First things first, always use binwalk or foremost to isolate files from any other embedded stuff.
And of course use strings (ASCII, UTF8, UTF16) before anything advanced.

• Check plaintext sections, comments
• Use exiftool for EXIF data
• Use TinEye to upload and search for the image. Select “best match” and hopefully you get the original image. XORing should do the rest of the job
• Use pngcheck for PNGs to check for any corruption or anomalous sections
• If the image is relatively small check the palette (use “convert input.png output.xpm”. be aware that sometimes colors are not preserved. in this case use the extra parameter )
• If there are large portions of the image that look the same colour check with a Bucket Fill (in gimp also remember to set the threshold to 0 when filling) for anything hidden.
• Use the steganabara tool and amplify the LSB of the image sequentially to check for anything hidden. Remember to zoom in and also look at the borders of the image. If similar colours get amplified radically different data may be hidden there.
• There are tools such as stegdetect (only for JPG) , openstego , steghide and StegSpy that check for classical steganographical schemes
• Stegsolve (a simple jar) is also pretty useful to extract data (based on bitplanes) and analyze images. I have seen it in many ctf write-ups.
• https://github.com/RobinDavid/LSB-Steganography

Pixel color inverting example:

png_invert.py

import Image
if __name__ == '__main__':
	img = Image.open('input.png')
	in_pixels = list(img.getdata())
 	out_pixels = list()
 
	for i in range(len(in_pixels)):
		r = in_pixels[i][0]
		g = in_pixels[i][1]
		b = in_pixels[i][2]
		out_pixels.append( (255-r, 255-g, 255-b) )
 
	out_img = Image.new(img.mode, img.size)
	out_img.putdata(out_pixels)
	out_img.save("output_inverted.png", "PNG")

• Check the comments
• Load in any tool and check the frequency range and do a spectrum analysis.
• Use sonic-visualiser and look at the spectrogram for the entire file (both in log scale and linear scale) with a good color contrast scheme. Images can be hidden this way: http://wikiimage.tumblr.com/post/16585634006/a-spectrogram-of-windowlicker-reveals-a-spiral

• Check any metadata before the stream (comments, palette, etc)
• Extract individual frames and inspect each
• Inspect differentially: each frame with the next (using “compare”) or frame 0 with N, frame 1 with N-1 (by XORing or similar)
• Tamper with the palette to see movement of colors that are similar and indistinguishable originally