Uncovering the social impact of digital steganalysis tools applied to cybercrime investigations: a European Union perspective

Background European Union (EU) research on cybersecurity is actively developing more efficient digital steganalysis techniques aimed at uncovering hidden online illegal content in apparently legitimate multimedia files. Beyond issues such as the design, effectiveness and functionality of the technology, this paper addresses the recently raised concern of societal impact, which refers to the influence, consequences, or effects, whether expected or not, that a particular action, policy, or technological advance has on society as a whole or on different segments of society. These impacts can be broad and multifaceted, encompassing economic, social, cultural, environmental and ethical dimensions, amongst others. Aim The aim of this article is to take an exploratory look at the societal challenges and benefits associated with the use of digital steganalysis tools in cybercrime investigations in EU member states, adopting a dual mixed‑


Introduction
Cybercriminals are constantly adapting their methods to counter cybersecurity measures, and a notable trend in cybercrime is the increasing use of 'information hiding' or 'data hiding' to evade detection and prosecution (Collier & Hutchings, 2023;Wu et al., 2023).Data hiding, broadly speaking, is the process of embedding secret information within a carrier or cover work to enable extraction by authorised recipients (Megías, 2020).While there are many techniques for digitally hiding information (Fernandes, 2022), the focus here is on a specific technique within data hiding called steganography.Steganography, which derives its name from the Greek words 'steganos' (to cover) and 'grapho' (to write), is an ancient practice that predates electronic technology (Karampidis et al., 2018).It dates back to 440 BC and was used by ancient civilisations such as the Egyptians and Greeks, and during both world wars for covert communication (Araujo & Kazemian, 2020).Steganography encompasses various techniques for hiding messages or data in nonsecret digital files, such as messages, audio, images or videos (Caviglione & Mazurczyk, 2022;Prakash et al., 2021), allowing secret information to be transmitted discreetly between communicating parties (Megías, 2020).In this respect, steganography is a practice with both legal and illegal applications.On the legal side, it is used for secure communication between individuals, banks, companies, the medical field and military and intelligence operations (Dalal & Juneja, 2021;Prakash et al., 2021).It is also used in multimedia for copyright protection (Megías, 2020) and access control to digital content (Araujo & Kazemian, 2020), as well as in electronic money, radar systems and remote sensing (Prakash et al., 2021).However, malicious actors use steganography for nefarious purposes, such as hiding terrorist or organised crime communications (Dalal & Juneja, 2021;Djebbar, 2021;Fernandes, 2022), distributing viruses (referred to as "stegomalware") (Caviglione & Mazurczyk, 2022), and sharing illegal content, including child sexual abuse material (Araujo & Kazemian, 2020;Casino et al., 2022).Steganalysis techniques and tools, on the other hand, play a crucial role in digital forensic investigations, allowing authorities to detect and decipher hidden evidence.
This hidden information is imperceptible to the human eye and requires specialised tools and knowledge to detect.In response, digital forensic tools have become a key element in the prevention and fight against delinquency (Casino et al., 2022;Wu et al., 2020).These tools allow Law Enforcement Agencies (LEAs) to collect and analyse digital evidence in criminal cases, increasing the groups involving LEAs, digital forensic experts and European citizens.The methodology of this consensus building analysis strategy is rigorously grounded in the social sciences, and the results provide new insights and challenges for consideration by key stakeholders.

Data and methodology
A systematic review of literature was conducted in line with the Preferred Reporting Items of Systematic reviews and Meta-Analyses (PRISMA) guidelines (Page et al., 2021;Moher et al., 2009) and (Pickering & Byrne, 2014) to carry out a quantitative analysis of peer-reviewed papers on the societal impact of steganalysis research and techniques.With these studies, a database was built with the appropriate information to assess the state of the art.Such a method is recommended for reliable, quantifiable, and reproducible findings, and for identifying gaps in the field (Pickering & Byrne, 2014).

Data sources and search strategy
A wide range of databases were used as sources: Pro-Quest, Springer, Scopus, and Institute of Electrical and Electronics Engineers (IEEE).They were chosen because of their broad range of journal papers and conference papers, the ease of applying filters to the search and their high reputation as scientific search engines.Specifically, IEEE was added to the search due to its reputation in the technology field.The systematic searching was performed during March 2023, thus including papers published prior to that date.
The keywords that were used for this study were the following: Steganography, Steganalysis, Steganographic, Forensics, Crime, Terrorism, Pornography, Societal Impact, Societal Acceptance, Privacy, Data Protection, Sustainability, Discrimination, Fundamental Rights, and so on.But the search for documents containing all these keywords provided null results.Therefore, the final search strategy included the following keywords: "stegan* AND forens* AND crim*".The asterisk was used as a wildcard Boolean search operator with the intention of finding every document, both in English or Spanish, that contains related words, such as "steganalysis", "steganography", "steganographic" (techniques), "forensics", "crime", "cybercrime", "criminal", "cybercriminal", "criminalistics", "criminology" and so forth.One of the databases, ProQuest, gave lower results using the wildcard "stegan*", so it was decided that the following keywords should be used for that source: "(steganalysis OR steganography) AND forens* AND crim*".
For this study, a broader approach that would have generated significantly more potential results ("…OR crim*" instead of "…AND crim*") was ruled out due to the fact that the study focuses on criminality, delinquency, and the illicit use of data-hiding tools.The selected keywords were determined after filtering out irrelevant papers and were required to have all three terms with "AND" to reduce the possibility of finding a large amount of content that was not focused on the study's objective.Despite these efforts, it was still challenging to determine if a paper was adequate to assess whether the social dimension was or not addressed.

Inclusion and exclusion criteria
The systematic review was conducted based on the following criteria: • Criterion 1: peer-reviewed full-text papers published in scientific journals, and conference papers due to the fact that the main publication venues in computer science are conference proceedings.• Criterion 2: documents written in English or Spanish, both for being the most used language in the scientific field, and specifically, the last one for being the native language of the authors.However, no papers written in Spanish were found.• Criterion 3: publications limited in time to the period 2017-2023, for two main reasons: (1) to assess the most up-to-date contributions (especially in a rapidly evolving field), and (2) because, according to Fig. 1, most of the publications are made in this period.• Criterion 4: geographical scope, as papers whose first author is affiliated or associated with a research institution in a Member State of the European Union, or studies funded by EU Member States or the European Commission itself. 1 This criterion was mainly adopted due to the unique and complex EU regulatory framework that significantly influences the development, implementation and social impact assessment of online forensic tools, including steganography and steganalysis (Caianiello & Camon, 2021).This framework includes regulations such as the General Data Protection Regulation (GDPR) and specific regulations related to judicial forensics (e-evidence), which are significantly different from the regulatory frameworks or standards in other regions such as the United States (Caianiello & Camon, 2021), China (Kao et al., 2019) and Russia (Rusman & Morozova, 2022), among other key countries related to the scientific literature on this topic.On the other hand, this criterion addresses practical efficiency and focus, ensuring that the selected studies are likely to reflect the nuances of the European social context.It is in line with the specific interests of the project's funders (i.e. the EC), who seek to understand the societal implications of these instruments within the EU's legal, cultural and social framework.Finally, by prioritising studies with a strong EU connection, this review aims to produce knowledge that reflects the complexities of the social impact of these tools in a European social context, providing an in-depth, contextualised insight to inform EU policy and practice.• Criterion 5: documents that contain references to (cyber)crime or security issues related to information hiding and the development of countermeasures.This criterion was adopted in order to avoid including irrelevant and particularly engineering content with little or no mention of crime prevention or security, which does not allow researchers to discuss or evaluate properly its social dimension.
In addition, after this screening process, other documents were added which were not retrieved in the query but were found while searching by authors known for their interest in the data hiding field, in particular frequently cited papers.In order to follow the same scientific standard and to preserve the most systematic procedure possible, only full text papers were included and the exact same screening criteria as in the abovementioned search was followed.

Filtering stages and quality assessment
The selection process of specialised literature was organised in eight stages to be incorporated in the systematic review.Those stages are outlined in the following flowchart (see Fig. 2): 1.The identification of the studies on specialised scientific databases through keywords search.2. A record after the filters are applied: studies identified after applying the filters indicated above.3. Identification of titles duplicated or retracted papers: filtering and removing duplicated papers (by headings) or identified by the databases as retracted.4. Locating the context: determined by the affiliation of the first author or the funding bodies, only studies related to a European Union Member State were considered. 5. Abstract screening: scanning the abstracts of the papers and conference papers to find out whether 1 Despite the initial restriction to studies related to EU institutions, United Kingdom research was included due to its historical relevance and potential contribution to understanding societal impacts in the EU.This inclusion is justified by previous UK-EU collaboration, continuity in key research areas, the cross-border nature of the topics studied, and specific post-Brexit agreements that facilitate research collaboration (in particular in the EU funding programmes).Each UK study considered for inclusion was assessed individually to ensure its alignment with the objectives of the review and its relevance to EU interests.
they deal with information hiding, steganography or steganalysis and crime.6. Full paper review: full text reading to gain in-depth knowledge of the content and ultimately to select it for consideration.7. Other documents: searching by author's name or cited papers not previously included.8. Studies included in the systematic review.
Once the 88 texts assessed for eligibility were read by one of the researchers and discussed by both researchers, 33 were rejected as their content did not coincide with the topic of this review.Many of them do not focus on information hiding, but on other cybersecurity and forensic issues such as bots, robots, criminal profiling, attribution of attacks, document leakage, mitigation of data loss and so on.Some others, while focusing on developing steganography or steganalysis tools, or other hiding-detection computer, do not include any reference to crime or security matters.Some of the excluded papers were prepublications of papers that were subsequently published, and that are included in the review.That said, all papers dealing with the subject of "information hiding", such as steganography, steganalysis, stegomalware, tampering of evidence, content forgery, covert channels and imaging device identification methods were included.These subjects, while focusing on technical developments in similar domains, allow researchers to address, for example, the debate between data accessibility and privacy, so it was considered interesting to approach this issue more generally.Otherwise, if only pure "steganalysis as a forensic technique to fight crime" texts had been included, this systematic review would have been so limited in number of papers and conference papers that the results would hardly be reliable.
Thus, there are 33 journal papers and 22 conference papers, included in this systematic quantitative literature review, resulting in a total of 55 documents.The papers chosen may not specifically deal with the societal impact of steganalysis, but some do include comments on the social relevance of these kinds of tools to fight crime, or some of the challenges they may have to face soon regarding, in some cases, the technological issues, but, in others, also the ethical ones.

Data extraction strategy
To respond to the objectives listed above, one of the researchers extracted the relevant information of all papers and conference papers included in the review.Within the first category, the features of the study such as author's affiliation and journal/conference discipline were considered.Moreover, since the subject matter of the selected studies was not limited to the specific aspect of steganalysis that would have been desirable to discuss, it seemed necessary to categorise a range of research topics in order to obtain a broader, richer, and more detailed picture of the issue.
Utilizing the Societal Impact Checklist for Security Research (Burgess, 2012) as a framework, the following categories were adapted to assess the present status of the societal dimension within steganalysis tools in cybersecurity research.The term 'social/societal impact' was employed as the foundation for assessing the pertinence, effectiveness, and accountability of this genre of security research.
First, it was examined if steganalysis research meets the needs of society: • That is, whether it addresses documented societal security needs and if the proposed output meets them.The criteria for this assessment included an analysis to ascertain if the study's purpose is to improve and enhance security issues and which ones it focused on.• These studies were evaluated to determine if the outputs are designed to produce outcomes that can benefit society by providing practical value.Therefore, both when the purpose of the study is not to create or assess the effectiveness of a data hiding (or its detection) tool and when the authors themselves highlight the limitations of their tools, negative responses were given, as no practical solutions were produced.Sometimes, tools are not created but collected from other sources and compared in reviews, leading to affirmative responses.• Each document was assessed to identify technical descriptions of the tools under development or accumulations of techniques, methods and strategies, aiming to gauge the level of descriptiveness and transparency that the paper intends to achieve.
• An assessment was made to determine if the design of the tool included an evaluation of societal acceptance, or at least a brief consideration of whether the public should have a role in the design process.• An analysis was conducted to identify whether the research addressed threats and dangers related to society's security, and which ones it focused on.
Secondly, an assessment was made to determine if steganalysis research has positive impacts on society (as societal benefits): • In order to approach this broad concept, it was questioned if only specific segments of society will benefit from the research, or if it will be the society as a whole who will profit from the utilities derived from the tools.However, this is a complex question that the systematic review should not answer.So only the explicit observations of the original authors included in each paper were taken into consideration.In some cases, authors may not address this question, or it may not be explicitly stated in the text, in which case it was marked as "not specified".Therefore, caution should be observed when drawing conclusions.• The papers' enhancement of societal values and other ethical aspects that refer to the idea of societal benefits of steganalysis research was also examined, to understand how the regulatory framework and social context shapes cybersecurity research, and, in particular, steganalysis research.This needs to be clear in this systematic review, as it was more than frequent to not see any explicit reference in the texts to these specific principles.That does not mean that they were not a backbone of the research or that authors did not consider societal benefits can be pursued.It means that they just were not mentioned.Providing an implicit and subjective appraisal of these values would only render this review not reproducible and biased.However, there were some analysed contributions that tended to focus more on this particular aspect than others did, albeit in different terms, and that also needed to be identified as clearly as possible.This is a limitation of this systematic quantitative literature review, but it was felt necessary in order to avoid achieving such results.
Finally, an examination was conducted to look into the potentially negative societal effects that may be caused as side effects of steganalysis research: • In particular, in a similar but opposite sense to the previous category, the aim was to assess what potential negative impacts could result from steganalysis research applied to cybercrime.This may include the impact on fundamental rights, social values, potential discrimination against certain groups that may result from the proposed research, and so on.The same considerations as above apply here, as the aim is not to demonstrate this possibility, but to explore the views and perceptions of the authors on this issue.• Finally, any specific measures taken or reminded by the researchers to ensure compliance with human rights and to ease its negative impacts, if any, were gathered.
The encoding of the categories for each variable was designed based on an initial reading of the documents subject to the review, so as to be able to encompass the different topics of the papers in the most detailed and summarised way possible.

Quantitative results
As included in Table 1, the literature reviewed revealed a clear lack of interest in addressing social issues related to steganalysis uses.The papers are mainly published in technology-oriented journals, with a clear focus on producing practical results in the form of tools, regarding different (cyber) security threats and needs that justify the research on developing steganalysis, such as authenticity of digital content in relation to the criminal use of steganography, forensic investigations in crimes with digital evidence, or data protection in cyberattacks.
From a technical and descriptive point of view, various image or video steganalysis techniques, including visual attacks, signature-based methods, structural analyses, statistical examinations, spread spectrum techniques, blind probing, and so on, are developed, tested, or mentioned to reveal hidden information.Within this landscape, deep learning techniques are occasionally mentioned for their effectiveness and growing importance.A set of studies focuses on developing data hiding techniques, while the others test them against countermeasures.Continuously, the concept of wardens emerges as a prevalent countermeasure against the illicit sharing of data across networks.In the field of digital forensics, part of the research efforts is focused on preserving the chain of evidence while investigating possible tampering of legal evidence or trying to identify the source device of images or videos to ensure the reliability of such critical data.On the other hand, the emergence of stegomalware, a malicious technique that exploits data hidden in apparently innocuous files, is noted in scientific discourse and is rigorously tested against developed defence strategies.In the context of copyright management, watermarking protocols and advances in steganography are proving beneficial, while also facilitating the verification of the originality and attribution of ownership/authorship of images in the context of digital forensics.Each of these tools and methods plays a specific role in the field of steganalysis, providing solutions to challenges such as secure communications, copyright protection and digital forensics.The variety and complexity of these tools highlights the rapidly evolving nature of steganography and steganalysis technologies.
However, none of the selected research addresses societal acceptance, and, in general, it can be said that the societal dimension is not adequately covered.That said, we can identify from the research some of the potential societal benefits that can derive from steganalysis developments, such as the enhancement on the protection of human rights (ethics and protection of personal data), as well as the strict observance of international chain of custody laws, the improvement of cross-border cooperations, or the strengthening of public accountability and transparency.On the other hand, issues such as potential negative discrimination, negative impacts on rights and values, and ways to overcome these legal and ethical challenges are not sufficiently discussed throughout the texts, with brief and scarce mentions to privacy and data protection (such as illicit cloud-based invasions of the privacy of non-suspects via indiscriminate decryption of data), among other challenges or potential societal harms of steganalysis research.
Certainly, it is important to recognise that the reluctance to address social and ethical issues in academic papers (and especially conference papers) may be due to space constraints, which often prioritise technical aspects and results over broader ethical or social considerations.In addition, researchers may assume that ethical considerations and compliance with fundamental rights are implicitly understood or covered in the ethical review processes of their own research projects or institutions.This could explain the lack of explicit reference to these issues in published papers.However, it is also possible that there is a prevailing perception within the steganalysis community that societal impacts and ethical considerations are secondary to the primary technical focus of their research.Academic culture and publication norms may contribute to the omission of these aspects.Researchers may not be fully aware of the potential societal implications of their work, or may lack a framework for systematically assessing and addressing issues such as stakeholder engagement and societal acceptance, or the presence of discriminatory biases that may have been unconsciously transferred from designers to software.This highlights the importance of promoting interdisciplinary collaboration and ethical reflection within the field of steganalysis to ensure a more comprehensive Nicolás-Sánchez and Castro-Toledo Crime Science (2024) 13:11 understanding and communication of the societal dimensions associated with this research.
In addition, the data extraction spreadsheet of the full sample of studies reviewed can be found in Appendix I: Table 4. Considering all of these results, the following section is therefore intended to address this gap in the literature.No 51 a The percentages have been calculated in relation to the total number of studies reviewed (N = 55).For this reason, there are variables that can exceed 100% when different modalities occur at the same time as field of publication, research subject, societal cybersecurity needs, threats, beneficiaries, positive impacts, and mitigation measures b In the variables where "N/A" is included, the percentages have been calculated in relation to the total number of studies that created or mentioned tools (n = 47).For this reason, the "N/A" papers are not included in these calculations

Methodology of nominal groups
Given the limited societal benefits and challenges associated with the use of such tools and techniques in crime prevention found in the systematic review, it was decided to use the Nominal Group Technique (NGT) with LEAs and digital forensics experts to fill the literature gaps identified in the previous section.This mixed-methods technique, originally developed by Delbecq & Van de Ven (1971), is one of the most appropriate methods for gathering information in situations where no prior data is available.This type of research allows for the exploration of questions that may not be best answered by purely quantitative approaches due to technical complexity or limited information available, and has an exploratory nature that can uncover dimensions that would otherwise be overlooked (Bachman & Schutt, 2017;Bush et al., 2020).In contrast, a large-scale survey to measure the societal benefits and challenges of these tools was deemed inappropriate due to the technical complexity of steganalysis topic and the limited information publicly available, making the results impractical.Instead, this methodology was used to capture the perspectives of experts in the field of digital forensic investigation tools (who are also European citizens who may be affected by the use of these tools).However, it is important to note that due to the limited availability of a sample of experts from LEAs, it was decided to conduct two nominal groups (one for positive impacts or benefits, one for negative impacts or challenges), thus making the study exploratory in nature.Certainly, this may be a limitation in terms of the ecological validity of the results, but the purpose of the nominal group technique is different, as mentioned above.
It can be thought of as a variation on small focus groups that are brought together in order to reach a consensus that can be quantified.Information is gathered by asking individuals to respond to questions posed by a moderator, and then participants are asked to prioritise the ideas or suggestions of all group members.The suitability of nominal groups for our purposes lies mainly in their nature as a consensus-building method, which is defined below:

"NGT is a highly structured technique combining characteristics of an individual survey and a focus group. Its structure limits researcher influence and influence from group dynamics. It increases the likelihood of equal participation for all group members and equal influence of (conflicting) values and ideas. NGT can be used in an exploratory
(phase of a) study, can be used to generate hypotheses about topics which are relatively unfamiliar to the researcher, or to become familiar with the ideas found to be relevant to a research population that is socially and culturally different from the researcher.NGT is particularly relevant in applied research as a decision-making tool and as a consensus method" (Vander Laenen, 2015, p. 11).
In summary, the process prevents one person from dominating the discussion, encourages all members of the group to participate, and results in a set of prioritised solutions or recommendations that represent the preferences of the group (De Ruyter, 1996;Hugé & Mukherjee, 2018;Vander Laenen, 2015).
In this regard, for the second part of this study, two nominal groups were conducted for the evaluation of key socio-economic, moral and legal factors potentially influencing the design of steganalysis tools and their positive and negative impacts on end-users.The aim of these groups was to use this consensus building method to formulate recommendations for the improvement of steganalysis tools and methods within the UNCOVER EU project.
The session was structured as follows, and it was briefly explained to the participants: • Define the task: in the form of a question about societal benefits and challenges, in writing and visible to the group, ensuring that it is understood by everyone.• Individual generation of ideas: participants were asked to individually write down in the chat 3 words or sentences related to the question, for 5 min.• Record all ideas: they were typed into an Excel file by the moderator while sharing the screen.• Clarify and discussion of ideas: for 20 min, each of the ideas generated was addressed in order to obtain clarification: similar ideas were grouped, rephrased and merged, or divided into several ones.• Rank or prioritise ideas: individually, each participant selected what they considered to be the top 5 societal benefits/challenges and scored them from 5 points (top 1 benefit/challenge) to 1 point (top 5 benefit/ challenge), giving a different score to each of them.• Quantitatively determine priorities: when these scores were typed into the Excel file, it automatically showed quantitative results.The moderator also explained to the participants what these results meant.
There was a single session divided into two parts corresponding to the following questions: With regard to the characteristics of the participants, a sample of LEAs and digital forensic experts belonging to the UNCOVER EU project consortium was selected.At the beginning, 7 participants participated in the "societal benefits" nominal group, which is a good number considering that the number of participants in a nominal group session is recommended to be less than 8 participants (De Ruyter, 1996;Hugé & Mukherjee, 2018;Vander Laenen, 2015).In the second part of the session, the nominal group on societal challenges, one participant had to leave due to an urgent matter, leaving 6 participants.Similarly, the nominal group session was conducted via online video conferencing a few weeks after the systematic review was conducted, and lasted 140 min (60 min each with a 20 min break).Prior to the session, the activity was ethically reviewed within the project and all participants gave their informed consent.

Nominal group results on social benefits of steganalysis tools
The first set of ideas discussed by the participants pertains to the societal benefits of steganalysis tools.Initially, there were 16 ideas proposed by participants, but this was eventually narrowed down to 9. Some ideas were duplicates, like those related to "getting information about crime, " "proving crimes, " and "providing court-proof evidence." Others were merged due to their similarity, such as "cooperation between law enforcement agencies (LEAs) and forensic institutes" and "cooperation in Europe" involving academia, industry, and other institutions.A few ideas about improving police work and providing better methods for LEAs were also combined.Some ideas were excluded for being too broad or not fitting the concept of "societal benefits." Certain concepts were clarified and debated, like "catching bad guys, " which was divided into three separate ideas.Similarly, "treating people fairly" was distinguished from "providing a quicker and better response from LEAs." The most rated societal benefit, both in terms of the number of points and the percentage of participants who supported it, was idea number 9 ("understanding the real size and impact of the problem").Idea number 4 ("better scientific understanding of the world around us") ranked third in the number of votes.This suggests that steganalysis tools can assist society in understanding the workings of data hiding, the types of hidden illegal information, and their societal impacts, rather than solely in apprehending suspects or providing court-proof evidence.In second place was idea number 7 ("creating a safe environment for everyone"), which also connects to these notions but in a more general sense by improving overall societal security and trust in communication.Idea number 8 ("establishing confidence and trust in LEAs") was not highly voted but still ranked among the top five benefits, indicating the importance of improving public perception of law enforcement agencies (LEAs) and enhancing their cooperation with citizens in Europe (idea number 5).Conversely, ideas number 6 ("police treating people fairly") and 3 ("providing a quicker and better response from LEAs than manual intervention") were the least emphasised in this analysis.However, it is noted that these ideas should not be disregarded as they were brought up during the discussion.All this information is detailed in Table 2 below.

Nominal group results on social challenges of steganalysis tools
In terms of societal challenges in steganalysis, the discussion began with 10 ideas, and one more was removed during the discussion, resulting in 9 ideas (see Table 3).This round of discussions was more demanding, with fewer participants.Some ideas were merged, and others were removed.There was a debate about the balance between privacy and security, especially related to the use of steganalysis by law enforcement.
The most voted societal challenge, both in terms of points and the percentage of participants who supported it, was idea number 7 (lack of knowledge about the existence of steganography and steganalysis tools).It was ranked highly by everyone in the sample, with 50% considering it the top challenge.This indicates a consensus that there is limited knowledge about these tools, and it might need to stay that way to maintain their effectiveness against criminals.The lack of knowledge hampers research by academia and limits implementation by law enforcement agencies (LEAs).This relates to other challenges like demonstrating the efforts made in steganalysis, informing and training relevant parties, finding a balance between legal use, and trust in government/LEAs using these tools.Ideas number 5 (reliable results from steganalysis tools), 4 (building and maintaining state-ofthe-art understanding and use by non-criminals), and 6 (proving the respect of chain of custody) are more technically related challenges in steganalysis development.
While not the top challenge, the reliability of results generated by steganalysis tools is considered a significant concern, especially in providing valid proof in court proceedings.
In summary, participants believe that improving the technical aspects, along with raising awareness about steganalysis, can help overcome the challenges.This not only addresses technical limitations but also the reluctance of stakeholders and society to rely on these digital crime investigation tools.That idea can be translated into a potential harm of steganalysis development, as creating something that civil society do not trust, with concerns about potential invasion of privacy rights, can potentially lead to societal rejection and discontent, both from the public and from key stakeholders.

Discussion and conclusions
In the last decade, considerable progress has been made in the tools of steganography, a technique for hiding information in digital files, as well as in its technological interest in the scientific and practitioners' community.However, digital forensics to detect (and potentially prevent) this type of cyberthreats have not only a technical dimension, but also societal issues of paramount importance.Throughout this paper, the need to approach this latter aspect from a rigorous and scientific evaluation has been taken as a starting point, in order to obtain quality evidence to assess the balance between the social benefits and challenges of these steganalysis tools.The ambition of this paper is to, from a European perspective: (1) establish, for the first time, the state-of-the-art on the social impact of steganalysis tools through a quantitative systematic review; and (2) obtain empirical evidence on the expert-citizen consensus on the challenges and social benefits of steganalysis tools through mixed methods (i.e., nominal groups).While the systematic review showed that these societal dimensions of digital steganalysis tools have not been adequately addressed by most of the previous scientific literature, only a few papers have partially developed these aspects (ethical issues: Casino et al., 2022, Stoyanova et al., 2020, Caviglione et al., 2017;privacy needs: Casino et al., 2022, Stoyanova et al., 2020, Caviglione et al., 2017;privacy  From this work, the nominal groups aim to fill this large gap in the literature with empirical evidence.They also aim to validate what has been reported in other studies with new data in the following areas: (a) Improving the security of society by understanding how the criminal activity of data hiding works ("data hiding trends", Caviglione et al., 2021a), what kind of illegal information is hidden and to what extent it can harm society ("challenges for forensics", Ghanmi et al., 2021;Yari & Zargari, 2017) is the main benefit of steganalysis; and b) Raising awareness of the data hiding paradigm and the tools to combat its criminal use, both technically ("pursue explainability", Caviglione et al., 2021a) and among stakeholders ("understanding between all the actors involved", Casino et al., 2022) and the public ("trade-off between users' right to privacy and the success of the forensics investigation", Stoyanova, 2020;Odebade et al., 2017), is the priority societal challenge of steganalysis.
Our findings also help to confirm the claim that social impact assessment is crucial in cybersecurity research, as these policy areas are typically characterised by limited public transparency, justified by confidentiality and national interest, which often excludes stakeholders and hinders public acceptance of such measures, thus leading to suspicion (Wadhwa et al., 2014).It is also worth noting some concerns that European security research projects prioritise international techno-military industrial advances over addressing local and urban issues, which are closer to citizens and their (in)security experiences, or tackling the root causes of crime (Davey & Wootton, 2017).Nevertheless, the European Union's latest research and innovation funding programme, 'Horizon Europe' , clearly recognises this concern, stating that in the field of security research, it is crucial that projects take into account human factors and societal contexts, while respecting fundamental rights such as privacy and the protection of personal data.The involvement of citizens and communities in assessing the societal impact of security technologies is essential to enhance the quality of research and public confidence.The integration of social sciences and humanities (SSH) and social innovation in security research is fundamental, as it fosters active citizen participation and promotes social change and ownership (EC, 2023, p. 8).While societal considerations are consistently overlooked in scholarly papers dedicated to stego-issues, it may be reasonable that within such a technical discipline, these aspects are confined to the ethical review processes, mandatory in all projects conducted in the European Union and institutions bound to its legal framework.Nevertheless, for the purpose of disseminating results and fostering increased social and end-users' acceptability of these technology solutions, additional time, tasks, and content should be allocated for the aim of ensuring a positive social impact, extending beyond purely technical advancements in computer science.
In conclusion, digital forensic tools in general, and advanced steganalysis tools in particular, are crucial for preventing and fighting cybercrime.However, it is also important to consider the social impact and to ensure that they are used in a legitimate and responsible manner towards citizens.In addition to the benefits in terms of improved prevention and response by LEAs to these forms of cybercrime, this could include issues related to the potential privacy breaches through the monitoring of citizens' online activities; the potential risk of misuse by researchers or investigators, which could have serious implications for fundamental rights, civil liberties or the fair democratic processes; or the challenge in ensuring transparent and accountable use of these tools by authorities as a key element to maintain their legitimacy, among other negative social impacts.It is hoped that this work serves as a beginning point for the development of future research in this particular aspect, both within and outside the European context.Particularly relevant is to go beyond the European framework, for this study is limited by research and participants bound by European inclusion criteria.
Accordingly, LEAs and other security authorities need to take all possible precautions when designing, implementing or using these digital forensic tools.They need to work closely with social, ethical, legal and policy experts to ensure that they meet the highest standards and that decisions are taken in the most legitimate and procedurally appropriate way.In consequence, any technological innovation, especially when it comes to preventing crime and improving public safety, must be accompanied by a rigorous and scientific assessment of its social impact in order to ensure a safe and just democratic society.

Table 1
Summary of quantitative results of the systematic review of steganalysis literature

Table 1
(continued) 1. Considering both your professional experience and your condition as a European citizen, what do you identify as the main societal benefits faced by steganalysis tools? 2. Considering both your professional experience and your condition as a European citizen, what do you identify as the main societal challenges faced by steganalysis tools?

Table 2
Summary of nominal group results on social benefits of steganalysis tools

Table 3
Summary of nominal group results on social challenges of steganalysis tools

Table 4
Data extraction spreadsheet of steganalysis literature systematic review