data recovery decrypt data encrypt data file recovery foremost recovery tool foremost utility hide files Latest Reconnaissance Scanning steganography steghide Tutorials

The best forensic tool encrypts passwords for secrets and restores files

The best forensic tool encrypts passwords for secrets and restores files

Steganography is a basic time period used to cover or conceal personal info. The info may be anything you don't need to share. Hiding private info. In the present day, most corporations use this know-how to cover sensitive content inside the image. There are alternative ways to hide personal content comparable to txt, mp3, wav, and many different formats supported by this technique. This follow is previous however still helpful. As a result of this know-how has some loopholes. These days, there are numerous tools and software program to encrypt encrypted knowledge from pictures, and steganography can also be fashionable in recovery packages. We'll present you a number of the instruments used to encrypt and decrypt your knowledge.

How steganography works: –

Every picture we see electronically, akin to cellular units, television, computer systems, incorporates some pixels. These pixels are referred to as the smallest element of the picture. Every pixel produces three to four colors. These colours are purple, inexperienced, blue, white. The RGB model is widespread in video shows and other video elements used to view an image on an digital display. These rgb fashions are added together to create a set of colours. These colours are referred to as the first complement when mixed in equal amounts. These colours create at the similar time. And when thery is combined in several quantities, different colours are shaped

As shown above, RGB creates totally different colors on the display. In binary codes it varieties totally different colours in steganography. When mixed with steganography, rgb modifications colours as proven under.

As described above, when two photographs are combined, a brand new picture is shaped. In steganography, the right bit is changed because it exhibits a very small visible impact on the picture.

As you’ll be able to see, when picture 2 hides, hides the knowledge it incorporates. When steganography modifications in the appropriate bitmap image

As proven within the higher left corner, it is a easy picture. But probably the most accurate is the picture that hides another picture. When you look rigorously at another picture within the picture above, it has encrypted knowledge. Under is a python code displaying how the image is covered in another picture.

#encoding
steg = LSBSteg (cv2.imread ("image_1.png")
new_im = steg.encode_image (cv2.imread ("image_2.jpg")) cv2.imwrite ("Desert.png", new_im )

#decode
steg = LSBSteg ("new_image.png")
orig_im = steg.decode_image ()
cv.SaveImage ("Desert.png", orig_im)

As above The code code 1 proven above is hidden in Determine 2. The above is a standard code used to hide pictures in the picture, and now we see a txt code that txt is hidden within the picture. ] steg = LSBSteg (cv2.imread ("my_image.png"))
img_encoded = steg.encode_text ("sensitive_data") cv2.imwrite ("Desert.png", img_encoded)

# decoding

im = cv2.imread ("Desert.png")
steg = LSBSteg (im)
printing ("Text Value:", steg.decode_text ())

The above is a primary code that exhibits how the text is hidden contained in the image. The above code consists of an encoded technique used to hide textual content files. Now we'll present you a number of the tools used to cover the knowledge inside the image.

Stegohide – Disguise picture picture.

Stegohide is an easy program used to hide the knowledge contained in the image. In line with an professional from the International Institute of Safety, colour frequencies aren’t modified on this program because it solely hides minor knowledge. The current model of Stegohide is zero.5.1. This program encrypts knowledge. When a consumer hides a txt file within this program, it asks for a password. A password is the important thing used to encrypt and decrypt delicate info.

  • The tool is in each Linux and Home windows, however we now have tested on Windows. It may be downloaded from: https://sourceforge.net/projects/steghide/files/steghide/0.5.1/steghide-0.5.1-win32.zip/download?use_mirror=excellmedia&download= 19659014] after downloading the Rar file. Extract the rar file and open stegohide.exe in cmd.
  • Go to cmd for this menu sort. After you right-click cmd and open cmd as administrator,

  • When you open it as an administrator. Go to / The place / You / Unzip / Stegohide. Sort dir

  • You possibly can select any picture to encrypt knowledge.
  • Sort stegohide Embed -cf Desert.jpg -ef "secret info.txt"
  • -cf utilized in cowl file
  • -ef is used to encrypt sensitive knowledge.
  • Enter the password for the password. Sort 123456 for Encryption

  • When the above question is completed, the info is now hidden. Now you possibly can delete the unique file
  • Now unzip the steghide extract -sf Desert.jpg

  • As soon as the info is accomplished, will probably be unpacked in its unique type. The above info could also be utilized in different hacking activities.
  • Sort steghide information Desert1.jpg
  • Sort y
  • Enter the password for the password. Sort 123456 for Encryption

  • Within the image above, the first command is used to examine the essential file info. And if the info is encrypted on this picture.
  • The details of the encrypted knowledge are additionally displayed by typing the password.
  • Sort steghide -encinfo to view all algorithms

  • The above question exhibits the algorithms used to encrypt the info. Figuring out each of the encryption algorithms might lack security because extra encryption may be created simply.
  • The above info used for knowledge encryption uses Rijndael-256 encryption to hide text files.
  • Sort steghide Embed -cf Desert.jpg -f -ef "secret info.txt"
  • -cf used in cowl file
  • -ef is used to encrypt delicate knowledge
    [19659014] -f replaces file.
  • Enter the password for the password. Sort 123456 for Encryption

  • When the same file is executed, it is going to be changed if the hidden text file is chnages.
  • Sort steghide -N -cf Desert.jpg -ef “secret info.txt”
  • -N does not embed the original file identify
  • -cf is used in the folder file.
  • -ef is used to encrypt encrypted knowledge.

  • The above tool is used to encrypt info with out hiding a hidden file identify. Ensure you encrypt the info using this command.
  • As in case you are making an attempt to extract knowledge, it does not decompress because it requires an embedded filename during decryption

Main – Restore files with this tool: –

Most is the second Linux utility to get well deleted files on Linux. Knowledge Recovery is a course of during which deleted or corrupted knowledge is returned. Most is an easy utility that is pre-installed on many methods. Main use has already been made for Kali Linux. In case you use different Linux Distro.

  • Sort git-clone https://github.com/korczis/foremost.gitaksid [19659014] Sort tee
  • Sort do set up
  • And when you're Kali Linux 2018.four. Simply write –

simply @ Kali: / residence / iicybersecurity / Downloads / above all -h
Jesse Kornblum, Kris Kendall and Nick Mikus earlier than version

$ [-v|-V|-h|-T|-Q|-q|-a|-w-d] [-t ] [-s ] [-k ][-b ] [-c ] [-o
] [19659051] -V – show copyright info and exit
-t – specify file sort. (-t jpeg, pdf…)
-d – join oblique block expression (for UNIX file techniques)
-i – specify input file (default is stdin)
-a – Write all headers, don’t run error detection (corrupted) files)
-w – Write solely audit file, don’t write detected files on disk
-o – set source listing (default output)
-c – set lively configuration file (foremost.conf by default)
-q – Allows fast mode. The search is performed at the boundaries of 512 bytes.
-Q – permits quiet mode.
-v – verbose mode. Document all messages on the display

  • Here is a sample pdf file check whether or not the file is restored or not.

root @ Kali: / house / iicybersecurity # ls
core Desktop Documents Downloads Music Outputs Photographs Public Pattern.pdf Fashions Movies

root @ Kali: / residence / iicybersecurity # cat pattern.pdf
% PDF-1.3
% ▒▒▒▒
1 zero obj
<<
/ Sort / Listing
/ Charts 2 zero R
/ Pages 3 0 R
>
endobj
2 0 obj
<<
/ Sort / outline
/ Rely
>
>
]] endobj
three 0 obj
<<
/ Sort / Pages
/ Rely 2
/ Youngsters

  • >
    endobj
    four 0 obj
    0
    / Sort / Web page
    / Senior three 0 R
    / Assets <<
    / font <<
    / F1 9 0 R
    >
    / ProcSet 8 zero R
    >
    / MediaBox [0 0 612.0000 792.0000] / Contents 5 zero R
    >
    endobj
    5 obj
    <
    stream
    2 J
    2 J
    2 J
    BT
    zero zero rr
    / F1 0027 Tf
    57.3750 722.2800 Td
    (simple PDF file o) Tj

    root @ Kali: / residence / iicybersecurity # ls
    core Desktop Documents Downloads Music Supply Pictures Public Sample.pdf Movies
    root @ Kali: / residence / iicybersecurity # rm sample.pdf
    root @ Kali : / house / iicybersecurity # ls
    root @ Kali: / house / iicybersecurity # ls
    core Desktop Paperwork Downloads Music Source Photographs Public Fashions Videos

    • Sort foremost -i pattern.pdf -T pdf
    • -i is used to enter a filename.
    • -T is used to enter the desired file extension. This feature is required if the directory shouldn’t be empty, from which the file is deleted.

    root @ Kali: / house / iicybersecurity # foremost -i pattern.pdf -T pdf
    Processing: stdin
    root @ Kali: / residence / iicybersecurity #

    • When the above question is accomplished, file restoration takes time.
    • Sort most -i sample.pdf -T pdf-home / iicybersecurity

    root @ Kali: / residence / iicybersecurity # above all -i pattern.pdf -T pdf-home / iicybersecurity
    Processing: stdin
    root @ Kali: / residence / iicybersecurity #

    • When the restoration is full, go to the supply listing. Sort cd-output

    root @ Kali: / house / iicybersecurity # ls
    core desktop paperwork Downloads ulostulo_Thu_Jan_31_06_08_40_2019 Photographs Public Fashions Videos
    root @ Kali: / residence / iicybersecurity # cd output ]

    • Sort ls
    • Sort cat audit.txt

    root @ Kali: / residence / iicybersecurity / output # ls
    audit.txt pdf
    root @ Kali: / house / iicybersecurity / output # cat audit.txt
    Main version of Jesse Kornblum, Kris Kendall and Nick Mikus 1.5.7
    Verification file
    Foremost started on 31.1. 06:08:13 2019
    Invitation: Above all -i pattern .pdf
    Print Listing: / residence / iicybersecurity / output
    Configuration File: /usr/local/and so on/foremost.conf P.19459012] File: pattern.pdf
    Getting Started: To 31.1. 06:08: 14 2019
    Length: 2 KB (3028 bytes)
    Num Identify (bs = 512) Measurement file deviation comment
    0: 00000000.pdf 2 KB 0
    Achieved: to 31.1. 06:08: 14 2019
    1 SUMMARY INFORMATION
    pdf: = 1
    Foremost ended on 31.1. 06:08:14 2019

    • The above audit file exhibits the file info that was returned to the file.
    • As described above, pdf has been restored with a special file identify, however the contents of the files are the same.
    • Opening file sort cd pdf
    • Sort cat 00000000.pdf

    simply @ Kali: / house / iicybersecurity / output / pdf # cat 00000000.pdf
    % PDF-1.3
    %
    1 zero obj
    <<
    / sort / record
    / outline 2 0R
    / pages three 0 R
    >
    endobj
    2 0 obj.
    <<
    / Sort / Outline
    / Rely zero
    >
    endobj
    3 0 obj
    <<
    / Sort / Pages
    / Rely 2
    endobj

    4 zero obj
    <<
    / Sort / Web page
    / Father or mother 3 zero R
    / Assets <<
    / Font <<
    / F1 9 0R
    >
    / ProcSet eight 0R
    >
    / MediaBox [0 0 612.0000 792.0000] / Contents 5 0 R
    >
    endobj
    5 zero obj
    <>
    stream
    2J
    BT
    zero rg
    / F1 0027 Tf
    57.3750 722.2800 Td
    57, 3750 722.2800 Td
    Simple PDF File) Tj

    • As you’ll be able to see, the file info is strictly the same as earlier than deleting.
  • (perform (d, s, id)
    var js, fjs = d.getElementsByTagName (s) [0];
    if (d.getElementById (id)) return;
    js = d.createElement (s); js.id = id;
    js.src = "//connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.6";
    fjs.parentNode.insertBefore (js, fjs);
    (document, manuscript, & # 39; facebook-jssdk & # 39;)) (perform (d, s, id)
    var js, fjs = d.getElementsByTagName (s) [0];
    if (d.getElementById (id)) returns;
    js = d.createElement (s); js.id = id;
    js.src = & # 39; https: //join.fb.internet/en_US/sdk.js#xfbml=1&model=v3.2&#39 ;;
    fjs.parentNode.insertBefore (js, fjs);
    (doc, script & # 39; facebook-jssdk & # 39;))