Steganography is a data hiding technique, it consists of the dissimulation of a secret information into digital files so that an intended recipient can extract it successfully.

In reversible steganography, both the secret information and the cover image are retrieved by the recipient; this condition is required in some applications of steganography

Improper prioritization In these days of cheap storage and fast computers, the critical resource to be optimized is the attention of the examiner or analyst. Today work is not prioritized based on the information that the drive contains.

Lost opportunities for data correlation. Because each drive is examined independently, there is no opportunity to automatically “connect the dots” on a large case involving multiple storage devices. For example, if one hard drive has an email message in the “Sent Message” mailbox and a second hard drive has that same message in an Inbox, its up to the examiner to make the connection.

Improper emphasis on document recovery. Because today's forensic tools are based on document recovery, they have taught examiners, analysts, and customers to be primarily concerned with obtaining documents. Although much of the data on a typical drive cannot be reconstructed into files, this data may nevertheless be useful. The emphasis of forensic tools should be on further investigatory and evidentiary goals, not to recover files.

Volatile Data The data that is held in temporary storage in the system’s memory (including random access memory, cache memory, and the onboard memory of system peripherals such as the video card or NIC) is called volatile data because the memory is dependent on electric power to hold its contents.

When the system is powered off or if power is disrupted, the data disappears.