Forensic - Data Hiding

This year I will most likely be many issues to discuss his forensic know many people who have not been involved in the forensic world , there are many who think that the forensic difficult , I suggest to you to keep a lot of reading and learning so that what you think is hard to be easy .

as a prefix, I will discuss how to conceal messages into a file that contains the slack space

Description :
slack space is a space is not in use. This block is sized container that is in use by the file system to store data. Because it Occurs naturally the data rarely fill fixed storage locations exactly.
in forensic slack space in check as they may contain important data.

Download Bmap tools here

Configuration:
extract this file :
tar -xzvf bmap-1.0.17.tar.gz
cp -r bmap-1.0.17 /opt/
cd /opt/bmap-1.0.17 ; ls



then, compile this script using command :
# make


after compiling a directory bmap refer back to appear as shown below :



How To :

I created a file with the extension *.txt then enter the word "hello worlds" into the file and then displays the size of the file. see in the picture below:


The following output is generated by hexeditor:


then let's make and hide the text into the file.

command :
# echo "This Secret Message" | /opt/bmap-1.0.17/bmap --mode putslack forensic.txt


and following output is generated :




no changes to the file *.txt.

and how to bring out the message stored?
we just change the order of "putslack" become "slack" as i demonstrated below :

command:
# /opt/bmap-1.0.17/bmap --mode slack forensic.txt



visible part of my block, it is a message that we created earlier.
and how where if we delete the file?
you can see the picture as well as a cover of my post this time :)



Regards
Hidemichi-Hiroyuki a.k.a [H2]

Comments

Popular posts from this blog

Decrypt MD5 $Wordpress

Exploit Samba "SmbClient"

Configure Pure-FTP on Kali Linux