Anti-Forensic Capacity and Detection Rating of Hidden Data in the Ext4 Filesystem - Advances in Digital Forensics XIV
Conference Papers Year : 2018

Anti-Forensic Capacity and Detection Rating of Hidden Data in the Ext4 Filesystem

Abstract

The rise of cyber crime and the growing number of anti-forensic tools demand more research on combating anti-forensics. A prominent anti-forensic paradigm is the hiding of data at different abstraction layers, including the filesystem layer. This chapter evaluates various techniques for hiding data in the ext4 filesystem, which is commonly used by Android devices. The evaluation uses the capacity and detection rating metrics. Capacity reflects the quantity of data that can be concealed using a hiding technique. Detection rating is the difficulty of finding the concealed artifacts; specifically, the amount of effort required to discover the artifacts. Well-known data hiding techniques as well as new techniques proposed in this chapter are evaluated.
Fichier principal
Vignette du fichier
472401_1_En_6_Chapter.pdf (364.41 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01988844 , version 1 (22-01-2019)

Licence

Identifiers

Cite

Thomas Göbel, Harald Baier. Anti-Forensic Capacity and Detection Rating of Hidden Data in the Ext4 Filesystem. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.87-110, ⟨10.1007/978-3-319-99277-8_6⟩. ⟨hal-01988844⟩
172 View
606 Download

Altmetric

Share

More