Detecting and Manipulating Compressed Alternate Data Streams in a Forensics Investigation

Author

Martini, Adamantini I. ; Zaharis, Alexandros ; Ilioudis, Christos

Author_Institution

Dept. of Comput. & Commun. Eng., Univ. of Thessaly, Volos

fYear

2008

fDate

9-9 Oct. 2008

Firstpage

Lastpage

Abstract

Data hiding technique through alternate data streams in compressed form is poorly documented and less known among forensic experts. This paper deals with the documentation of compressed ADS and their attributes concerning hiding information, provides a simple technique of creating compressed ADS and using it in a malicious manner. Finally a method is presented in order to detect and manipulate ADS in a proper way, complying with the computer forensic techniques.

Keywords

computer crime; data compression; data encapsulation; data handling; alternate data streams; computer forensic techniques; data compression; data hiding technique; forensics investigation; Computer crime; Computer networks; Data encapsulation; Data engineering; Digital forensics; Documentation; Electronic mail; File systems; Internet; Software tools; ADS; Compressed Alternate Data Streams; NTFS;

fLanguage

English

Publisher

ieee

Conference_Titel

Digital Forensics and Incident Analysis, 2008. WDFIA '08. Third International Annual Workshop on

Conference_Location

Malaga

Print_ISBN

978-0-7695-3362-9

Type

conf

DOI

10.1109/WDFIA.2008.9

Filename

4651708

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3108308