File Segmentation
Another way to hide data on a live system is file segmentation. This is a technique for handling files that has been around since the early days of DOS. If a file were larger than floppy diskettes available at the time, the file would have to be segmented and moved to another system. The segments would each be copied to a separate diskette and then reassembled in order on the target system. This technique can be used to separate the binary contents of any file into arbitrarily sized segments, placing each segment in a separate location within the file system. Possible hiding places include the ends of legitimate files, in files by themselves, or as binary data types in Registry keys.
Preventing this type of activity from occurring ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
