摘要: 为对抗各种取证软件的分析与调查,针对NTFS文件系统提出一种数据隐藏方法。该方法支持用户从系统中选择合适大小的正常文件作为载体,运用对称加密算法和异或运算对待隐藏数据进行预处理,在确保原载体文件正常的前提下,将处理后的结果嵌入到正常文件中。该方法可以解决隐藏文件时,需要人工不断搜索空闲空间以容纳待隐藏文件的难题,其处理速度快且具有较强的计算机取证对抗 能力。
关键词:
反取证,
目录重构,
对称加密,
隐写术
Abstract: This paper proposes a data hiding method to combat a variety of forensic software analysis and investigation. This method allows users to select an appropriate file as a carrier from the target file system, and the hiding data is processed by an algorithm of symmetrical encryption and XOR before embedding in the carrier file. After that, the hiding data is embedded into normal files, as the same time it should make sure that the file can be opened correctly. This method solves the problem of consuming lots of time to search for free space to hide the file. It is fast and has a strong ability to fight against computer forensic.
Key words:
anti-forensic,
directories reassembly,
symmetrical encryption,
steganography
中图分类号:
李步升. 基于NTFS的计算机反取证研究与实现[J]. 计算机工程, 2010, 36(19): 274-276.
LI Bu-Sheng. Computer Anti-forensic Research and Implementation Based on NTFS[J]. Computer Engineering, 2010, 36(19): 274-276.