diff --git a/subjects/cybersecurity/image-inspector/README.md b/subjects/cybersecurity/image-inspector/README.md new file mode 100644 index 000000000..777233ece --- /dev/null +++ b/subjects/cybersecurity/image-inspector/README.md @@ -0,0 +1,137 @@ +## Image-Inspector + +
+ +
+ +### Introduction + +Images can contain more than just visual information, they often carry hidden data such as metadata or even concealed messages through techniques like steganography. This project is designed to help you explore and analyze these hidden aspects of images. + +### Objective + +The goal is to develop a tool using a programming language of your choice (Python is recommended) that can analyze images to extract hidden information. Specifically, your tool should: + +1. **Extract Metadata**: Identify and display metadata from images, such as geolocation (latitude and longitude) where the photo was taken, the device used, and other relevant information. +2. **Detect Steganography**: Discover and extract any hidden PGP keys or other data concealed within the image using steganography techniques. + +By completing this project, you will: + +- Develop an understanding of image recognition techniques. +- Gain practical experience with steganography and metadata extraction. +- Learn to identify hidden information in images, which can be crucial in cybersecurity investigations. + +### Resources + +Some useful resources: + +- [Steganography](https://en.wikipedia.org/wiki/Steganography) +- [Exif Metadata](https://en.wikipedia.org/wiki/Exif) +- [Python Imaging Library (PIL)](https://pillow.readthedocs.io/en/stable/) + +Before asking for help, explore these resources to fully understand the concepts behind image analysis and steganography. + +### Role Play + +To enhance your learning experience and assess your knowledge, a role play question session will be included as part of this project. This session will involve answering a series of questions in a simulated real-world scenario where you assume the role of a digital forensics expert explaining how your tool identifies hidden information in images. + +The goal of the role play question session is to: + +- Assess your understanding of image analysis and steganography. +- Test your ability to communicate effectively and explain the techniques used in your project. +- Challenge you to think critically about the implications of hidden data in images. + +Prepare for a role play question session in the audit. + +### Project Requirements + +#### Metadata Extraction: + +Your tool should be able to extract and display key metadata from an image file, including but not limited to: + +- Geolocation (Latitude and Longitude) +- Device information (camera make/model) +- Date and time the photo was taken + +#### Steganography Detection: + +- Detect hidden PGP keys or other concealed information in the image using steganography techniques. +- Display the extracted hidden data clearly. + +#### Input Handling: + +The tool should accept an image file as input and provide options for the user to specify which analysis to perform (metadata extraction or steganography detection). + +#### Output Management: + +Store the results in a well-organized file format, with clear and concise reporting of both metadata and any hidden data found. + +### Usage Examples + +#### Command Line Interface: + +```sh +$> image-inspector --help + +Welcome to Image Inspector + +OPTIONS: + -m Metadata Extract metadata from the image (e.g., geolocation, device info) + -s Steganography Detect and extract hidden data from the image using steganography techniques + -o "FileName" Specify the file name to save output +``` + +#### Example Outputs: + +```sh +$> image-inspector -m -o metadata.txt image-example1.jpeg +Lat/Lon: (13.731) / (-1.1373) +Device: Canon EOS 5D Mark III +Date: 2023-07-20 14:32:10 +Data saved in metadata.txt +``` + +```sh +$> image-inspector -s -o hidden_data.txt image-example1.jpeg +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: 01 +... +-----END PGP PUBLIC KEY BLOCK----- +Data saved in hidden_data.txt +``` + +**You will be provided with an example image to test your tool. Make sure your tool can successfully analyze this image and produce the expected outputs.** +The example image attached: +[image-example1.jpeg](resources/image-example1.jpeg) +[image-example2.jpeg](resources/image-example2.jpeg) +[image-example3.jpeg](resources/image-example3.jpeg) +[image-example4.jpeg](resources/image-example4.jpeg) + +#### Documentation + +Create a `README.md` file that provides comprehensive documentation for your tool (prerequisites, setup, configuration, usage, ...). Ensure the documentation includes clear guidelines on the ethical use of the tool and warnings about the legal implications of analyzing images without permission. + +### Bonus + +If you complete the mandatory part successfully and still have time, consider adding the following features: + +- **Additional Steganography Methods**: Implement detection for other steganography techniques beyond PGP keys. +- **Graphical User Interface (GUI)**: Create a user-friendly GUI using libraries like Tkinter or PyQT. + +Challenge yourself! + +### Ethical and Legal Considerations + +- **Get Permission**: Always obtain explicit permission before analyzing any image. +- **Respect Privacy**: Be aware of the sensitive nature of metadata and hidden data, and handle it responsibly. +- **Follow Laws**: Adhere to relevant laws regarding data privacy and the analysis of digital media. + +> ⚠️ Disclaimer: This project is for educational purposes only. Ensure all activities comply with legal and ethical standards. The institution is not responsible for misuse of the techniques and tools demonstrated. + +### Submission and Audit + +Upon completing this project, you should submit the following: + +- Your documentation in the `README.md` file. +- The source code for your tool. +- Any required files to run your tool. diff --git a/subjects/cybersecurity/image-inspector/audit/README.md b/subjects/cybersecurity/image-inspector/audit/README.md new file mode 100644 index 000000000..03ad9adce --- /dev/null +++ b/subjects/cybersecurity/image-inspector/audit/README.md @@ -0,0 +1,99 @@ +#### General + +##### Check the Repo Content + +Files that must be inside the repository: + +- Detailed documentation in the `README.md` file. +- Source code for the Image Inspector tool. +- Any required configuration files and scripts for running the tool. + +###### Are all the required files present? + +##### Play the Role of a Stakeholder + +Organize a simulated scenario where the student takes on the role of a Digital Forensics Expert and explains their solution and knowledge to a team or stakeholder. Evaluate their grasp of the concepts and technologies used in the project, their communication efficacy, and their critical thinking about their solution and the knowledge behind this project. + +Suggested role play questions include: + +- What is metadata in the context of digital images, and why is it important? +- How does steganography work, and what are its potential uses and risks? +- What challenges did you face while developing the Image Inspector tool, and how did you address them? +- How can this tool be used in real-life digital forensics or cybersecurity scenarios? +- What ethical considerations should be taken into account when analyzing images for hidden data? + +###### Were the students able to answer all the questions? + +###### Did the students demonstrate a thorough understanding of the concepts and technologies used in the project? + +###### Were the students able to communicate effectively and justify their decisions and explain the knowledge behind this project? + +###### Were the students able to evaluate the value of this project in real-life scenarios? + +###### Did the students demonstrate an understanding of ethical and legal considerations related to digital forensics? + +##### Check the Student Documentation in the `README.md` File + +###### Does the `README.md` file contain all the necessary information about the tool (prerequisites, setup, configuration, usage, ...)? + +###### Does the `README.md` file contain clear guidelines and warnings about the ethical and legal use of the tool? + +##### Review the Tool's Design and Implementation + +1. **Help Command:** + +```sh +$> image-inspector --help +``` + +###### Does the output include an explanation of how to use the tool, with all options clearly described? + +2. **Metadata Extraction Option:** + +```sh +$> image-inspector -m -o metadata.txt image-example1.jpeg +``` + +###### Does the output correctly extract and display metadata such as geolocation, device information, and date/time? + +###### Is the output stored in the file specified in the output parameter? + +3. **Steganography Detection Option:** + +```sh +$> image-inspector -s -o hidden_data.txt image-example1.jpeg +``` + +###### Does the output correctly detect and extract any hidden PGP keys or other concealed information within the image? + +###### Is the output stored in the file specified in the output parameter? + +##### Testing with Images + +**You will be provided with an example image to test the students tool. Feel free to test with other images.** +The example image attached: +[image-example1.jpeg](resources/image-example1.jpeg) +[image-example2.jpeg](resources/image-example2.jpeg) +[image-example3.jpeg](resources/image-example3.jpeg) +[image-example4.jpeg](resources/image-example4.jpeg) + +###### Test the tool with the provided example image and at least one other image to ensure the tool's robustness. + +###### Does the tool produce accurate and expected results for different images? + +##### Ensure that the student submission meets the project requirements: + +1. **Functionality:** Does the tool perform its intended functions accurately (metadata extraction and steganography detection)? +2. **Data Accuracy:** Is the retrieved information accurate and relevant? +3. **Ethical Considerations:** Are there clear guidelines and warnings about the ethical and legal use of the tool? +4. **Usability:** Is the tool user-friendly and well-documented? + +###### Did the tool design and implementation align with all the project requirements above? + +###### Were the students able to implement a functional and reliable tool that meets the project requirements? + +#### Bonus + +###### + Did the student implement additional valuable features (e.g., additional steganography methods, GUI, facial recognition)? + +###### + Is this project an outstanding project that exceeds the basic requirements? diff --git a/subjects/cybersecurity/image-inspector/resources/image-example1.jpeg b/subjects/cybersecurity/image-inspector/resources/image-example1.jpeg new file mode 100644 index 000000000..456d5bc32 Binary files /dev/null and b/subjects/cybersecurity/image-inspector/resources/image-example1.jpeg differ diff --git a/subjects/cybersecurity/image-inspector/resources/image-example2.jpeg b/subjects/cybersecurity/image-inspector/resources/image-example2.jpeg new file mode 100644 index 000000000..65c8dc8ea Binary files /dev/null and b/subjects/cybersecurity/image-inspector/resources/image-example2.jpeg differ diff --git a/subjects/cybersecurity/image-inspector/resources/image-example3.jpeg b/subjects/cybersecurity/image-inspector/resources/image-example3.jpeg new file mode 100644 index 000000000..dfb518ae3 Binary files /dev/null and b/subjects/cybersecurity/image-inspector/resources/image-example3.jpeg differ diff --git a/subjects/cybersecurity/image-inspector/resources/image-example4.jpeg b/subjects/cybersecurity/image-inspector/resources/image-example4.jpeg new file mode 100644 index 000000000..5f830664b Binary files /dev/null and b/subjects/cybersecurity/image-inspector/resources/image-example4.jpeg differ diff --git a/subjects/cybersecurity/image-inspector/resources/steganography-meme.png b/subjects/cybersecurity/image-inspector/resources/steganography-meme.png new file mode 100644 index 000000000..c2818315e Binary files /dev/null and b/subjects/cybersecurity/image-inspector/resources/steganography-meme.png differ