Recently, Freeside hosted a CryptoParty where I gave an introductory presentation on steganography. Like all my CryptoParty presentations, this wasn't very technical, but I did introduce some (very) basic techniques.
The first tool that everyone should know about is exiftool. exiftool reads and writes to the metadata section of a variety of image formats. I showed an excellent illustrated example of Exif metadata in the JPEG format, which has some great diagrams which show how a JPEG file's bytes are laid out. There's also C# .NET code included to extract and modify this data, if perl's not your thing (Note: perl should not be your thing).
There are many uses for Exif metadata. The most common use is by camera manufacturers. You may have heard that digital photography can record data and store it into the photo itself. This is how and where it happens. It's not just a timestamp, either. Your camera, especially a smartphone camera, can store information like GPS, your phone firmware version, the OS it's running, model number, IMEI, and other information that can unique identify your camera as the source of the photo.
Facebook, Google, and other social media use this feature to conveniently place the location of where the photo was taken when you upload it to their service. This is great when you want to let your friends know that the picture of you standing in front of the Grand Canyon was taken at the location of the Grand Canyon (for those friends of yours that don't know what the Grand Canyon looks like). It's less awesome when you've called in sick to work on Thursday and post a picture of a cool looking bird on Saturday, especially if you work in Atlanta and that bird was on the outskirts of Panama City. Your employer can put two and two together.
Thankfully, there are tools to strip out metadata from images. Consider using some before posting to social media! There's always opt-out, too (you don't have to post everything to Facebook).
You can use exiftool to extract the information from some of the images in this blog post. For example, with the "Snakes are Awesome" image, we can run the following command at the terminal:
$ exiftool -l snake.jpg
Dear Friend ; Thank-you for your interest in our publication . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our club ! This mail is being sent in compliance with Senate bill 1627 ; Title 6 , Section 303 ! This is NOT unsolicited bulk mail [...]
$ cat taxiderpy_original.jpg >> taxiderpy.jpg
$ zip secret.zip microsoft-spy.pdf
$ cat secret.zip >> taxiderpy.jpg
$ ls -sh1 taxiderpy*
warning [taxiderpy.jpg]: 37425 extra bytes at beginning or within zipfile
(attempting to process anyway)
$ open microsoft-spy.pdf