Detecting Hidden Encrypted Volume Files via Statistical Analysis

نویسندگان

Mario Piccinelli

Paolo Gubian

چکیده

Nowadays various software tools have been developed for the purpose of creating encrypted volume files. Many of those tools are open source and freely available on the internet. Because of that, the probability of finding encrypted files which could contain forensically useful information has dramatically increased. While decoding these files without the key is still a major challenge, the simple fact of being able to recognize their existence is now a top priority for every digital forensics investigation. In this paper we will present a statistical approach to find elements of a seized filesystem which have a reasonable chance of containing encrypted data.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Detecting Bot Networks Based On HTTP And TLS Traffic Analysis

Abstract— Bot networks are a serious threat to cyber security, whose destructive behavior affects network performance directly. Detecting of infected HTTP communications is a big challenge because infected HTTP connections are clearly merged with other types of HTTP traffic. Cybercriminals prefer to use the web as a communication environment to launch application layer attacks and secretly enga...

متن کامل

Detecting Hidden Encrypted Volumes

Hidden encrypted volumes can cause problems in digital investigations since they provide criminal suspects with a range of opportunities for deceptive antiforensics and a countermeasure to legislation written to force suspects to reveal decryption keys. This paper describes how hidden encrypted volumes can be detected, and their size estimated. The paper shows how multiple copies of an encrypte...

متن کامل

Steganalysis of Hydan

Hydan is a steganographic tool which can be used to hide any kind of information inside executable files. In this work, we present an efficient distinguisher for it: We have developed a system that is able to detect executable files with embedded information through Hydan. Our system uses statistical analysis of instruction set distribution to distinguish between files with no hidden informatio...

متن کامل

Towards Stealthy Malware Detection1

Malcode can be easily hidden in document files and go undetected by standard technology. We demonstrate this opportunity of stealthy malcode insertion in several experiments using a standard COTS Anti-Virus (AV) scanner. Furthermore, in the case of zero-day malicious exploit code, signature-based AV scanners would fail to detect such malcode even if the scanner knew where to look. We propose th...

متن کامل

LSB Approach for Video Steganography to Embed Images

Video Steganography to embed Image is an art and science of hiding images by embedding images within the video file, seemingly harmless images. An encrypted image or files may still hide information using steganography, so even if the encrypted file is deciphered, the hidden message is not seen. The LSB approach is used along with the MaskingFiltering and Transformations techniques to hide the ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2014

Detecting Hidden Encrypted Volume Files via Statistical Analysis

نویسندگان

چکیده

منابع مشابه

Detecting Bot Networks Based On HTTP And TLS Traffic Analysis

Detecting Hidden Encrypted Volumes

Steganalysis of Hydan

Towards Stealthy Malware Detection1

LSB Approach for Video Steganography to Embed Images

عنوان ژورنال:

اشتراک گذاری