Data Hiding Tactics for Windows and Unix File Systems

Question 1

What were the two early incarnations of data hiding mentioned in the article?

Answer 1

Out-of-standard tracks on floppy disks and non-data fields of network patches

Question 2

According to the article, hidden data may be thought of as a special case of what?

Answer 2

Data that is concealed, undiscovered, misplaced, absent, accidentally erased, and so on

Question 3

What is the example given in the article of dark data that resides within light data?

Answer 3

Watermarking

Question 4

Provide two examples of nonphysical data hiding

Answer 4

Cryptography and watermarking

Question 5

What is the primary goal of cryptography?

Answer 5

Obscuring the content of a message, but not the communication of the message

Question 6

What is the primary goal of steganography?

Answer 6

Hiding the communication of a message

Question 7

What is the primary goal of digital watermarking?

Answer 7

Adding metadata to a message to establish ownership, provenance, source, etc.

Question 8

(T/F) The number of tracks/cylinders recognized by a disk controller has to be the same as the number of tracks/cylinders recognized by the operating system.

Answer 8

False

Question 9

What are the two structures of a hard disk drive?

Answer 9

Geometric structure and a set of nested data structures

Question 10

What is the name of the area of a secondary storage device where vendors could store data that is protected from normal user activities?

Answer 10

The Host Protected Area

Question 11

What is the feature that allows modification of the characteristics of a hard drive (e.g., the number of available clusters)?

Answer 11

Device Configuration Overlay

Question 12

What is the name of the set of consecutive blocks on a hard disk that appear to an operating system as a separate volume (aka, drive in Windows or directory of mount point in Unix)?

Answer 12

A partition

Question 13

What is the name of the DOS partition at the beginning of a drive that contains the boot code and partition table?

Answer 13

Master Boot Record

Question 14

What is the name of the remaining area of a partition on a hard drive that cannot be accessed by the operating system by conventional means?

Answer 14

Volume slack

Question 15

What is the name given to the unused sectors at the end of a partition that cannot be accessed by the operating system?

Answer 15

Superblock slack

Question 16

(T/F) Bad blocks/sectors (e.g., $BadClus in NTFS) are not accessible to the operating system.

Answer 16

True

Question 17

(T/F) Hidden data may be stored in bad blocks/sectors (e.g., $BadClus in NTFS).

Answer 17

True

Question 18

What is “ram slack?”

Answer 18

OS pads a file that is not an exact multiple of sector size from memory

Question 19

What is Microsoft’s version of a resource fork?

Answer 19

Alternate Data Streams

Question 20

How long will an alternate data stream persist?

Answer 20

For the life of the attached file or folder and if it remains in an NTFS file structure

Question 21

What is a file carver?

Answer 21

Forensic tool to analyze data on a drive

Question 22

Eleven digital disk warrens in Windows and Unix file systems were discussed in this article. List 5.

Answer 22

Host Protected Area & Device Configuration Overlay, Volume Slack, Partition Slack, Superblock Slack, and Boot Record