Chapter 5. Data Hiding
One of the most challenging aspects of a forensic analysis of a computer is the possibility of data being intentionally hidden by your suspect. Always assume that a system you are examining might contain hidden data. Even if it was not intentionally hidden to defeat analysis, data hidden by the operating system exists on all systems. With practice and the techniques we will share with you, many of your encounters with hidden data can be rewarding experiences.
As shown on Table 5-1, there are a number of different ways to hide data on a computer. We discussed encryption in the previous chapter, but it should be clear from Table 5-1 that encryption is not the only way to obscure information. Many of these techniques have ...
Get Computer Forensics: Incident Response Essentials now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
