.

Hiding data

<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Jul 01, 2012 12:09 pm

Hiding data

Hello all,

After a recent college class (online) about computer forensics, they discussed how evidence can be hidden on a PC nd discovered, but they didnt go into how to hide the data. I am familiar with tools that hide data in files, but I would be interested in learning how to hide data in a hidden partition, or  slack space, ect. anyone know of any resources for learning how to do this? I've heard that you can create a partition, add the data, then delete the partition, but that sounds like the premises for deleting files, while the data is still there, it could be overwritten...
sectestanalysis.blogspot.com/‎
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Sun Jul 01, 2012 1:32 pm

Re: Hiding data

Hey sephstorm,If u using windows u already know every partition in computer has a letter c: d: and... So u can use disk manager to remove the partition's letter and make it hidden
www.windows.microsoft.com/en-us/windows ... ive-letter
But its better to encrypt data with truecrypt its more secure and trustable.
Last edited by cyber.spirit on Sun Jul 01, 2012 1:44 pm, edited 1 time in total.
ICS Academy Network Security Certified
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Sun Jul 01, 2012 1:48 pm

Re: Hiding data

Take a look at alternate data streams

http://www.irongeek.com/i.php?page=security/altds
<<

Joshsevo

User avatar

Sr. Member
Sr. Member

Posts: 281

Joined: Tue Dec 29, 2009 11:00 pm

Post Sun Jul 01, 2012 4:17 pm

Re: Hiding data

Alternate data streams.  We learned how to do them in a gov class I took.  You can use a .txt file let's say and save it and alter it somehow...by adding more text to it.. and the file size nor the file itself shows up.  It's pretty tricky.
Security+, Network+, C|EH, CHFI, CPT
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Mon Jul 02, 2012 1:50 am

Re: Hiding data

Hi all, thanks for the replies. First, when it comes to encryption, its a good solution, with one main fault, you can immediately tell that someone is trying to hide something. I remember EFS used to turn the folder title green. Much more subtle is having a hidden folder with no name and a background color icon...

ADS, I remember seeing a few articles about them a while ago, i'll have to look into it. What might be good is to combine all of the above, make an document, add the data on an ADS, encrypt it, and put it on a unallocated drive.
sectestanalysis.blogspot.com/‎
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Mon Jul 02, 2012 1:20 pm

Re: Hiding data

SephStorm wrote:I remember EFS used to turn the folder title green. Much more subtle is having a hidden folder with no name and a background color icon..

No do not use efs because u may lose data even if u take backup of file's certificate. As i said use truecrypt its free and awsome.
ICS Academy Network Security Certified
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Mon Jul 02, 2012 2:24 pm

Re: Hiding data

Check out Volume Shadow Copies as well...


http://www.securitytube.net/video/3767
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+

Return to Forensics

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software