written 6.6 years ago by |
Data hiding involves changing or manipulating a file to conceal information.
Data-hiding techniques include:
Hiding Partitions • We can create a partition and then hide it using a disk editor.
• We can get access to hidden partitions using tools such as: GDisk, PartitionMagic, System Commander, and LILO.
• We should account for all disk space when analyzing a disk. Windows creates a partition gap between partitions automatically; however, we might find a gap that’s larger than it should be.
Marking Bad Clusters
• One data-hiding technique is placing sensitive or incriminating data in free space on disk partition clusters. This method is more common in FAT file systems.
• This technique involves using a disk editor, such as Norton DiskEdit, to mark good clusters as bad clusters.
• The OS then considers these clusters unusable.
• The only way they can be accessed from the OS is by changing them to good clusters with a disk editor.
• To mark a good cluster as bad using Norton Disk Edit, we type the letter B in the FAT entry corresponding to that cluster.
• We can then use any DOS disk editor to write and read data to this cluster, which is effectively hidden because it appears as bad to the OS.
Bit-Shifting
• Bit-shifting is an old technique that shifts bit patterns to alter byte values of data and makes files look like binary executable code.
• A well-known technique for hiding data is shifting bit patterns to alter the byte values of data.
• Bit-shifting changes data from readable code to data that looks like binary executable code.
• Hex Workshop includes a feature for shifting bits and altering byte patterns of entire files or specified data. To shift bits in a text file, follow these steps:
Create a file in Notepad and Save it as Bit_shift.txt.
Start Hex Workshop and open the file Bit_shift.txt from the menu.
To set up Hex Workshop for the bit-shifting exercise, click Options, Toolbars from the menu.
In the Customize dialog box, click the Data Operations check box, and then click OK.
Click the Shift Left button (<< icon) on the Data Operations toolbar. The Shift Left Operation dialog box opens, where we specify how we want to treat the data, the ordering scheme to use for bytes, and whether we shift bits for selected text or the entire file.
Click OK to accept the default settings and shift the bits in Bit_shift.txt to the left