cHRM gives the chromaticity coordinates of the display primaries and white point.It is intended for use when there is no better choice available, such as in standalone image viewers (but not web browsers see below for more details) bKGD gives the default background color.Use pngcheck for PNGs to check for any corruption or anomalous sections pngcheck -v PNGs can contain a variety of data ‘chunks’ that are optional (non-critical) as far as rendering is concerned.Another steganographic approach is to hide the information in the first rows of pixel of the image.Also use compare a.png b.png result.png from the ImageMagick suite, plenty of params available here (e.g. Select “best match” and hopefully you get the original image. Use TinEye to upload and search for the image.Check for suspicious magic bytes, correct file length, and use dd if=inputfile.png of=anothefile.zip bs=1 skip=12345 count=6789 to extract concatenated files (“skip” will be the starting position, “count” the number of bytes from the “skip” position to extract) We suggest hexedit for the console or Bless Hex Editor if you like it with a GUI. Check plaintext sections, comments ( cat, strings).Read “ Strings, Strings, Are Wonderful Things” from the SANS blog. the -el option will have the strings command handle 16-bit little endian encoding). Remember that, by default, strings decode ASCII characters, but you can set it to gather Unicode strings or to handle other types of encoding such as 32-bit big/little endian (e.g. U, -blue Only show lines containing bytes that are different among some filesĪnd of course use strings (ASCII, UTF8, UTF16) or hexdump -C on the file, before anything advanced. i, -red Only show lines containing bytes that are different among all files G, -green Only show lines containing bytes that are the same among all files W, -hexdump Perform a hexdump / diff of a file or files The search string can include escaped octal and/or hex values. R, -raw="\x00\x01" Search for a custom string. M, -matryoshka Recursively scan extracted files r, -rm Cleanup extracted / zero-size files after extraction
z, -carve Carve data from files, but don't execute extraction utilities E, -entropy Calculate file entropy, use with -B (see the quickstart guide - ) B, -signature Scan target file(s) for common file signatures e, -extract Automatically extract known file types