| Hiding Technique | Data Hidden or Concealed | File Name (with Path) or Offset from Start of Partition | Additional Information |
| Info hidden in unpartitioned space | ROT13 Cipher Text | [offset] |
| Info hidden in unallocated space | Orphaned file. Contains text file. Find using hex search for "0x0D0A" | [offset] |
| Orphaned directory | Orphaned subdirectory. Find using hex search for "0x2E2E" or text search for ".." (double dot that occurs in the second entry of a subdirectory) | [offset] |
| Change file date/time in directory without changing file | Changed year from 2014 to 2013 | [file] |
| Compress file and change extension to executable type | Graphics file | [file] |
| Change file extension | Correct file type/file contents (defeats use of graphics format file viewer) | [file] |
| Shift file signature by n bytes | File signature/file contents | [file] |
| Caesar Cipher | Triple-hiding technique (double encipherment with Caesar Cipher plus info hidden in text block). Defeat using "guess"https://www.xarg.org/tools/caesar-cipher/ | [file] |
| Change file without changing date/time in directory | Modified file slack using hex editor to edit device (bypassing OS management of directory and file meta data) | [file] |
| Info hidden in file slack space | URL of software application to decode cipher text | [file] |
| ROT13 Cipher Text | Double-hiding technique. Defeat the ROT13 encipherment first. Then find info hidden in text block. Defeat using key=13 or "guess" at https://www.xarg.org/tools/caesar-cipher/ | [file] |
| Info hidden in graphics format file (steganography) | Social security numbers | [file] |
| Info hidden in graphics format file (steganography) | Phone numbers | [file] |
| Info hidden in filemetadata (graphics file “comments”) | Meeting location | [file] |
| Info hidden in graphics format file (steganography) | Chopped to defeat optical character recognition (OCR). Phone numbers and credit card numbers. | [file] |
| Info hidden in deleted file entries in directory | Unicode text | [file] |
| Info hidden in tone-on-tone text in editing restricted file (password protection) | Password (can be recovered from text hidden inside another file), hidden text | [file] |
| Info in password protected file (open password) | Password protection used to encrypt contents ("difficult" level recovery using PRTK). File is encrypted using AES-256 encryption (MS Word 2007+ default algorithm) | [file] |
| Info hidden in blocks of text | Words/text strings hidden inside other words. Defeats word list extraction/word search. File contains important info needed to defeat password protection for other files. Two passwords (each stored in two parts). Instructions for reconstructing passwords. | [file] |
| Encrypted File (PW Protected) | Password protection (password is hidden in another file—difficult to crack with PRTK) | [file] |
| Info concealed in notes pages in presentation | URLs for search engines (web pages, information, people, products) | [file] |
| Info hidden in tone-on-tone text | Cell phone number, meeting location, instructions (what to bring), additional information | [file] |
toshmonster
Week5_Lab5_Table5-1.xlsx
