Presented at
DEF CON 14 (2006),
Aug. 4, 2006, 8 p.m.
(50 minutes).
The ability to both conceal and detect hidden data on the hard drive of a compromised computer represents an important arms-race between hackers and forensic analysts. While rootkits and other kernel manipulation tools make hiding on live systems fairly easy, the trick of hiding data from forensic tools and offline drive analysis is much more difficult. In this presentation, we will review traditional data hiding techniques, examine their strengths and weaknesses, and then explore more advanced methods of data hiding which go beyond the detection capabilities of current forensics tools. Further attention will be given to enabling transparent access to hidden file systems while also minimizing detection, ensuring data confidentiality, and providing robustness against corruption. The culmination of our research will be demonstrated in an advanced data hiding methodology and corresponding forensic detection utility.
Presenters:
-
Irby Thompson
- Senior Security Engineer
Irby Thompson is currently a Senior Security Engineer for the Advanced Technology Laboratories of Lockheed Martin. His early interest in computer security led to a career in network and host security with a focus on operating system security and applied cryptography. Irby's past experience includes the design and development of a secure email system including features such as guaranteed read-receipts, message expiration, one-time read, and un-send capabilities. He holds a Masters degree in Information Security from Georgia Tech and a Bachelors degree in Computer Science, Math, and Management of Technology from Vanderbilt University.
-
Mathew Monroe
- Senior Security Engineer
Mathew Monroe has a BS in Electrical and Computer Engineering with an additional major in Mathematical Sciences from Carnegie Mellon University, and is currently pursuing graduate studies there. He is an accomplished developer specializing in embedded systems and computer security. In addition, Mathew has experience designing and implementing high performance distributed file systems and applications. He is currently a Senior Security Engineer at the Lockheed Martin Advanced Technology Laboratories. Prior to this post he implemented, deployed, and tested Lustre file systems on Lawrence Livermore National Laboratory's MCR and ACL clusters and Pacific Northwest National Laboratory's rx2800 cluster. The Lustre file system is an advanced high performance distributed file system used by a number of the world's top super computers. In addition, Mathew designed and implemented firmware and low level file system code for network attached storage devices at Spinnaker Networks (now Network Appliances).
Links:
Similar Presentations: