Skip to Main content Skip to Navigation
Conference papers

Anti-Forensic Capacity and Detection Rating of Hidden Data in the Ext4 Filesystem

Abstract : The rise of cyber crime and the growing number of anti-forensic tools demand more research on combating anti-forensics. A prominent anti-forensic paradigm is the hiding of data at different abstraction layers, including the filesystem layer. This chapter evaluates various techniques for hiding data in the ext4 filesystem, which is commonly used by Android devices. The evaluation uses the capacity and detection rating metrics. Capacity reflects the quantity of data that can be concealed using a hiding technique. Detection rating is the difficulty of finding the concealed artifacts; specifically, the amount of effort required to discover the artifacts. Well-known data hiding techniques as well as new techniques proposed in this chapter are evaluated.
Document type :
Conference papers
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download

https://hal.inria.fr/hal-01988844
Contributor : Hal Ifip <>
Submitted on : Tuesday, January 22, 2019 - 9:44:44 AM
Last modification on : Thursday, February 7, 2019 - 3:40:57 PM
Long-term archiving on: : Tuesday, April 23, 2019 - 1:34:12 PM

File

472401_1_En_6_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Thomas Göbel, Harald Baier. Anti-Forensic Capacity and Detection Rating of Hidden Data in the Ext4 Filesystem. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.87-110, ⟨10.1007/978-3-319-99277-8_6⟩. ⟨hal-01988844⟩

Share

Metrics

Record views

324

Files downloads

73