Hiding Files

Rootkits

Rootkits are programs that hackers use in order to evade detection while trying to gain unauthorized access to a computer. Rootkits when installing on a computer, are invisible to the user and also take steps to avoid being detected by security software.

A rootkit is a set of binaries, scripts and configuration files that allows someone to covertly maintain access to a computer so that he can issue commands and scavenge data without alerting the system's owner.

Depending on where they are installed there are various types of rootkits:

• Kernel Level Rootkits




• Hardware/Firmware Rootkits




• Hypervisor (Virtualized) Level Rootkits




• Boot loader Level (Bootkit) Rootkits

NTFS DATA Stream

Alternative Data Stream support was added to NTFS (Windows NT, Windows 2000 and Windows XP) to help support Macintosh Hierarchical File System (HFS) which uses resource forks to store icons and other information for a file. Using Alternative Data Streams a user can easily hide files that can go undetected unless close inspection.

Steganography

The art of hiding a data inside another data/medium is called steganography.

For eg: hiding data within an image file

The secret message is called overt file and the covering file is called covert file.

Types of Steganography

• Image Steganography




• Document Steganography




• Folder Steganography




• Video Steganography




• Audio Steganography




• White Space Steganography