SlideShare a Scribd company logo

data hiding techniques.ppt

Download as ppt, pdf
M
Muzamil Amin

The document discusses various data hiding techniques used to conceal information, including: 1) Manipulating file attributes like filenames, extensions, and hidden properties. 2) Hiding partitions by deleting references in disk editors or using partition tools. 3) Marking disk clusters as "bad" to hide data in free space. 4) Bit-shifting to alter byte values and make files look like executable code. 5) Using steganography tools to hide data within image or text files by inserting digital watermarks.

Engineering
1 of 21
Downloaded 11 times
1
2
Most read
3
Most read
4
5
6
7
8
9
10
11
12
13
Most read
14
15
16
17
18
19
20
21
ADDRESSING DATA-HIDING TECHNIQUES PRESENTED BY:- Muzamil amin M.TECH CSE SUBJECT:- Cyber Forensics
Data Hiding  Data hiding involves changing or manipulating a file to conceal information. Data-hiding techniques include hiding entire partitions, changing file extensions, setting file attributes to hidden, bit-shifting, using encryption, and setting up password protection. Some of these techniques are discussed in the following sections.
Data-hiding Techniques  File manipulation  Filenames and extensions  Hidden property  Disk manipulation  Hidden partitions  Bad clusters  Encryption  Bit shifting  Steganography
Filenames and extensions Example: we will use a file with an extension of .jpg. The objective is to open this file in its native application.
 As we can be seen above, we encountered an error. Now, a typical user may say this file is corrupt and thus probably delete the file and move on. While that may be acceptable for the regular user, a forensics analyst would need to dig a little deeper.  To dig a little deeper, our shovel will be HxD Hexeditor. A point to note is that every file type has a header which can be used as a signature to identify the type of file. Similarly some file types have known trailers, which marks as the ending of the file. Considering this information, we can use the Internet to our advantage to learn about file extensions. To determine our actual file type we will rely on the work already done by https://www.garykessler.net/library/file_sigs.html.  Let’s open our file in Hx. Filenames and extensions (continued)
Filenames and extensions (continued)
 If we compare the first 6 bytes “7B 5C 72 74 66 31” to one of the known entries on garykessler.net, we can see that this file should have an extension of .rtf. In addition, if we look at the trailer we see that within the last 10 bytes, we have a 4 byte sequence “5C 70 61 72” that matches part of the .rtf extension. Let’s focus on the header and change the file to .rtf instead of .jpg.  The file extension can be changed by either renaming the file in “Windows Explorer” or by “ren securitynik.jpg securitynik.rtf” in the command prompt. Filenames and extensions (continued)
Hiding Partitions  Delete references to a partition using a disk editor such as Norton DiskEdit, this editor will delete any reference to it manually.  Re-create links for accessing it.  Use disk-partitioning utilities  GDisk  Partition Magic  System Commander  or Linux Grand Unified Bootloader (GRUB), which provides a startup menu where you can select an OS. The system then ignores other bootable partitions.  Account for all disk space when analyzing a disk
 For example, in the following code, Disk Manager recognizes the extended partition (labeled EXT DOS) as being 5381.1 MB (listed as Mbytes). The LOG DOS labels for partitions E through F indicate that they’re logical partitions that make up the extended partition. However, if you add the sizes of drives E and F, the result is only 5271.3 MB, which is your first clue to examine the disk more closely. The remaining 109.8 MB could be a previously deleted partition or a hidden partition. For this example, the following code shows the letter “H” to indicate a hidden partition. Hiding Partitions (continued)
Hiding Partitions (continued) In fig 1.1 you can see a hidden partition in Disk Manager, which shows it as an unknown partition. In addition, the drive letters in the visible partitions are nonconsecutive (drive I is skipped), which can be another clue that a hidden partition exists. Most skilled users would make sure this anomaly doesn’t occur, however. Figure 1.1 Viewing a hidden partition in Disk Manager
Hiding Partitions (continued) In ProDiscover, a hidden partition appears as the highest available drive letter set in the BIOS. Figure 1.2 shows four partitions, similar to Figure 1,1, except the hidden partition shows as the drive letter Z. To carve (or salvage) data from the recovered partition gap, you can use other computer forensics tools, such as FTK or WinHex. Figure 1.2 Viewing a hidden partition in ProDiscover
Marking Bad Clusters  Common with FAT systems.  Place sensitive information on free space.  Use a disk editor to mark space as a bad cluster  To mark a good cluster as bad using Norton Disk Edit  Type B in the FAT entry corresponding to that cluster
Bit-shifting  Old technique  Shift bit patterns to alter byte values of data  Make files look like binary executable code  Tool  Hex Workshop Bit-shifting changes data from readable code to data that looks like binary executable code. Hex Workshop includes a feature for shifting bits and altering byte patterns of entire files or specified data. To shift bits in a text file, follow these steps
Bit-shifting (continued) 1. Start Notepad, and in a text document, type TEST FILE. Test file is to see how shifting bits will alter the data in a file. 2. Save the file as test file.txt in your work folder, and exit Notepad. 3. Start Hex Workshop. Click File, Open from the menu. Navigate to your work folder, and then double-click test file.txt. Figure 3 shows the file open in Hex Workshop figure 3 test file.txt open in Hex Workshop
4. To set up Hex Workshop for the bit-shifting exercise, click Tools >> operations from the menu. 5. In the Customize dialog box, click the Data Operations check box, and then click OK. 6. Click the Shift Left button (<< icon) on the Data Operations toolbar. The Shift Left Operation dialog box opens (see Figure 4), where you specify how you want to treat the data, the ordering scheme to use for bytes, and whether you shift bits for selected text or the entire file. Figure 4 The Shift Left Operation dialog box Bit-shifting (continued)
7. Click OK to accept the default settings and shift the bits in test file.txt to the left. 8. Save the file as Bit_shift_left.txt in your work folder. Figure 5 shows the file in Hex Workshop, with the @ symbols indicating shifted bits. Figure 5 Viewing the shifted bits Bit-shifting (continued)
 9. To return the file to its original configuration, shift the bits back to the right by clicking the Shift Right button (>> icon) on the Data Operations toolbar. Click OK to accept the default settings in the Shift Right Operation dialog box. The file is displayed in its original format.  10. Save the file as Bit_shift_right.txt in your work folder, and leave Hex Workshop open for the next activity Bit-shifting (continued)
Using Steganography to Hide Data  Greek for “hidden writing”  Steganography tools were created to protect copy righted material  By inserting digital watermarks into a file.  EXAMPLE: to notify users that an image is copyrighted. The digital watermarks used for steganography aren’t usually visible, however, when you view the file in its usual application and might even be difficult to find with a disk editor. A non steganographic graphics file is the same size as an identical steganographic graphics file, and they look the same when you examine them in a graphics viewing utility, such as IrfanView. However, if you run an MD5 or SHA-1 hash comparison on both files, you’ll find that the hash values aren’t equal.
EXAMPLE:  To hide data, people can use steganography tools, many of which are freeware or shareware, to insert information into a variety of files. If you encrypt a plaintext file with PGP and insert the encrypted text into a steganography file, for example, cracking the encrypted message is extremely difficult. However, most steganography tools can insert only small amounts of data into a file and usually require a password to restrict access to the inserted data.  Suspect can hide information on image or text document files.  Very hard to spot without prior knowledge.  Tools: S-Tools, DPEnvelope, jpgx, and tte
REFRENCES  Text book: Guide to computer forensics and investigation by BILL NELSON,AMELIA PHILLIPS,AND CHRISTOPHER STEUART. Tools used Hex Editor https://www.hhdsoftware.com/free-hex-editor Hex Workshop Hex Editor (64 bit) http://www.hexworkshop.com/
data hiding techniques.ppt

More Related Content

What's hot (20)

PPTX
Processing Crimes and Incident Scenes
primeteacher32
 
PPTX
Issues in knowledge representation
Sravanthi Emani
 
PPTX
File system Os
Nehal Naik
 
PPTX
Computer forensics ppt
Nikhil Mashruwala
 
PPTX
Architecture of operating system
Supriya Kumari
 
PPT
Intrusion detection system ppt
Sheetal Verma
 
PPTX
Distributed file system
Anamika Singh
 
PPTX
Program security
Prachi Gulihar
 
PPT
TCP/IP Network ppt
extraganesh
 
PDF
State Space Representation and Search
Hitesh Mohapatra
 
PPTX
Inter Process Communication
Adeel Rasheed
 
PPTX
Steganography
Mayank Saxena
 
PPTX
E mail forensics
saddamhusain hadimani
 
PDF
Authentication techniques
IGZ Software house
 
PPTX
File allocation methods (1)
Dr. Jasmine Beulah Gnanadurai
 
PPTX
Paging and Segmentation in Operating System
Raj Mohan
 
PDF
Classical encryption techniques
Dr.Florence Dayana
 
PPTX
Computer forensics powerpoint presentation
Somya Johri
 
PDF
8 memory management strategies
Dr. Loganathan R
 
PPTX
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
Processing Crimes and Incident Scenes
primeteacher32
 
Issues in knowledge representation
Sravanthi Emani
 
File system Os
Nehal Naik
 
Computer forensics ppt
Nikhil Mashruwala
 
Architecture of operating system
Supriya Kumari
 
Intrusion detection system ppt
Sheetal Verma
 
Distributed file system
Anamika Singh
 
Program security
Prachi Gulihar
 
TCP/IP Network ppt
extraganesh
 
State Space Representation and Search
Hitesh Mohapatra
 
Inter Process Communication
Adeel Rasheed
 
Steganography
Mayank Saxena
 
E mail forensics
saddamhusain hadimani
 
Authentication techniques
IGZ Software house
 
File allocation methods (1)
Dr. Jasmine Beulah Gnanadurai
 
Paging and Segmentation in Operating System
Raj Mohan
 
Classical encryption techniques
Dr.Florence Dayana
 
Computer forensics powerpoint presentation
Somya Johri
 
8 memory management strategies
Dr. Loganathan R
 
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 

Similar to data hiding techniques.ppt (20)

PDF
How to erase private data permanently
Lisa Liao
 
DOCX
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
evonnehoggarth79783
 
PDF
Lab 1 Essay
Melissa Moore
 
PDF
Windows FTK Forensics.pdf
ssusere6dc9d
 
PDF
Description Of A Network Administrator
Gina Alfaro
 
PDF
UserGuideHDFS_FinalDocument
Anna Ellis
 
PPTX
File System Implementation & Linux Security
Geo Marian
 
PDF
SessionThree_IntroductionToVersionControlSystems
Hellen Gakuruh
 
DOCX
FTK report PART I Familiar with FTK ImagerBonus Exerc.docx
budbarber38650
 
PDF
data stage-material
Rajesh Kv
 
DOC
Tricks N Tips By Ravish Roshan
ravish roshan
 
DOCX
Examine Evidence PartitionsAnalysis of four small partitions ext.docx
cravennichole326
 
PDF
How to remove files safely from an HDD or SSD in Windows 10
Hetman Software
 
PPT
Latihan8 comp-forensic-bab5
sabtolinux
 
PDF
Sequential file programming patterns and performance with .net
Michael Pavlovsky
 
DOCX
SNAW-Assignment.docx
AbdulHafeez423332
 
PDF
File System Comparison on Linux Ubuntu
Jayesh Tambe
 
PDF
Degonto file management
Degonto Islam
 
PPSX
Management file and directory in linux
Zkre Saleh
 
PPTX
Chap52
dkd_woohoo
 
How to erase private data permanently
Lisa Liao
 
841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
evonnehoggarth79783
 
Lab 1 Essay
Melissa Moore
 
Windows FTK Forensics.pdf
ssusere6dc9d
 
Description Of A Network Administrator
Gina Alfaro
 
UserGuideHDFS_FinalDocument
Anna Ellis
 
File System Implementation & Linux Security
Geo Marian
 
SessionThree_IntroductionToVersionControlSystems
Hellen Gakuruh
 
FTK report PART I Familiar with FTK ImagerBonus Exerc.docx
budbarber38650
 
data stage-material
Rajesh Kv
 
Tricks N Tips By Ravish Roshan
ravish roshan
 
Examine Evidence PartitionsAnalysis of four small partitions ext.docx
cravennichole326
 
How to remove files safely from an HDD or SSD in Windows 10
Hetman Software
 
Latihan8 comp-forensic-bab5
sabtolinux
 
Sequential file programming patterns and performance with .net
Michael Pavlovsky
 
SNAW-Assignment.docx
AbdulHafeez423332
 
File System Comparison on Linux Ubuntu
Jayesh Tambe
 
Degonto file management
Degonto Islam
 
Management file and directory in linux
Zkre Saleh
 
Chap52
dkd_woohoo
 
Ad

Recently uploaded (20)

PPTX
Bharatiya Antariksh Hackathon 2025 Idea Submission PPT.pptx
AsadShad4
 
PPTX
Introduction to File Transfer Protocol with commands in FTP
BeulahS2
 
PDF
Module - 4 Machine Learning -22ISE62.pdf
Dr. Shivashankar
 
PDF
Decision support system in machine learning models for a face recognition-bas...
TELKOMNIKA JOURNAL
 
PPTX
Precooling and Refrigerated storage.pptx
ThongamSunita
 
PDF
Python Mini Project: Command-Line Quiz Game for School/College Students
MPREETHI7
 
PDF
Designing for Tomorrow – Architecture’s Role in the Sustainability Movement
BIM Services
 
PPTX
Kel.3_A_Review_on_Internet_of_Things_for_Defense_v3.pptx
Endang Saefullah
 
PDF
How to Buy Verified CashApp Accounts IN 2025
Buy Verified CashApp Accounts
 
PDF
13th International Conference of Security, Privacy and Trust Management (SPTM...
ijcisjournal
 
PDF
Plant Control_EST_85520-01_en_AllChanges_20220127.pdf
DarshanaChathuranga4
 
PPTX
Artificial Intelligence jejeiejj3iriejrjifirirjdjeie
VikingsGaming2
 
PPSX
OOPS Concepts in Python and Exception Handling
Dr. A. B. Shinde
 
PPTX
CST413 KTU S7 CSE Machine Learning Introduction Parameter Estimation MLE MAP ...
resming1
 
PPTX
CST413 KTU S7 CSE Machine Learning Neural Networks and Support Vector Machine...
resming1
 
PDF
01-introduction to the ProcessDesign.pdf
StiveBrack
 
PDF
Generative AI & Scientific Research : Catalyst for Innovation, Ethics & Impact
AlqualsaDIResearchGr
 
PDF
Clustering Algorithms - Kmeans,Min ALgorithm
Sharmila Chidaravalli
 
PPTX
Computer network Computer network Computer network Computer network
Shrikant317689
 
PPT
SF 9_Unit 1.ppt software engineering ppt
AmarrKannthh
 
Bharatiya Antariksh Hackathon 2025 Idea Submission PPT.pptx
AsadShad4
 
Introduction to File Transfer Protocol with commands in FTP
BeulahS2
 
Module - 4 Machine Learning -22ISE62.pdf
Dr. Shivashankar
 
Decision support system in machine learning models for a face recognition-bas...
TELKOMNIKA JOURNAL
 
Precooling and Refrigerated storage.pptx
ThongamSunita
 
Python Mini Project: Command-Line Quiz Game for School/College Students
MPREETHI7
 
Designing for Tomorrow – Architecture’s Role in the Sustainability Movement
BIM Services
 
Kel.3_A_Review_on_Internet_of_Things_for_Defense_v3.pptx
Endang Saefullah
 
How to Buy Verified CashApp Accounts IN 2025
Buy Verified CashApp Accounts
 
13th International Conference of Security, Privacy and Trust Management (SPTM...
ijcisjournal
 
Plant Control_EST_85520-01_en_AllChanges_20220127.pdf
DarshanaChathuranga4
 
Artificial Intelligence jejeiejj3iriejrjifirirjdjeie
VikingsGaming2
 
OOPS Concepts in Python and Exception Handling
Dr. A. B. Shinde
 
CST413 KTU S7 CSE Machine Learning Introduction Parameter Estimation MLE MAP ...
resming1
 
CST413 KTU S7 CSE Machine Learning Neural Networks and Support Vector Machine...
resming1
 
01-introduction to the ProcessDesign.pdf
StiveBrack
 
Generative AI & Scientific Research : Catalyst for Innovation, Ethics & Impact
AlqualsaDIResearchGr
 
Clustering Algorithms - Kmeans,Min ALgorithm
Sharmila Chidaravalli
 
Computer network Computer network Computer network Computer network
Shrikant317689
 
SF 9_Unit 1.ppt software engineering ppt
AmarrKannthh
 
Ad

data hiding techniques.ppt

  • 1. ADDRESSING DATA-HIDING TECHNIQUES PRESENTED BY:- Muzamil amin M.TECH CSE SUBJECT:- Cyber Forensics
  • 2. Data Hiding  Data hiding involves changing or manipulating a file to conceal information. Data-hiding techniques include hiding entire partitions, changing file extensions, setting file attributes to hidden, bit-shifting, using encryption, and setting up password protection. Some of these techniques are discussed in the following sections.
  • 3. Data-hiding Techniques  File manipulation  Filenames and extensions  Hidden property  Disk manipulation  Hidden partitions  Bad clusters  Encryption  Bit shifting  Steganography
  • 4. Filenames and extensions Example: we will use a file with an extension of .jpg. The objective is to open this file in its native application.
  • 5.  As we can be seen above, we encountered an error. Now, a typical user may say this file is corrupt and thus probably delete the file and move on. While that may be acceptable for the regular user, a forensics analyst would need to dig a little deeper.  To dig a little deeper, our shovel will be HxD Hexeditor. A point to note is that every file type has a header which can be used as a signature to identify the type of file. Similarly some file types have known trailers, which marks as the ending of the file. Considering this information, we can use the Internet to our advantage to learn about file extensions. To determine our actual file type we will rely on the work already done by https://www.garykessler.net/library/file_sigs.html.  Let’s open our file in Hx. Filenames and extensions (continued)
  • 7.  If we compare the first 6 bytes “7B 5C 72 74 66 31” to one of the known entries on garykessler.net, we can see that this file should have an extension of .rtf. In addition, if we look at the trailer we see that within the last 10 bytes, we have a 4 byte sequence “5C 70 61 72” that matches part of the .rtf extension. Let’s focus on the header and change the file to .rtf instead of .jpg.  The file extension can be changed by either renaming the file in “Windows Explorer” or by “ren securitynik.jpg securitynik.rtf” in the command prompt. Filenames and extensions (continued)
  • 8. Hiding Partitions  Delete references to a partition using a disk editor such as Norton DiskEdit, this editor will delete any reference to it manually.  Re-create links for accessing it.  Use disk-partitioning utilities  GDisk  Partition Magic  System Commander  or Linux Grand Unified Bootloader (GRUB), which provides a startup menu where you can select an OS. The system then ignores other bootable partitions.  Account for all disk space when analyzing a disk
  • 9.  For example, in the following code, Disk Manager recognizes the extended partition (labeled EXT DOS) as being 5381.1 MB (listed as Mbytes). The LOG DOS labels for partitions E through F indicate that they’re logical partitions that make up the extended partition. However, if you add the sizes of drives E and F, the result is only 5271.3 MB, which is your first clue to examine the disk more closely. The remaining 109.8 MB could be a previously deleted partition or a hidden partition. For this example, the following code shows the letter “H” to indicate a hidden partition. Hiding Partitions (continued)
  • 10. Hiding Partitions (continued) In fig 1.1 you can see a hidden partition in Disk Manager, which shows it as an unknown partition. In addition, the drive letters in the visible partitions are nonconsecutive (drive I is skipped), which can be another clue that a hidden partition exists. Most skilled users would make sure this anomaly doesn’t occur, however. Figure 1.1 Viewing a hidden partition in Disk Manager
  • 11. Hiding Partitions (continued) In ProDiscover, a hidden partition appears as the highest available drive letter set in the BIOS. Figure 1.2 shows four partitions, similar to Figure 1,1, except the hidden partition shows as the drive letter Z. To carve (or salvage) data from the recovered partition gap, you can use other computer forensics tools, such as FTK or WinHex. Figure 1.2 Viewing a hidden partition in ProDiscover
  • 12. Marking Bad Clusters  Common with FAT systems.  Place sensitive information on free space.  Use a disk editor to mark space as a bad cluster  To mark a good cluster as bad using Norton Disk Edit  Type B in the FAT entry corresponding to that cluster
  • 13. Bit-shifting  Old technique  Shift bit patterns to alter byte values of data  Make files look like binary executable code  Tool  Hex Workshop Bit-shifting changes data from readable code to data that looks like binary executable code. Hex Workshop includes a feature for shifting bits and altering byte patterns of entire files or specified data. To shift bits in a text file, follow these steps
  • 14. Bit-shifting (continued) 1. Start Notepad, and in a text document, type TEST FILE. Test file is to see how shifting bits will alter the data in a file. 2. Save the file as test file.txt in your work folder, and exit Notepad. 3. Start Hex Workshop. Click File, Open from the menu. Navigate to your work folder, and then double-click test file.txt. Figure 3 shows the file open in Hex Workshop figure 3 test file.txt open in Hex Workshop
  • 15. 4. To set up Hex Workshop for the bit-shifting exercise, click Tools >> operations from the menu. 5. In the Customize dialog box, click the Data Operations check box, and then click OK. 6. Click the Shift Left button (<< icon) on the Data Operations toolbar. The Shift Left Operation dialog box opens (see Figure 4), where you specify how you want to treat the data, the ordering scheme to use for bytes, and whether you shift bits for selected text or the entire file. Figure 4 The Shift Left Operation dialog box Bit-shifting (continued)
  • 16. 7. Click OK to accept the default settings and shift the bits in test file.txt to the left. 8. Save the file as Bit_shift_left.txt in your work folder. Figure 5 shows the file in Hex Workshop, with the @ symbols indicating shifted bits. Figure 5 Viewing the shifted bits Bit-shifting (continued)
  • 17.  9. To return the file to its original configuration, shift the bits back to the right by clicking the Shift Right button (>> icon) on the Data Operations toolbar. Click OK to accept the default settings in the Shift Right Operation dialog box. The file is displayed in its original format.  10. Save the file as Bit_shift_right.txt in your work folder, and leave Hex Workshop open for the next activity Bit-shifting (continued)
  • 18. Using Steganography to Hide Data  Greek for “hidden writing”  Steganography tools were created to protect copy righted material  By inserting digital watermarks into a file.  EXAMPLE: to notify users that an image is copyrighted. The digital watermarks used for steganography aren’t usually visible, however, when you view the file in its usual application and might even be difficult to find with a disk editor. A non steganographic graphics file is the same size as an identical steganographic graphics file, and they look the same when you examine them in a graphics viewing utility, such as IrfanView. However, if you run an MD5 or SHA-1 hash comparison on both files, you’ll find that the hash values aren’t equal.
  • 19. EXAMPLE:  To hide data, people can use steganography tools, many of which are freeware or shareware, to insert information into a variety of files. If you encrypt a plaintext file with PGP and insert the encrypted text into a steganography file, for example, cracking the encrypted message is extremely difficult. However, most steganography tools can insert only small amounts of data into a file and usually require a password to restrict access to the inserted data.  Suspect can hide information on image or text document files.  Very hard to spot without prior knowledge.  Tools: S-Tools, DPEnvelope, jpgx, and tte
  • 20. REFRENCES  Text book: Guide to computer forensics and investigation by BILL NELSON,AMELIA PHILLIPS,AND CHRISTOPHER STEUART. Tools used Hex Editor https://www.hhdsoftware.com/free-hex-editor Hex Workshop Hex Editor (64 bit) http://www.hexworkshop.com/