Data Hiding in Journaling File Systems

Data hiding is one technique by which system perpetrators store information while reducing the risk of being detected by system administrators. The first major section of this article structures and compares existing data hiding methods for UNIX file systems in terms of usability and countermeasures. It discusses variant techniques related to advanced file systems. The second section proposes a new technique that stores substantial amounts of data inside journaling file systems in a robust fashion with low detectability, which is demonstrated by means of a proof-of- concept implementation for the ext3 journaling file system.

[1]  Brian D. Carrier,et al.  File System Forensic Analysis , 2005 .

[2]  K. Eckstein Forensics for advanced UNIX file systems , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[3]  Dan Farmer,et al.  Forensic Discovery , 2004 .

[4]  Markus G. Kuhn,et al.  StegFS: A Steganographic File System for Linux , 1999, Information Hiding.

[5]  Brian D. Carrier Defining Digital Forensic Examination and Analysis Tool Using Abstraction Layers , 2003, Int. J. Digit. EVid..

[6]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[7]  Sailesh Chutani,et al.  The Episode File System , 1992 .