Evading Disk Investigation and Forensics using a Cluster-Based Covert Channel
نویسندگان
چکیده
Contemporary storage-based information hiding methods support plausible deniability by embedding encrypted information among bulk random content. Since the presence of random data is easily detected, these schemes facilitate plausible deniability by enabling disclosure of less sensitive information whilst concealing the existance of some other information. We propose a covert channel on storage media in which information is embedded by modifying the fragmentation patterns in the cluster distribution of an existing file. As opposed to existing schemes, the proposed covert channel does not require storage of any additional information on the filesystem. Since fragmentation also occurs through normal usage of a filesystem, our proposed channel allows one to conceal the very existence of hidden data, and consequently is the first storage-based covert channel to support an additional layer of two-fold plausible deniability.
منابع مشابه
Information Leakage via Protocol-Based Covert Channels: Detection, Automation, and Applications
With the emergence of computers in every day activities and with the ever-growing complexity of networks and network communication protocols, covert channels are becoming an eminent threat to the confidentiality of information. In light of this threat, we propose a technique to detect confidential information leakage via covert channels. Although several works examine covert channel detection a...
متن کاملDigital Village Hal Berghel Hiding Data , Forensics , and Anti - Forensics Delving
Data hiding has been with us as long as there have been digital computers and networks. Some readers of this column might be old enough to remember data hiding on tracks above 80 of the ubiquitous 5-1/4inch double-sided, double-density floppy disks in the late 1970s. It was not uncommon to store a program key on the upper regions of the disk for copy protection of PC software. The simplicity of...
متن کاملImproving Hard Disk Contention-based Covert Channel in Cloud Computing Environment
Steganographic methods allow the covert exchange of secret data between parties aware of the procedure. The cloud computing environment is a new and hot target for steganographers, and currently not many solutions have been proposed. This paper proposes CloudSteg which is a steganographic method that allows the creation of a covert channel based on hard disk contention between the two cloud ins...
متن کاملطراحی و ارزیابی روش کدگذاری ترکیبی برای کانال پوششی زمانبندیدار در شبکه اینترنت
Covert channel means communicating information through covering of overt and authorized channel in a manner that existence of channel to be hidden. In network covert timing channels that use timing features of transmission packets to modulating covert information, the appropriate encoding schema is very important. In this paper, a hybrid encoding schema proposed through combining "the inter-pac...
متن کاملAudit: Automated Disk Investigation Toolkit
Software tools designed for disk analysis play a critical role today in forensics investigations. However, these digital forensics tools are often difficult to use, usually task specific, and generally require professionally trained users with IT backgrounds. The relevant tools are also often open source requiring additional technical knowledge and proper configuration. This makes it difficult ...
متن کامل