Introduction
The phenomenon of data hiding is urgent for current practices in computer forensics and involves information storage in places where this information is not expected. This specific technique of data storage is present in popular operating systems to hide some unnecessary folders and files with the help of the hidden attribute (Fadia and Zacharia, 2007, p. 233). Such an approach is aimed at protecting the information from accidental deletion. For instance, Windows has specific files and folders that are not allowed to delete and that are essential for normal functioning.
Data carving is an approach used in Computer Forensics in case data cannot be extracted by traditional methods because the necessary data is unavailable within the file system. Searching for the information for file signatures is one of the most known means of data carving.
Hiding Data in Operating System and the Registry
In operating systems, data hiding is used to protect files from illegal intrusion and accidental deletion. The parameters for this approach are set by the system attribute designed for identifying system files that should be protected. The system itself cannot be installed in the File Property, but its function can be carried out with the help of the attribute command. Particularly, this option can hide a file in such a way that it will not be displayed even if the Show Hidden Files command will be set (Fadia and Zacharia, 2007, p. 224).
Data presented in the Registry differs on configurations presented in the OS. Hence, earlier versions of Registry consist of files with.dat extension whereas Windows EX and 2003 have a wider variety of extensions among which is the.alt extension storing hives. The hive presents a set of keys to block the information and carry configurations concerning various types of data (Fadia and Zacharia, 2007, p. 224).
Carving Data Hidden in the Registry
Sometimes data hiding techniques can constitute a serious threat to existing operating systems. On the one hand, the usage of stenography and other types of encryption and information coding can be quite successful for protecting information from external intrusion. On the other hand, password-cracking tools can be used for illegal and criminal purposes to conceal information and draw it from secret databases (Kruse and Heiser, 2001, p. 83). Therefore, all tools of carving and disclosing the data hidden in the registry are necessary skills that should be acquired while studying computer forensics (Kruse and Heiser, 2001, p. 83). Furthermore, this skill will allow specialists to discover the information that has been intentionally concealed but is important for users.
Hiding Data on Virtual Machines and Drives
The introduction of virtual machines provides great potential for data hiding, particularly for hiding schemes used with disk images. Their role of a secret is not limited to secret watermarking and communication; rather, these schemes are also used as a warning against hostile intrusion (Su et al., 2010, p. 2280). In addition, hiding techniques used in virtual machines create a solid foundation for a more detailed analysis of the entire virtual machine system. It should be stressed that virtual machines are capable of performing all instructions without the support of higher levels of information hierarchy because all unneeded data is concealed in order not to distract the programmers from particular layers. Considering this issue, specific tools are created for forensic analysis aimed at determining the extent to which the data can be uncovered. One of the forms of control using the FAT16 tool aimed at defining free sectors where the hidden text string is placed.
NTFS Data Hiding
NTFS systems can offer more beneficial opportunities for data concealing because they contain unique techniques that provide effective file access to manage disk information as well as other file storage methods. For instance, metadata processing may be utilized to conceal implicit information in bad clusters (Zelkowitz, 2008, p. 9). According to data hiding techniques used involve filing slack space, data streams, and file systems reserved locations. These approaches are aimed at recovering and detecting hidden data. In some cases, data hiding techniques are used to conceal secret information within hidden files to avoid information recovery via traditional computer forensic tools. In general, the modern file system contains a map identifying the allocation of each cluster of information (Zelkowitz, 2008, p. 10). With the help of this technique, it is easy to define whether this system is modified to hide information.
Investigator Response to Data Hiding Threats
It is obvious that recognition of how information can be concealed within the media platform as well as specifics of file system structure involves awareness of methods for detecting the hidden information. Discussing different techniques of data hiding, such as stenography, encryption, and map allocation, it can be stated that many criminal cases are closely connected with miscellaneous effects this knowledge has in security terms. In this respect, criminal investigators should be aware of the specifics of computer forensics as well as tools utilized for concealing secret data to eliminate computer crimes. In addition, they should learn the most effective tools for hiding data and apply mixed approaches to detect computer frauds.
Reference List
Fadia, A., and Zacharia, M. (2007). Network Intrusion Alert: An Ethical Hacking Guide to Intrusion Detection. US: Cengage.
Kruse, W. G. and Heiser, J. G. (2001). Computer Forensics: Incident Response Essentials. US: Addison-Wesley.
Su, Y., Liao, X., Jin, H. and Bell, T. (2010). Data Hiding in Virtual Machine Disk Images. 10th IEEE International Conference on Computer and Information Technology. pp. 2278-2283.
Zelkowitz, M. (2008). Advances in Computers: Software Development. US: Academic Press.