NUST Institutional Repository

Reverse engineering alternate data streams to detect the secret communication

Show simple item record

dc.contributor.author Khawer, Khaula
dc.contributor.author Supervised by Dr Muhammad Faisal Amjad.
dc.date.accessioned 2020-10-27T06:21:33Z
dc.date.available 2020-10-27T06:21:33Z
dc.date.issued 2018-07
dc.identifier.other TIS-256
dc.identifier.other MSIS-14
dc.identifier.uri http://10.250.8.41:8080/xmlui/handle/123456789/5691
dc.description.abstract With the growing security concerns of the digital world, the forensic investigators and law enforcement agencies need to thoroughly scrutinize the suspected system, leaving no stone unturned. Extracting and recovering the hidden data in a forensically sound manner helps a lot in getting the required information and conducting the forensic investigation with success. NTFS Alternate data streams provide an ideal way to conceal the data within them and hence terrorists as well as adversaries could employ this feature to hide their offensive plans and malicious activities in the ADS of the compromised systems as normal users are unaware of the ADS presence. The factors that further augment the value of the ADS for data hiding are that they require low level of expertise to create and manipulate, are not much prone to suspicion for hiding high level secrets, and are the integral part of the most widely used file system. To reverse engineer alternate data streams for efficient and effectual data retrieval, exploring diverse possible ways of data hiding is essential. The research follows this approach and successfully implements the data hiding concepts of ADS nesting, encoded fragmentation and also the defense-in-depth strategy by applying the compression, password encryption, encoding, fragmentation and ADS nesting concurrently. Also the data concealed through different stated techniques is effectively recovered, keeping integrity intact. A comprehensive route, encompassing all the mentioned techniques, is then proposed in the thesis to effectively analyze and retrieve the ADS and their contents. en_US
dc.language.iso en en_US
dc.publisher MCS en_US
dc.title Reverse engineering alternate data streams to detect the secret communication en_US
dc.type Thesis en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search DSpace


Advanced Search

Browse

My Account