Skip to main content
Conference ProceedingsOPEN ACCESS

Anti-forensic capacity and detection rating of hidden data in the ext4 filesystem

IFIP Advances in Information and Communication Technology (2018) 532 87-110
DOI: 10.1007/978-3-319-99277-8_6
3Citations
Citations of this article
13Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

The rise of cyber crime and the growing number of anti-forensic tools demand more research on combating anti-forensics. A prominent anti-forensic paradigm is the hiding of data at different abstraction layers, including the filesystem layer. This chapter evaluates various techniques for hiding data in the ext4 filesystem, which is commonly used by Android devices. The evaluation uses the capacity and detection rating metrics. Capacity reflects the quantity of data that can be concealed using a hiding technique. Detection rating is the difficulty of finding the concealed artifacts; specifically, the amount of effort required to discover the artifacts. Well-known data hiding techniques as well as new techniques proposed in this chapter are evaluated.

Author supplied keywords

Cite

CITATION STYLE

APA

Göbel, T., & Baier, H. (2018). Anti-forensic capacity and detection rating of hidden data in the ext4 filesystem. In IFIP Advances in Information and Communication Technology (Vol. 532, pp. 87–110). Springer New York LLC. https://doi.org/10.1007/978-3-319-99277-8_6

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free