Saint John of Cryptome has a particularly tasty link to http://csrc.nist.gov/publications/drafts.html#sp800-72 which describes the state of the art in PDA forensics. There is also a link to a CDROM of secure hashes of various "benign" and less benign programs that the NIST knows about. Including a list of "hacker" programs. Including stego. Pigs use this to discount commonly-distributed software when analyzing a disk (or, presumably, your PDA's flash). See http://www.nsrl.nist.gov/ also http://www.nsrl.nist.gov/Untraceable_Downloads.htm Obvious lesson: Steganography tool authors, your programs should use the worm/HIV trick of changing their signatures with every invocation. Much harder for the forensic fedz to recognize your tools. (As suspicious, of course). The NIST CDROM also doesn't seem to include source code amongst its sigs, so if you compile yourself, you may avoid their easy glance. Notes from the Field: My paper & image handling kiretsu job has a fellow working on secure Linux disk-drive delete --even if you pull the plug, on power up it finishes the job. Nice. Thank you, HIPAA, banks, etc.