Article Content
Article Number | 000030982 |
Applies To | RSA Product Set: Security Analytics, NetWitness Platform: CentOS O/S Version: EL6 |
Tasks | This article provides general information about steganography (including null cipher) detection in both Security Analytics and NetWitness for packets. |
Resolution | It is not possible to "detect" steganography so much as it is to detect statistical anomalies/outliers in the composition of the file. Steganography requires statistical analysis. By design, both Security Analytics and Netwitness (for packets) perform on-the-wire packet decoding using BPF (Berkley Packet Filtering). Security Analytics does not perform statistical analysis of this type. At the time of this writing (SA 10.5), steganography is not a feature of Security Analytics or NetWitness. |
Notes | Steganography is a form of encryption. It works by replacing bits of unused data in regular computer files (such as graphics, sound, text, HTML, or even floppy disks ) with other bits of invisible information. (Typically this is done in plaintext, but may also be cipher text or images.) |