Any programs that hide information in disk sectors by marking the sectors as bad???

sureish · December 2013

Hi,

I am new to this forum. I am currently doing my Masters in Forensics. I am doing a analysis in fake bad sectors which are used for hiding information.

Currently is there any automated tools or programs available for creating fake bad sectors and hiding the information or it needs to be done manually...

Thanks in Advance

veritas_libertas · December 2013

Now that is clever. What university are you attending?

Asif Dasl · December 2013

My first thought is that this is security through obscurity (which doesn't work).. programs like SpinRite can test bad sectors for information and move it to a non bad sector. It would be far safer to encrypt the data using the strongest available method - something like TrueCrypt would do the job perfect.

Here is two links that might be useful to you though:
http://www.davidverhasselt.com/2009/04/22/hide-data-in-bad-blocks/

http://www.berghel.net/publications/data_hiding/data_hiding.php

ratbuddy · December 2013

This thread brings back memories. The Form virus used to hide in sectors it marked as bad. Ruined quite a few floppies before I figured out what was going on.

veritas_libertas · December 2013

Just because it's hidden in bad sector doesn't mean it is clear text. It could be encrypted.

Asif Dasl · December 2013

veritas_libertas wrote: »

Just because it's hidden in bad sector doesn't mean it is clear text. It could be encrypted.

Good point! Or using steganography... I never thought of that

sureish · December 2013

Many Thanks for your replies.

Is there any tool available currently through which I can perform my analysis.

YFZblu · December 2013

veritas_libertas wrote: »

Just because it's hidden in bad sector doesn't mean it is clear text. It could be encrypted.

Yes - Which is why security through obscurity CAN help, as part of a layered approach.

veritas_libertas · December 2013

YFZblu wrote: »

Yes - Which is why security through obscurity CAN help, as part of a layered approach.

Exactly. By itself it's not great. As a part of an attack or prevention it can be very useful.

ptilsen · December 2013

Security through obscurity is not to be confused with stenography. Faking a bad sector to hide information is an example of steganography. Not disclosing the encryption mechanism used in a protocol or piece of software is security through obscurity. The latter is actually harmful to overall security, not helpful. The former is a legitimate technique that can be effective as part of a layered approach.

As far as OP's question, I really doubt anyone here happens to know the answer. It's up to you to find it. If something exists, we could almost certainly find it on Google. If we can find it, so can you.

Asif Dasl · December 2013

sureish wrote: »

Many Thanks for your replies.

Is there any tool available currently through which I can perform my analysis.

In the first link I posted above it shows you how to create bad sectors and hide data in linux.

In windows you need to edit the $BadClus metadata for NTFS using DFSee. (see point #8 about $BadClus - it can be edited manually).

It doesn't look like there is a automated tool out there. But if you create a disk full of bad sectors you don't really have plausible deniability, so I can see why drive encryption is more readily used. But I take on board if it's used in a layered approach then it would be more secure/untraceable.

veritas_libertas · December 2013

YFZblu wrote: »

Yes - Which is why security through obscurity CAN help, as part of a layered approach.

I've been going through my study material for the GIAC GCIH exam and ran into Hydan. It encrypts data with Blowfish and then hides them within an executable. A great example of a layered approach:

Hydan: Information Hiding in Program Binaries

Any programs that hide information in disk sectors by marking the sectors as bad???

Comments