If Encrypted File Is Hidden (renamed files, stenography)
Navigation:
Find Password Protected
Files > If Encrypted File Is Hidden (renamed files, stenography)
Find
Protected designed to search for hidden password protected files on
local disks and across a network.
|
As it is mentioned above in the first section of the article, a file may be hidden by means of stenographic techniques, in the simplest case, by renaming a file, i.e. changing its extension.
The rename operation is not recorded anywhere in the file. Hence obviously, that the above searching method is not helpful in this situation. Nevertheless, though in fact the file extension has been changed and now it relates to another application the original format remains the same. This format, its structure, and data organization within the file differ for different applications. Without going into details when describing this format, through examining of the file contests it is possible to find out which application this file related to. This is the algorithm the special software for searching of renamed files is based on.
The more complex task is to find out the file that has been hidden by means of special stenography applications. Available software can reveal only few schemes and methods. The latest stenographic methods can't be detected at all. In fact, one who tries to find nested files is always a step behind one who hides them.
On the other hand, there are some ways that allow to suspect foreign nestings in the files on the basis of indirect signs. First of all, it's very important to competently audit an information system: it looks suspicious if a user loads the same picture over and over again, and, more, uses special stenography tools. In some companies the employees who deal with confidential information are forbidden to access MPEG, MPEG2, MPEG3, MPEG4 files and have a limited size of mailbox and sites allowed for downloading.
You should be also on your guard if the traffic analysis indicates that a certain image is loaded too often while text is not loaded at all. When the suspicious file is founded an expert can reveal a nested file by modification of the image (ripple, color shifting, shade of black and white, etc.) But all that is in theory. In practice, this analysis is very difficult to carry out. Then it's necessary to indicate a format of the nested file, but the further success mainly depends on strength of the encryption algorithm used.
YOUR FEEDBACK
Please, let us know what you
think about this article:
|