Data concealments with high privacy in new technology file system

Fu Hau Hsu, Min Hao Wu, Syun Cheng Ou, Shiuh Jeng Wang

Research output: Contribution to journalArticlepeer-review

2 Scopus citations

Abstract

This paper proposes a new approach, called file concealer (FC), to conceal files in a computer system. FC modifies metadata about a file in NTFS (New Technology File System) to hide the file. Unlike traditional hooking methods which can be easily detected by antivirus software, experimental results show that it is difficult for antivirus software to detect the files hidden by FC. Moreover, to enhance the concealment capability of FC, FC also rearranges the order of some data sectors of a hidden file. As a result, even if another person finds the original sectors used by the hidden file, it is difficult for him to recover the original content of the hidden file. Experimental results show that even data recovery tools cannot restore the content of a hidden file. All information that is required to restore a hidden file is stored in a file, called recovery file hereafter. When a user uses FC to hide a file, the user can specify any file as a host file, such as an image file, to which the recovery file will be appended. As a result, the user can easily restore a hidden file; however, it is difficult for other person to detect or restore the hidden file and the related recovery file.

Original languageEnglish
Pages (from-to)120-140
Number of pages21
JournalJournal of Supercomputing
Volume72
Issue number1
DOIs
StatePublished - 1 Jan 2016

Keywords

  • Anti-forensics
  • File rootkit
  • File storage system
  • NTFS

Fingerprint

Dive into the research topics of 'Data concealments with high privacy in new technology file system'. Together they form a unique fingerprint.

Cite this