Data hiding in the NTFS file system

Ewa Z. Huebner, Derek Bem, Cheong Kai Wee

    Research output: Contribution to journalArticle

    47 Citations (Scopus)

    Abstract

    In this paper we examine the methods of hiding data in the NTFS file system. Further we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. We focus on sophisticated data hiding where the goal is to prevent detection by forensic analysis. Obvious data hiding techniques, for example setting the hidden attribute of a file, will not be included. Hidden data can be further obfuscated by file system independent approaches like data encryption and steganography. This paper is only concerned with the methods which are made possible by the structure of the NTFS file system, and with the recovery of hidden data, not its interpretation.
    Original languageEnglish
    Pages (from-to)211-226
    JournalDigital Investigation
    Volume3
    Issue number4
    DOIs
    Publication statusPublished - 2006

    Keywords

    • ADS
    • NTFS
    • analysis techniques
    • data hiding

    Fingerprint

    Dive into the research topics of 'Data hiding in the NTFS file system'. Together they form a unique fingerprint.

    Cite this