Hello all,

After a recent college class (online) about computer forensics, they discussed how evidence can be hidden on a PC nd discovered, but they didnt go into how to hide the data. I am familiar with tools that hide data in files, but I would be interested in learning how to hide data in a hidden partition, or  slack space, ect. anyone know of any resources for learning how to do this? I've heard that you can create a partition, add the data, then delete the partition, but that sounds like the premises for deleting files, while the data is still there, it could be overwritten...

Take a look at alternate data streams

http://www.irongeek.com/i.php?page=security/altds

Hi all, thanks for the replies. First, when it comes to encryption, its a good solution, with one main fault, you can immediately tell that someone is trying to hide something. I remember EFS used to turn the folder title green. Much more subtle is having a hidden folder with no name and a background color icon...

ADS, I remember seeing a few articles about them a while ago, i'll have to look into it. What might be good is to combine all of the above, make an document, add the data on an ADS, encrypt it, and put it on a unallocated drive.

Check out Volume Shadow Copies as well...


http://www.securitytube.net/video/3767