Week_9 - Computer Forensics: Basics Data Hiding Arent we...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
Computer Forensics: Basics Data Hiding “Aren’t we done yet????”
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
© 2007 Purdue University Marcus K. Rogers CIT 2 Agenda • Common Data Hiding Techniques • Writing files • Deleting and Reformatting • Recycle Bin • Steganography
Background image of page 2
© 2007 Purdue University Marcus K. Rogers CIT 3 Learning Objectives • At the end of this module you will be able to: – Describe the forensic mind set – Discuss organizing the investigation – Describe various data hiding techniques – Hide data using NTFS ADS – Explain the forensic significance of steganography
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
What to look for Look out David Copperfield!
Background image of page 4
© 2007 Purdue University Marcus K. Rogers CIT 5 Common Techniques • Rename files/directories • Delete files/directories • Copy files/directories • Print files • Format a disk
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
© 2007 Purdue University Marcus K. Rogers CIT 6 Rename Files • Rename files and/or file extensions • Example: • Rename extortion_letter.doc to fuzzy_bunny.jpg • People looking for incriminating evidence probably won’t check a picture file called fuzzy_bunny.jpg
Background image of page 6
© 2007 Purdue University Marcus K. Rogers CIT 7 Copying Files Scenario #1: Copying a file to a floppy disk or hard disk. If you run out of space, the pointer to the file is removed, but the data that was copied to the sectors is left in place Scenario #2: Computer crashes while copying a file. Again, the file contents copied to the unallocated sectors will exists, but the pointer to the data will not have been created.
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
© 2007 Purdue University Marcus K. Rogers CIT 8 Printing a File • When printing a file, it is spooled to the hard disk before it is printed. • Spooling involves copying the file to a temporary location, printing it, then deleting it. • After the temporary file is deleted, the data still exists on disk • Most printer drivers convert print to graphics these days prior to printing so…. .
Background image of page 8
© 2007 Purdue University Marcus K. Rogers CIT 9 Formatting a Disk • When a disk is quick formatted, the file table on the disk is cleared, but the data on the disk is left in place. • Again, similar to deleting all the files on a disk. • Data can also be recovered from a full format • Low level formatting is a different story!
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
© 2007 Purdue University Marcus K. Rogers CIT 10 Attributes • In Windows, set the “hidden” attribute on a file or directory. • Can still view files if the “Show hidden files and folders” option is checked in Windows Explorer. • Other tools may or may not display hidden files.
Background image of page 10
© 2007 Purdue University Marcus K. Rogers CIT 11 Folders In Unix, rename a file or directory starting with a “.” Example: mv important.doc .important.doc Can still be viewed by listing all files “ls –a” Other methods???
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 75

Week_9 - Computer Forensics: Basics Data Hiding Arent we...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online