The eventual goal of steganalytic forensic is to extract the hidden messages embedded in steganographic images. A promising technique that addresses this problem partially is steganographic payload location, an approach to reveal the message bits, but not their logical order. It works by finding modified pixels, or residuals, as an artifact of the embedding process. This technique is successful against simple least-significant bit steganography and group-parity steganography. The actual messages, however, remain hidden as no logical order can be inferred from the located payload. This paper establishes an important result addressing this shortcoming: we show that the expected mean residuals contain enough information to logically order the located payload provided that the size of the payload in each stego image is not fixed. The located payload can be ordered as prescribed by the mean residuals to obtain the hidden messages without knowledge of the embedding key, exposing an inherent vulnerability in these embedding algorithms. Experimental results are provided to support our analysis. 2014 Digital Forensics ResearchWorkshop. Published by Elsevier Ltd. All rights reserved.
Quach, T. T. (2014). Extracting hidden messages in steganographic images. In Digital Investigation (Vol. 11). Elsevier Ltd. https://doi.org/10.1016/j.diin.2014.05.003