It’s easy. All one has to do is use any of the more than 1,000 digital steganography applications available as freeware or shareware on the Internet to hide information that the current generation of e-discovery tools will not detect.

The origin of the word “steganography” can be traced back to the days of Ancient Greece. The Greek words steganos, which means covered, and graphie, which means writing, literally translates to covered writing.

By using digital steganography, any digital file can be hidden in, or appended to, any other digital file in such a way the information is literally invisible. Some have used the analogy that trying to find information hidden with digital steganography is like trying to find an invisible needle in a country of haystacks.

Steganography applications are easy to find on the Internet. The applications are trivial to download, install, and use. Most feature drag-and-drop interfaces or wizard interfaces to make the applications as user friendly as possible. Accordingly, it doesn’t require a technically sophisticated user to use the applications to hide information.

Thus, digital steganography must be of particular concern to digital forensics investigators searching for electronically stored information (ESI) as part of an e-discovery engagement. Of even more immediate concern is the fact that the current generation of e-discovery tools does not detect the presence or use of digital steganography.

Before going further, it must be said that some readers who are familiar with steganography may consider it to be a topic of interest only for academic researchers—not as something that insiders or criminals would use to conceal evidence of criminal activity.

It would not be prudent to assume that users are too stupid, too lazy, or both, to go to the trouble of using steganography to hide potentially incriminating evidence. Let’s assume they’ve never heard the word “steganography” so they Google “information hiding” instead. They would get over 600,000 links to sites where they could download steganography applications. Therefore, we must presume that determined users who want to find a way to hide incriminating digital evidence will find a way to hide it.

The growing number of e-discovery tool vendors must acknowledge the continuing evolution of an increasingly sophisticated user base and enhance the capabilities of their tools accordingly. Regarding the potential use of steganography to hide information, vendors must add a capability to detect and extract the hidden information. But how?