README.md

Section-1 (Steganography)

Welcome to the first section of Learners' Space: Introduction to Digital Forensics!

This time, we're going to be dealing with Steganography. It is basically hiding a (secret) message inside something (possibly, another message). It may be physical or digital, on paper or image/audio.

So there's a difference between cryptography and steganography. Cryptography is the practice of protecting the message alone whilst steganography is concerned with concealing the fact that a secret message is being sent. The advantage of steganography over cryptography is that the secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable they are, arouse interest and may in themselves be incriminating in countries in which encryption is illegal (see https://www.gp-digital.org/world-map-of-encryption/).

Password lists

One of the ways to get the password of an account/file would be to get them through victim, either directly (hey, what's your insta password?) or some clever act like social engineering. That might seemed old-fashioned relative to "newer" methods. Attempting to crack passwords by trying as many possibilities is a brute force attack. A related method, rather more efficient in most cases, is a dictionary attack. In a dictionary attack, all words in one or more dictionaries are tested. Lists of common passwords are also typically tested.

Password strength is the likelihood that a password cannot be guessed or discovered, and varies with the attack algorithm used. Cryptologists and computer scientists often refer to the strength or 'hardness' in terms of entropy(https://www.youtube.com/watch?v=3NjQ9b3pgIg and https://en.wikipedia.org/wiki/Password_strength). For brute-force attack, some password list is used, standard or maybe self-made. You can construct more powerful custom password list by 'social engineering' and guessing what might the victim put in their password (for example, it might their favourite celebrity).

Also, see https://en.wikipedia.org/wiki/RockYou#Data_breach and https://haveibeenpwned.com/Passwords.

Text Guides:

• https://esolangs.org/wiki/Main_Page

• https://ctfs.github.io/resources/topics/steganography/README.html

• https://ctf101.org/forensics/what-is-stegonagraphy/

• https://picoctf.org/learning_guides/Book-4-Forensics.pdf

• https://wiki.bi0s.in/forensics/roadmap/

Video Guides:

• https://www.youtube.com/playlist?list=PL1H1sBF1VAKV6rTEh76pxQKgeFwme5gsT

• https://www.youtube.com/watch?v=TWEXCYQKyDc

Practice:

• https://play.picoctf.org/; If the previous link gives error 403, try this

• https://ctflearn.com/

Discussions among students are encouraged and we request you to use the respective Team in MS Teams for the same.

Created with ❤️ by CSeC