Loading...

DEFCON 14: Advanced File System Hiding and Detection

1,581 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 31, 2011

Speakers:
Irby Thompson, Senior Security Engineer, Advanced Technology Laboratories, Lockheed Martin
Mathew Monroe, Senior Security Engineer, Advanced Technology Laboratories, Lockheed Martin


Abstract:
The ability to both conceal and detect hidden data on the hard drive of a compromised computer represents an important arms-race between hackers and forensic analysts. While rootkits and other kernel manipulation tools make hiding on live systems fairly easy, the trick of hiding data from forensic tools and offline drive analysis is much more difficult. In this presentation, we will review traditional data hiding techniques, examine their strengths and weaknesses, and then explore more advanced methods of data hiding which go beyond the detection capabilities of current forensics tools. Further attention will be given to enabling transparent access to hidden file systems while also minimizing detection, ensuring data confidentiality, and providing robustness against corruption. The culmination of our research will be demonstrated in an advanced data hiding methodology and corresponding forensic detection utility.

For more information visit: http://bit.ly/defcon14_information
To download the video visit: http://bit.ly/defcon14_videos

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...