Abstract: The ability to both conceal and detect hidden data on the hard drive of a compromised computer represents an important arms-race between hackers and forensic analysts. While rootkits and other kernel manipulation tools make hiding on live systems fairly easy, the trick of hiding data from forensic tools and offline drive analysis is much more difficult. In this presentation, we will review traditional data hiding techniques, examine their strengths and weaknesses, and then explore more advanced methods of data hiding which go beyond the detection capabilities of current forensics tools. Further attention will be given to enabling transparent access to hidden file systems while also minimizing detection, ensuring data confidentiality, and providing robustness against corruption. The culmination of our research will be demonstrated in an advanced data hiding methodology and corresponding forensic detection utility.