extensive file
(Kataria et al., 2013),Future-Steg (primitive)English-based ECR techniqueThere is an issue with the algorithm’s implementation when employing machine translation based on English
(Reddy et al., 2014)Feature-StegDeoxyribonucleic Acid (DNA) techniqueSimple to exploit that might erase the secret message, including retyping in Arabic based on the inverted
(Dulert et al. 2011)Feature-StegExtractor program which extracts data from the stego textSimple to spot, including vertical lines, different shapes of fonts subheading, and quadruple depiction.
(Aman et al., 2017)Hybrid text-Steg (Cryptography and Steganography)Syntactic means to camouflage a secret message string by recognizingsuitable places for the embedding of hypertexts.Dual-modality environments like Pencil Code and Tiled Grace give learners the ability to joggle back and front between the text-Steg and block-based varieties of their works.
 Table 1.0 Some Available Solutions Critical Analysis.


This is to design a robust algorithm by using random and cybernetic bit-plane embedding as opposed to stationary layer embedding, value amendment techniques as opposed to direct bit replacement, and embedding in specific regions as opposed to consecutive pixels/samples. Maintain imperceptibility by adjusting bits and considering how people perceive things, and Increase capacity by inserting compressed data and multiple bits into 24-bit text and images. To assess whether a communication is secure and, consequently, whether a steganographic procedure has been successful Read the embedded message, and show that the message was intentionally embedded. The process of detection entails analyzing connections between different cover, message, stego-media, and steganography tool combinations. Passive observation can be used to accomplish this. This method, which is discussed in this section, has been used in numerous research investigations. the entire work aims to lower the rate of inverse proportion between the three steganography issues. Different Image Quality Assessment Metrics (IQAMs) (e.g., PSNR, NCC, LMSE), Bit-plane analysis, statistical tests (histogram differences, Chi-square attack), structural attacks (SP, WS, etc.), various steganography analysis attacks like RS attack, are used to evaluate the performance of the proposed method. For analyzing the performance of the suggested method based on various factors, FTK Imager, a common forensic tool, is employed. And the capacity of the stego image based on BMP is used to gauge how secure the methods are.

3.1 Materials Used

1. Steganography tool: XIAO 2.6.1. Xiao Steganography is a technology used to shield the confidentiality, availability, and integrity of data by hiding secret evidence from unauthorized users. Free software called steganography can be used to cover up hidden files in WAV or BMP files. This program is simple to use because it can be downloaded and used. Its interface can be expanded with any BMP picture or WAV file. The desired file is then added after that. Additionally, Xiao offers encryption. Numerous algorithms are available, as depicted below in Fig3.0b

Fig. 3.0aXiao Steganography tool

The different processes that demonstrate encoding and decoding as accomplished by Xiao are as follows:

2.  The multiple bits into 24-bit images.XIAOsteganographic tools used data compression without dissipation, such as 8-bit or 24-bit color, and pulse code modulation, Xiao-Tools can use the least significant bit substitution. XIAO tool encrypted data with the Data Encryption Standard (DES), International Data Encryption Algorithm (IDEA), and Hashing Algorithm (HA). A text file was added which uses a significant bit of randomization and was encrypted with a password, which was only known by the receiver.

Fig. 3.0bEncryption Options

3. Fig 3.1 depicts our original download target file. This was selected and would conceal our secret data. By selecting the Add File button in Fig. 3.5, we were able to select our confidential data, which was embedded in our target file. The remaining size is mentioned in Kilobyte (See Appendix B). This implies the maximum size for adding files containing the secret data.

Fig 3.1 Original Image downloaded
Fig. 3.2 The properties of the image
 Fig 3.3 The secret Text Image

4. The original downloaded image was converted and saved to a bitmap (BMP) in order to compress the size and reduce the multiple bits into 24-bit images.XIAOsteganographic tools used dissipationcompressions, such as 8-bitor 24-bit color and pulse-code variation, Xiaotool used the least significant bit substitution. XIAO tool encrypted data DES, IDEA, and HA. A text file was added which uses a significant bit of randomization and was encrypted with a password, which was only known by the receiver

Fig 3.4 Final encrypted message image

5.The receiver must now select the Extract file choice at the decryptinglevelfrom the Xiao tool if a verified user wants to retrieve the cover image or the secret message from the destination file. The target file or cover picture that was utilized to encrypt private information is the same as this one.

Fig. 3.5 Decrypted secret message.

The chain activities of the file description were shown above to depict that the receiver could decrypt the files and was able to get the sent code.


This was done using a familiar forensic tool, FTK Imager. FTK imager was able to capture the encrypted message but was unable to ‘reveal’ the secret message hidden in the encrypted file.  Only have the image, but not the text file.

Fig 4.0 FTK Imager output

FTK Imager did not display the text document at all. This shows that the tool is basic and unable to handle this kind of encrypted level. It only seems we need the same steganography tool that was used to hide the image. Alternatively, steganography detection software packages like Whetstone, StegoHunt steganography, and data concealment tools are readily available.


 In conclusion, it is imperative that despite the development to close the gray areas in forensic analysis, the advent of technology is widening the gaps and creating loopholes for nefarious activities, and increasing the time of forensic investigations. It would be good to have a unique tool that combines steganography and forensic tools to reduce manpower lost time and make the investigator conclusive evidence on forensic issues. It would be a great idea if policymakers, public agencies, law enforcement, technology researchers, the security industry, and academics should collaborate to develop unique products, compliable operating systems, and asynchronous forensic tools to help the safety and security of society in order to safeguard businesses and citizens in light of the forensic issues previously described.


[1] Juha Partala “Provably Secure Covert Communication on Blockchain”, Cryptography 2018, 2, 18; doi: 10.3390/cryptography2030018, received: 29 June 2018; Accepted: 13 August 2018; Published: 20 August 2018

[2]. V. Kavitha, G. S. Sruthi, B. Thoshinny, and S. R. Riduvarshini, “Stagchain – A Steganography based Application Working on a Blockchain Environment,” 2022 3rd International Conference on Electronics and Sustainable Communication Systems (ICESC), 2022, pp. 674-681, doi: 10.1109/ICESC54411.2022.9885394.

[3]. A. Kotkar, S. Khadapkar, A. Gupta and S. Jangale, “Multiple layered Security using combination of Cryptography with Rotational, Flipping Steganography and Message Authentication,” 2022 IEEEInternational Conference on Data Science and Information System (ICDSIS), 2022, pp. 1-5, doi: 10.1109/ICDSIS55133.2022.9915922.

[4]. A. Hadipour and R. Afifi, “Advantages and disadvantages of using cryptography in steganography,” 2020 17th International ISC Conference on Information Security and Cryptology (ISCISC), 2020, pp. 88-94, doi: 10.1109/ISCISC51277.2020.9261921.

[5] A. Nurgaliyev and H. Wang, “Comparative study of symmetric cryptographic algorithms,” 2021 International Conference on

Networking and Network Applications (NaNA), 2021, pp. 107-112, doi: 10.1109/NaNA53684.2021.00026.

[6] M. B. Yassein, S. Aljawarneh, E. Qawasmeh, W. Mardini and Y. Khamayseh,”Comprehensive study of symmetric key and asymmetric key encryption algorithms,” 2017 International Conference on Engineering and Technology (ICET), 2017, pp. 1-7, doi: 10.1109/ICEngTechnol.2017.8308215.

[7] E. Schiavone, A. Ceccarelli and A. Bondavalli, “Continuous Authentication and Non-repudiation for the Security of Critical Systems,” 2016 IEEE 35th Symposium on Reliable Distributed

Systems (SRDS), 2016, pp. 207-208, doi: 10.1109/SRDS.2016.033. [8] Roy, S. and Manasmita, M. (2011). A novel approach to format-based text steganography. In Proceedings of the 2011 International

Conference on Communication, Computing & Security, pages 511–516, New York, NY, USA. ACM.

[9] Singh, H., Singh, P., and Saroha, K. (2009). A survey on text-steganography. In Proceedings of the 3rd National conference; INDIACom–2009 Computing for Nation Development, pages 26–27, New Delhi, India.

[10] Sui, X.-G. and Luo, H. (2014). A new steganography method based on hypertext. In Radio Science Conference, 2004. Proceedings. 2004 Asia-Pacific, pages 181–184.

[11] Liu, M., Guo, Y., and Zhou, L. (2009). Text steganography based on online chat. In Intelligent Information Hiding and Multimedia Signal Processing, 2009. IIH–MSP ’09. Fifth International Conference on, pages 807–810.

[12] Yang, H. and Kot, A. (2004). Text document authentication by integrating inter character and word spaces watermarking. In Multimedia and Expo, 2004. ICME ’04. 2004 IEEE International Conference on, volume 2, pages 955–958.

[13] Nasab, M. V. and Shafiei, B. M. (2011). Steganography in programming. Australian Journal of Basic & Applied Sciences, 3(12):1496–1499.

[14] Changder, S., Das, S., and Ghosh, D. (2010). Text steganography through Indian languages using feature coding method. In ICCTD 2010 – 2010 2nd International Conference on Computer Technology and Development, Proceedings pages 501– 505.

[15] Changder, S., Debnath, N., and Ghosh, D. (2009). A new approach to Hindi text steganography by shifting matra. In Advances in Recent Technologies in Communication and Computing, 2009. ARTCom ’09. International Conference on, pages 199–202, New Delhi, India.

[16] Dulera, S., Jinwala, D., and Dasgupta, A. (2011). Experimenting with the novel approaches in text steganography. International Journal of Network Security & Its Applications, 3(6):213–225.

[17] Odeh, A., Alzubi, A., Hani, Q., and Elleithy, K. (2012). Steganography by multipoint arabic letters. In Systems, Applications and Technology Conference (LISAT), 2012 IEEE Long Island, pages 1–7.

[18] Memon, J. A., Khowaja, K., and Kazi, H. (2008). Evaluation of steganography for Urdu/Arabic. Journal of Theoretical & Applied Information Technology, 4(3):232– 237.

[19] Stutsman, R., Atallah, M., Grothoff, C., and Grothoff, K. (2006). Lost in just the translation. In Proceedings of the 2006 ACM Symposium on Applied Computing, pages 338–345. ACM.

[20] Banerjee, I., Bhattacharyya, S., and Sanyal, G. (2011). Novel text steganography through special code generation. In Proceedings of International Conference on Systemics, Cybernetics and Informatics (ICSCI-2011), pages 298–303.

[21] Pathak, M. (2010). A new approach for text steganography using Hindi numerical code. International Journal of Computer Applications, 1(8):56–59.

[22] Zhang, W., Zeng, Z., Pu, G., and Zhu, H. (2006). Chinese text watermarking is based on occlusive components. In Information and Communication Technologies, 2006. ICTTA ’06. 2nd, volume 1, pages 1850–1854.

[23] Utama, Sunariya, Roshidi Din, and MassudiMahmuddin. “The Performance Evaluation of Feature-Based Technique in Text Steganography.” J. Eng. Sci. Technol 12 (2017): 169-180.

[24] Rana, A., Sharma, S., Nisar, K., Ibrahim, A. A. A., Dhawan, S., Chowdhry, B., … & Goyal, N. (2022). The Rise of Blockchain Internet of Things (BIoT): Secured, Device-to-Device Architecture and Simulation Scenarios. Applied Sciences, 12(15), 7694.

[25] Aman, M., Khan, A., Ahmad, B., &Kouser, S. (2017). A hybrid text steganography approach utilizing Unicode space characters and zero-width character. International Journal on Information Technologies and Security, 9(1), 85-100.

[26] Wojciech Mazurczyk, Steffen Wendzel. Communications of the ACM, January 2018, Vol. 61 No. 1, Pages 86-94

[27] Mishra D. K. Nayak M. K. & Joshi A. (2018). Information and communication technology for sustainable development: proceedings of ict4sd 2016. volume 1. Springer.

DISCLAIMER: Comments expressed here do not reflect the opinions of FraudXpose or any employee thereof.

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.