SlideShare a Scribd company logo

data hiding techniques.ppt

Download as PPT, PDF
M
Muzamil Amin

data hiding techniques in cyber forensics

Engineering
1 of 21
ADDRESSING DATA-HIDING TECHNIQUES PRESENTED BY:- Muzamil amin M.TECH CSE SUBJECT:- Cyber Forensics
Data Hiding  Data hiding involves changing or manipulating a file to conceal information. Data-hiding techniques include hiding entire partitions, changing file extensions, setting file attributes to hidden, bit-shifting, using encryption, and setting up password protection. Some of these techniques are discussed in the following sections.
Data-hiding Techniques  File manipulation  Filenames and extensions  Hidden property  Disk manipulation  Hidden partitions  Bad clusters  Encryption  Bit shifting  Steganography
Filenames and extensions Example: we will use a file with an extension of .jpg. The objective is to open this file in its native application.
 As we can be seen above, we encountered an error. Now, a typical user may say this file is corrupt and thus probably delete the file and move on. While that may be acceptable for the regular user, a forensics analyst would need to dig a little deeper.  To dig a little deeper, our shovel will be HxD Hexeditor. A point to note is that every file type has a header which can be used as a signature to identify the type of file. Similarly some file types have known trailers, which marks as the ending of the file. Considering this information, we can use the Internet to our advantage to learn about file extensions. To determine our actual file type we will rely on the work already done by https://www.garykessler.net/library/file_sigs.html.  Let’s open our file in Hx. Filenames and extensions (continued)
Filenames and extensions (continued)
 If we compare the first 6 bytes “7B 5C 72 74 66 31” to one of the known entries on garykessler.net, we can see that this file should have an extension of .rtf. In addition, if we look at the trailer we see that within the last 10 bytes, we have a 4 byte sequence “5C 70 61 72” that matches part of the .rtf extension. Let’s focus on the header and change the file to .rtf instead of .jpg.  The file extension can be changed by either renaming the file in “Windows Explorer” or by “ren securitynik.jpg securitynik.rtf” in the command prompt. Filenames and extensions (continued)
Hiding Partitions  Delete references to a partition using a disk editor such as Norton DiskEdit, this editor will delete any reference to it manually.  Re-create links for accessing it.  Use disk-partitioning utilities  GDisk  Partition Magic  System Commander  or Linux Grand Unified Bootloader (GRUB), which provides a startup menu where you can select an OS. The system then ignores other bootable partitions.  Account for all disk space when analyzing a disk
 For example, in the following code, Disk Manager recognizes the extended partition (labeled EXT DOS) as being 5381.1 MB (listed as Mbytes). The LOG DOS labels for partitions E through F indicate that they’re logical partitions that make up the extended partition. However, if you add the sizes of drives E and F, the result is only 5271.3 MB, which is your first clue to examine the disk more closely. The remaining 109.8 MB could be a previously deleted partition or a hidden partition. For this example, the following code shows the letter “H” to indicate a hidden partition. Hiding Partitions (continued)
Hiding Partitions (continued) In fig 1.1 you can see a hidden partition in Disk Manager, which shows it as an unknown partition. In addition, the drive letters in the visible partitions are nonconsecutive (drive I is skipped), which can be another clue that a hidden partition exists. Most skilled users would make sure this anomaly doesn’t occur, however. Figure 1.1 Viewing a hidden partition in Disk Manager
Hiding Partitions (continued) In ProDiscover, a hidden partition appears as the highest available drive letter set in the BIOS. Figure 1.2 shows four partitions, similar to Figure 1,1, except the hidden partition shows as the drive letter Z. To carve (or salvage) data from the recovered partition gap, you can use other computer forensics tools, such as FTK or WinHex. Figure 1.2 Viewing a hidden partition in ProDiscover
Marking Bad Clusters  Common with FAT systems.  Place sensitive information on free space.  Use a disk editor to mark space as a bad cluster  To mark a good cluster as bad using Norton Disk Edit  Type B in the FAT entry corresponding to that cluster
Bit-shifting  Old technique  Shift bit patterns to alter byte values of data  Make files look like binary executable code  Tool  Hex Workshop Bit-shifting changes data from readable code to data that looks like binary executable code. Hex Workshop includes a feature for shifting bits and altering byte patterns of entire files or specified data. To shift bits in a text file, follow these steps
Bit-shifting (continued) 1. Start Notepad, and in a text document, type TEST FILE. Test file is to see how shifting bits will alter the data in a file. 2. Save the file as test file.txt in your work folder, and exit Notepad. 3. Start Hex Workshop. Click File, Open from the menu. Navigate to your work folder, and then double-click test file.txt. Figure 3 shows the file open in Hex Workshop figure 3 test file.txt open in Hex Workshop
4. To set up Hex Workshop for the bit-shifting exercise, click Tools >> operations from the menu. 5. In the Customize dialog box, click the Data Operations check box, and then click OK. 6. Click the Shift Left button (<< icon) on the Data Operations toolbar. The Shift Left Operation dialog box opens (see Figure 4), where you specify how you want to treat the data, the ordering scheme to use for bytes, and whether you shift bits for selected text or the entire file. Figure 4 The Shift Left Operation dialog box Bit-shifting (continued)
7. Click OK to accept the default settings and shift the bits in test file.txt to the left. 8. Save the file as Bit_shift_left.txt in your work folder. Figure 5 shows the file in Hex Workshop, with the @ symbols indicating shifted bits. Figure 5 Viewing the shifted bits Bit-shifting (continued)
 9. To return the file to its original configuration, shift the bits back to the right by clicking the Shift Right button (>> icon) on the Data Operations toolbar. Click OK to accept the default settings in the Shift Right Operation dialog box. The file is displayed in its original format.  10. Save the file as Bit_shift_right.txt in your work folder, and leave Hex Workshop open for the next activity Bit-shifting (continued)
Using Steganography to Hide Data  Greek for “hidden writing”  Steganography tools were created to protect copy righted material  By inserting digital watermarks into a file.  EXAMPLE: to notify users that an image is copyrighted. The digital watermarks used for steganography aren’t usually visible, however, when you view the file in its usual application and might even be difficult to find with a disk editor. A non steganographic graphics file is the same size as an identical steganographic graphics file, and they look the same when you examine them in a graphics viewing utility, such as IrfanView. However, if you run an MD5 or SHA-1 hash comparison on both files, you’ll find that the hash values aren’t equal.
EXAMPLE:  To hide data, people can use steganography tools, many of which are freeware or shareware, to insert information into a variety of files. If you encrypt a plaintext file with PGP and insert the encrypted text into a steganography file, for example, cracking the encrypted message is extremely difficult. However, most steganography tools can insert only small amounts of data into a file and usually require a password to restrict access to the inserted data.  Suspect can hide information on image or text document files.  Very hard to spot without prior knowledge.  Tools: S-Tools, DPEnvelope, jpgx, and tte
REFRENCES  Text book: Guide to computer forensics and investigation by BILL NELSON,AMELIA PHILLIPS,AND CHRISTOPHER STEUART. Tools used Hex Editor https://www.hhdsoftware.com/free-hex-editor Hex Workshop Hex Editor (64 bit) http://www.hexworkshop.com/
data hiding techniques.ppt

Recommended

computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeDhrumil Panchal
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation Jyothishmathi Institute of Technology and Science Karimnagar
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
 

Recommended

computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeDhrumil Panchal
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation Jyothishmathi Institute of Technology and Science Karimnagar
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigationOnline
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsN.Jagadish Kumar
 
Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Jyothishmathi Institute of Technology and Science Karimnagar
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detectionVikrant Arya
 
Data leakage detection
Data leakage detection Data leakage detection
Data leakage detection Suveeksha
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsOllie Whitehouse
 
How to erase private data permanently
How to erase private data permanentlyHow to erase private data permanently
How to erase private data permanentlyLisa Liao
 
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docxevonnehoggarth79783
 

More Related Content

What's hot

E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigationOnline
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsN.Jagadish Kumar
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detectionVikrant Arya
 
Data leakage detection
Data leakage detection Data leakage detection
Data leakage detection Suveeksha
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsOllie Whitehouse
 

What's hot (20)

Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigation
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Understanding computer investigation
Understanding computer investigationUnderstanding computer investigation
Understanding computer investigation
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection tools
 
Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Initial Response and Forensic Duplication
Initial Response and Forensic Duplication
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detection
 
Data leakage detection
Data leakage detection Data leakage detection
Data leakage detection
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber Forensics
 

Similar to data hiding techniques.ppt

How to erase private data permanently
How to erase private data permanentlyHow to erase private data permanently
How to erase private data permanentlyLisa Liao
 
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docxevonnehoggarth79783
 
Windows FTK Forensics.pdf
Windows FTK Forensics.pdfWindows FTK Forensics.pdf
Windows FTK Forensics.pdfssusere6dc9d
 
Description Of A Network Administrator
Description Of A Network AdministratorDescription Of A Network Administrator
Description Of A Network AdministratorGina Alfaro
 
UserGuideHDFS_FinalDocument
UserGuideHDFS_FinalDocumentUserGuideHDFS_FinalDocument
UserGuideHDFS_FinalDocumentAnna Ellis
 
File System Implementation & Linux Security
File System Implementation & Linux SecurityFile System Implementation & Linux Security
File System Implementation & Linux SecurityGeo Marian
 
SessionThree_IntroductionToVersionControlSystems
SessionThree_IntroductionToVersionControlSystemsSessionThree_IntroductionToVersionControlSystems
SessionThree_IntroductionToVersionControlSystemsHellen Gakuruh
 
FTK report PART I Familiar with FTK ImagerBonus Exerc.docx
FTK report PART I Familiar with FTK ImagerBonus Exerc.docxFTK report PART I Familiar with FTK ImagerBonus Exerc.docx
FTK report PART I Familiar with FTK ImagerBonus Exerc.docxbudbarber38650
 
data stage-material
data stage-materialdata stage-material
data stage-materialRajesh Kv
 
Tricks N Tips By Ravish Roshan
Tricks N Tips By Ravish RoshanTricks N Tips By Ravish Roshan
Tricks N Tips By Ravish Roshanravish roshan
 
Examine Evidence PartitionsAnalysis of four small partitions ext.docx
Examine Evidence PartitionsAnalysis of four small partitions ext.docxExamine Evidence PartitionsAnalysis of four small partitions ext.docx
Examine Evidence PartitionsAnalysis of four small partitions ext.docxcravennichole326
 
How to remove files safely from an HDD or SSD in Windows 10
How to remove files safely from an HDD or SSD in Windows 10How to remove files safely from an HDD or SSD in Windows 10
How to remove files safely from an HDD or SSD in Windows 10Hetman Software
 
Latihan8 comp-forensic-bab5
Latihan8 comp-forensic-bab5Latihan8 comp-forensic-bab5
Latihan8 comp-forensic-bab5sabtolinux
 
Sequential file programming patterns and performance with .net
Sequential file programming patterns and performance with .netSequential file programming patterns and performance with .net
Sequential file programming patterns and performance with .netMichael Pavlovsky
 
File System Comparison on Linux Ubuntu
File System Comparison on Linux UbuntuFile System Comparison on Linux Ubuntu
File System Comparison on Linux UbuntuJayesh Tambe
 
Degonto file management
Degonto file managementDegonto file management
Degonto file managementDegonto Islam
 
Management file and directory in linux
Management file and directory in linuxManagement file and directory in linux
Management file and directory in linuxZkre Saleh
 

Similar to data hiding techniques.ppt (20)

How to erase private data permanently
How to erase private data permanentlyHow to erase private data permanently
How to erase private data permanently
 
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
 
Lab 1 Essay
Lab 1 EssayLab 1 Essay
Lab 1 Essay
 
Windows FTK Forensics.pdf
Windows FTK Forensics.pdfWindows FTK Forensics.pdf
Windows FTK Forensics.pdf
 
Description Of A Network Administrator
Description Of A Network AdministratorDescription Of A Network Administrator
Description Of A Network Administrator
 
UserGuideHDFS_FinalDocument
UserGuideHDFS_FinalDocumentUserGuideHDFS_FinalDocument
UserGuideHDFS_FinalDocument
 
File System Implementation & Linux Security
File System Implementation & Linux SecurityFile System Implementation & Linux Security
File System Implementation & Linux Security
 
SessionThree_IntroductionToVersionControlSystems
SessionThree_IntroductionToVersionControlSystemsSessionThree_IntroductionToVersionControlSystems
SessionThree_IntroductionToVersionControlSystems
 
FTK report PART I Familiar with FTK ImagerBonus Exerc.docx
FTK report PART I Familiar with FTK ImagerBonus Exerc.docxFTK report PART I Familiar with FTK ImagerBonus Exerc.docx
FTK report PART I Familiar with FTK ImagerBonus Exerc.docx
 
data stage-material
data stage-materialdata stage-material
data stage-material
 
Tricks N Tips By Ravish Roshan
Tricks N Tips By Ravish RoshanTricks N Tips By Ravish Roshan
Tricks N Tips By Ravish Roshan
 
Examine Evidence PartitionsAnalysis of four small partitions ext.docx
Examine Evidence PartitionsAnalysis of four small partitions ext.docxExamine Evidence PartitionsAnalysis of four small partitions ext.docx
Examine Evidence PartitionsAnalysis of four small partitions ext.docx
 
How to remove files safely from an HDD or SSD in Windows 10
How to remove files safely from an HDD or SSD in Windows 10How to remove files safely from an HDD or SSD in Windows 10
How to remove files safely from an HDD or SSD in Windows 10
 
Latihan8 comp-forensic-bab5
Latihan8 comp-forensic-bab5Latihan8 comp-forensic-bab5
Latihan8 comp-forensic-bab5
 
Sequential file programming patterns and performance with .net
Sequential file programming patterns and performance with .netSequential file programming patterns and performance with .net
Sequential file programming patterns and performance with .net
 
SNAW-Assignment.docx
SNAW-Assignment.docxSNAW-Assignment.docx
SNAW-Assignment.docx
 
File System Comparison on Linux Ubuntu
File System Comparison on Linux UbuntuFile System Comparison on Linux Ubuntu
File System Comparison on Linux Ubuntu
 
Degonto file management
Degonto file managementDegonto file management
Degonto file management
 
Management file and directory in linux
Management file and directory in linuxManagement file and directory in linux
Management file and directory in linux
 
Chap52
Chap52Chap52
Chap52
 

Recently uploaded

Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZTE
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAbhinavSharma374939
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 

Recently uploaded (20)

Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog Converter
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 

data hiding techniques.ppt

  • 1. ADDRESSING DATA-HIDING TECHNIQUES PRESENTED BY:- Muzamil amin M.TECH CSE SUBJECT:- Cyber Forensics
  • 2. Data Hiding  Data hiding involves changing or manipulating a file to conceal information. Data-hiding techniques include hiding entire partitions, changing file extensions, setting file attributes to hidden, bit-shifting, using encryption, and setting up password protection. Some of these techniques are discussed in the following sections.
  • 3. Data-hiding Techniques  File manipulation  Filenames and extensions  Hidden property  Disk manipulation  Hidden partitions  Bad clusters  Encryption  Bit shifting  Steganography
  • 4. Filenames and extensions Example: we will use a file with an extension of .jpg. The objective is to open this file in its native application.
  • 5.  As we can be seen above, we encountered an error. Now, a typical user may say this file is corrupt and thus probably delete the file and move on. While that may be acceptable for the regular user, a forensics analyst would need to dig a little deeper.  To dig a little deeper, our shovel will be HxD Hexeditor. A point to note is that every file type has a header which can be used as a signature to identify the type of file. Similarly some file types have known trailers, which marks as the ending of the file. Considering this information, we can use the Internet to our advantage to learn about file extensions. To determine our actual file type we will rely on the work already done by https://www.garykessler.net/library/file_sigs.html.  Let’s open our file in Hx. Filenames and extensions (continued)
  • 7.  If we compare the first 6 bytes “7B 5C 72 74 66 31” to one of the known entries on garykessler.net, we can see that this file should have an extension of .rtf. In addition, if we look at the trailer we see that within the last 10 bytes, we have a 4 byte sequence “5C 70 61 72” that matches part of the .rtf extension. Let’s focus on the header and change the file to .rtf instead of .jpg.  The file extension can be changed by either renaming the file in “Windows Explorer” or by “ren securitynik.jpg securitynik.rtf” in the command prompt. Filenames and extensions (continued)
  • 8. Hiding Partitions  Delete references to a partition using a disk editor such as Norton DiskEdit, this editor will delete any reference to it manually.  Re-create links for accessing it.  Use disk-partitioning utilities  GDisk  Partition Magic  System Commander  or Linux Grand Unified Bootloader (GRUB), which provides a startup menu where you can select an OS. The system then ignores other bootable partitions.  Account for all disk space when analyzing a disk
  • 9.  For example, in the following code, Disk Manager recognizes the extended partition (labeled EXT DOS) as being 5381.1 MB (listed as Mbytes). The LOG DOS labels for partitions E through F indicate that they’re logical partitions that make up the extended partition. However, if you add the sizes of drives E and F, the result is only 5271.3 MB, which is your first clue to examine the disk more closely. The remaining 109.8 MB could be a previously deleted partition or a hidden partition. For this example, the following code shows the letter “H” to indicate a hidden partition. Hiding Partitions (continued)
  • 10. Hiding Partitions (continued) In fig 1.1 you can see a hidden partition in Disk Manager, which shows it as an unknown partition. In addition, the drive letters in the visible partitions are nonconsecutive (drive I is skipped), which can be another clue that a hidden partition exists. Most skilled users would make sure this anomaly doesn’t occur, however. Figure 1.1 Viewing a hidden partition in Disk Manager
  • 11. Hiding Partitions (continued) In ProDiscover, a hidden partition appears as the highest available drive letter set in the BIOS. Figure 1.2 shows four partitions, similar to Figure 1,1, except the hidden partition shows as the drive letter Z. To carve (or salvage) data from the recovered partition gap, you can use other computer forensics tools, such as FTK or WinHex. Figure 1.2 Viewing a hidden partition in ProDiscover
  • 12. Marking Bad Clusters  Common with FAT systems.  Place sensitive information on free space.  Use a disk editor to mark space as a bad cluster  To mark a good cluster as bad using Norton Disk Edit  Type B in the FAT entry corresponding to that cluster
  • 13. Bit-shifting  Old technique  Shift bit patterns to alter byte values of data  Make files look like binary executable code  Tool  Hex Workshop Bit-shifting changes data from readable code to data that looks like binary executable code. Hex Workshop includes a feature for shifting bits and altering byte patterns of entire files or specified data. To shift bits in a text file, follow these steps
  • 14. Bit-shifting (continued) 1. Start Notepad, and in a text document, type TEST FILE. Test file is to see how shifting bits will alter the data in a file. 2. Save the file as test file.txt in your work folder, and exit Notepad. 3. Start Hex Workshop. Click File, Open from the menu. Navigate to your work folder, and then double-click test file.txt. Figure 3 shows the file open in Hex Workshop figure 3 test file.txt open in Hex Workshop
  • 15. 4. To set up Hex Workshop for the bit-shifting exercise, click Tools >> operations from the menu. 5. In the Customize dialog box, click the Data Operations check box, and then click OK. 6. Click the Shift Left button (<< icon) on the Data Operations toolbar. The Shift Left Operation dialog box opens (see Figure 4), where you specify how you want to treat the data, the ordering scheme to use for bytes, and whether you shift bits for selected text or the entire file. Figure 4 The Shift Left Operation dialog box Bit-shifting (continued)
  • 16. 7. Click OK to accept the default settings and shift the bits in test file.txt to the left. 8. Save the file as Bit_shift_left.txt in your work folder. Figure 5 shows the file in Hex Workshop, with the @ symbols indicating shifted bits. Figure 5 Viewing the shifted bits Bit-shifting (continued)
  • 17.  9. To return the file to its original configuration, shift the bits back to the right by clicking the Shift Right button (>> icon) on the Data Operations toolbar. Click OK to accept the default settings in the Shift Right Operation dialog box. The file is displayed in its original format.  10. Save the file as Bit_shift_right.txt in your work folder, and leave Hex Workshop open for the next activity Bit-shifting (continued)
  • 18. Using Steganography to Hide Data  Greek for “hidden writing”  Steganography tools were created to protect copy righted material  By inserting digital watermarks into a file.  EXAMPLE: to notify users that an image is copyrighted. The digital watermarks used for steganography aren’t usually visible, however, when you view the file in its usual application and might even be difficult to find with a disk editor. A non steganographic graphics file is the same size as an identical steganographic graphics file, and they look the same when you examine them in a graphics viewing utility, such as IrfanView. However, if you run an MD5 or SHA-1 hash comparison on both files, you’ll find that the hash values aren’t equal.
  • 19. EXAMPLE:  To hide data, people can use steganography tools, many of which are freeware or shareware, to insert information into a variety of files. If you encrypt a plaintext file with PGP and insert the encrypted text into a steganography file, for example, cracking the encrypted message is extremely difficult. However, most steganography tools can insert only small amounts of data into a file and usually require a password to restrict access to the inserted data.  Suspect can hide information on image or text document files.  Very hard to spot without prior knowledge.  Tools: S-Tools, DPEnvelope, jpgx, and tte
  • 20. REFRENCES  Text book: Guide to computer forensics and investigation by BILL NELSON,AMELIA PHILLIPS,AND CHRISTOPHER STEUART. Tools used Hex Editor https://www.hhdsoftware.com/free-hex-editor Hex Workshop Hex Editor (64 bit) http://www.hexworkshop.com/