nerdexam
GIAC

GSEC · Question #106

GSEC Question #106: Real Exam Question with Answer & Explanation

The correct answer is A. Determine normal properties through methods like statistics and look for changes. Without an original reference file, steganography is most reliably detected by applying statistical analysis to identify anomalies in a file's properties.

Question

If you do NOT have an original file to compare to, what is a good way to identify steganography in potential carrier files?

Options

  • ADetermine normal properties through methods like statistics and look for changes
  • BDetermine normal network traffic patterns and look for changes
  • CFind files with the extension .stg
  • DVisually verify the files you suspect to be steganography messages

Explanation

Without an original reference file, steganography is most reliably detected by applying statistical analysis to identify anomalies in a file's properties.

Common mistakes.

  • B. Analyzing network traffic patterns is a network-level forensic technique that does not reveal hidden data embedded within the binary content of individual files.
  • C. There is no standard .stg file extension associated with steganography; hidden data is embedded within common carrier formats like JPEG or PNG without changing the file extension.
  • D. Steganography is specifically designed to be visually imperceptible to the human eye, making visual inspection an unreliable and largely ineffective detection method.

Concept tested. Steganalysis without original reference file

Reference. https://csrc.nist.gov/publications/detail/sp/800-101/rev-1/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice