NULL Byte Injection: Anti-Forensic Technique for Data Hiding in FAT32 File System
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Kim, D. | - |
dc.contributor.author | Lee, Y.K. | - |
dc.contributor.author | Jeong, J. | - |
dc.date.accessioned | 2023-12-11T07:07:11Z | - |
dc.date.available | 2023-12-11T07:07:11Z | - |
dc.date.issued | 2022-10-03 | - |
dc.identifier.issn | 0000-0000 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/hongik/handle/2020.sw.hongik/32054 | - |
dc.description.abstract | In the FAT32 file system, a null byte in the metadata means that there is no file or folder. Since the metadata are stored consecutively, if the first byte of a metadata field is null, the operating system does not read data anymore. In this study, we propose an anti-forensic technique referred to as NULL Byte injection, which hides files or folders by injecting null bytes into the metadata field of the FAT32 file system. We presented 3 injection methods for hiding, and we evaluated the effectiveness and limitations of each injection method through experiments. As a result, we confirmed that our technique can hide files or folders in Windows OS. Based on the injection method, different effects were observed. We also confirmed that our methods can hide files or folders and bypass the detection of several forensic tools. Our technique can contribute to preventing such anti-forensic attacks by exploiting the mechanism of the file system to hide data. © 2022 ACM. | - |
dc.format.extent | 6 | - |
dc.language | 영어 | - |
dc.language.iso | ENG | - |
dc.publisher | Association for Computing Machinery | - |
dc.title | NULL Byte Injection: Anti-Forensic Technique for Data Hiding in FAT32 File System | - |
dc.type | Article | - |
dc.identifier.doi | 10.1145/3492866.3558587 | - |
dc.identifier.scopusid | 2-s2.0-85139648631 | - |
dc.identifier.bibliographicCitation | Proceedings of the International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), pp 265 - 270 | - |
dc.citation.title | Proceedings of the International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc) | - |
dc.citation.startPage | 265 | - |
dc.citation.endPage | 270 | - |
dc.type.docType | Conference Paper | - |
dc.description.isOpenAccess | N | - |
dc.description.journalRegisteredClass | scopus | - |
dc.subject.keywordAuthor | anti-forensics | - |
dc.subject.keywordAuthor | data hiding | - |
dc.subject.keywordAuthor | digital forensics | - |
dc.subject.keywordAuthor | directory entry | - |
dc.subject.keywordAuthor | FAT32 | - |
dc.subject.keywordAuthor | file system | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
94, Wausan-ro, Mapo-gu, Seoul, 04066, Korea02-320-1314
COPYRIGHT 2020 HONGIK UNIVERSITY. ALL RIGHTS RESERVED.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.