Any programs that hide information in disk sectors by marking the sectors as bad???
Hi,
I am new to this forum. I am currently doing my Masters in Forensics. I am doing a analysis in fake bad sectors which are used for hiding information.
Currently is there any automated tools or programs available for creating fake bad sectors and hiding the information or it needs to be done manually...
Thanks in Advance
I am new to this forum. I am currently doing my Masters in Forensics. I am doing a analysis in fake bad sectors which are used for hiding information.
Currently is there any automated tools or programs available for creating fake bad sectors and hiding the information or it needs to be done manually...
Thanks in Advance
Comments
-
veritas_libertas
Member Posts: 5,746 ■■■■■■■■■■
Now that is clever. What university are you attending? -
Asif Dasl
Member Posts: 2,116 ■■■■■■■■□□
My first thought is that this is security through obscurity (which doesn't work).. programs like SpinRite can test bad sectors for information and move it to a non bad sector. It would be far safer to encrypt the data using the strongest available method - something like TrueCrypt would do the job perfect.
Here is two links that might be useful to you though:
http://www.davidverhasselt.com/2009/04/22/hide-data-in-bad-blocks/
http://www.berghel.net/publications/data_hiding/data_hiding.php -
ratbuddy
Member Posts: 665
This thread brings back memories. The Form virus used to hide in sectors it marked as bad. Ruined quite a few floppies before I figured out what was going on. -
veritas_libertas
Member Posts: 5,746 ■■■■■■■■■■
Just because it's hidden in bad sector doesn't mean it is clear text. It could be encrypted.
-
Asif Dasl
Member Posts: 2,116 ■■■■■■■■□□
Good point! Or using steganography... I never thought of thatveritas_libertas wrote: »Just because it's hidden in bad sector doesn't mean it is clear text. It could be encrypted. -
sureish
Registered Users Posts: 2 ■□□□□□□□□□
Many Thanks for your replies.
Is there any tool available currently through which I can perform my analysis. -
YFZblu
Member Posts: 1,462 ■■■■■■■■□□
veritas_libertas wrote: »Just because it's hidden in bad sector doesn't mean it is clear text. It could be encrypted.
Yes - Which is why security through obscurity CAN help, as part of a layered approach. -
veritas_libertas
Member Posts: 5,746 ■■■■■■■■■■
Yes - Which is why security through obscurity CAN help, as part of a layered approach.
Exactly. By itself it's not great. As a part of an attack or prevention it can be very useful. -
ptilsen
Member Posts: 2,835 ■■■■■■■■■■
Security through obscurity is not to be confused with stenography. Faking a bad sector to hide information is an example of steganography. Not disclosing the encryption mechanism used in a protocol or piece of software is security through obscurity. The latter is actually harmful to overall security, not helpful. The former is a legitimate technique that can be effective as part of a layered approach.
As far as OP's question, I really doubt anyone here happens to know the answer. It's up to you to find it. If something exists, we could almost certainly find it on Google. If we can find it, so can you. -
Asif Dasl
Member Posts: 2,116 ■■■■■■■■□□
In the first link I posted above it shows you how to create bad sectors and hide data in linux.Many Thanks for your replies.
Is there any tool available currently through which I can perform my analysis.
In windows you need to edit the $BadClus metadata for NTFS using DFSee. (see point #8 about $BadClus - it can be edited manually).
It doesn't look like there is a automated tool out there. But if you create a disk full of bad sectors you don't really have plausible deniability, so I can see why drive encryption is more readily used. But I take on board if it's used in a layered approach then it would be more secure/untraceable. -
veritas_libertas
Member Posts: 5,746 ■■■■■■■■■■
Yes - Which is why security through obscurity CAN help, as part of a layered approach.
I've been going through my study material for the GIAC GCIH exam and ran into Hydan. It encrypts data with Blowfish and then hides them within an executable. A great example of a layered approach:
Hydan: Information Hiding in Program Binaries
