Authors: Knut Eckstein (NATO NC3A), Marko Jahnke (FGAN/FKIE Germany)
DFRWS USA 2005
Abstract
Data hiding is one technique by which system perpetrators store information while reducing the risk of being detected by system administrators. The first major section of this article structures and compares existing data hiding methods for UNIX file systems in terms of usability and countermeasures. It discusses variant techniques related to advanced file systems. The second section proposes a new technique that stores substantial amounts of data inside journaling file systems in a robust fashion with low detectability, which is demonstrated by means of a proof-ofconcept implementation for the ext3 journaling file system.