Steganography — which comes from the Greek and means covered or concealed writing — is the practice and techniques of concealing a message in any medium, including digital communications, to the extent that it is not even known that there is a message, and has been practiced since ancient times. Steganalysis is the counterpart — the art and science of discovering, extracting, and neutralizing the stealth attempts of steganography. Of course, legitimate steganalysis is not interested in attacking all types of steganography: for example, it is not about trying to remove copyright indicators from original works. Rather, it employs its techniques in the interest of law enforcement, particularly in computer forensics. This is not to say that thieves, spies, terrorists, and criminals do not use steganalysis: just that they apply its techniques to different ends.
Although the word steganography, when it came into English in the 16th century, first referred to cryptography, it now refers not to messages that are obscured by being rendered unreadable but to messages that have been rendered all but invisible. These messages may be encrypted as well, but the point of steganography is to attempt to ensure that nobody finds the message in the first place. This is why the process of steganalysis begins with detection.
Steganographic techniques are available to hide messages in digital audio, video, images, TCP/IP (Transmission Control Protocol/Internet Protocol) headers, text documents and other ways. These are, therefore, areas of focus in current steganalysis research. Several university research departments claim high rates of detection rates above 98 percent with images containing certain types of steganographic material, but detection algorithms may be useless in the face of new techniques, so the goal for steganalysts is to create universal or general techniques. It is also more difficult to discover stenographic messages a) that are short/small; b) when noise has been added to mask its presence; and c) if they are embedded in difficult-to-detect locations.
Detection is accomplished through special software and, depending on the situation, knowing that there is a secret message may be the end of the analysis. However, detection is not the final step if the message must be understood and it is coded or encrypted, and how easily it can be decrypted will partly depend on whether a key is involved. In some cases, in fact, the goal is not only to decrypt the message but to modify it. Whether the end desire is to read the message or to modify it and send it on, it needs to be extracted intact after detection, and that’s also a separate issue. Research in steganalysis is ongoing.