File System Forensic Analysis
| Hi-index | 0.00 |
In this paper, we examine the potential to hide data in an ISO9660 file system, which is used to store data on CD-ROMs. By design, this file system allows for multiple directory trees and different byte orderings of essential data. We describe how data could be hidden in an ISO9660 file system and create test images using the described techniques. We test commonly used forensics tools to determine if the hidden data can be seen. The test results show that different tools show and hide different data. Some tools show all of the data, some tools show some of the data, and other tools show none of the data.