TY - GEN
T1 - Data hiding in windows executable files
AU - Shin, Dae Min
AU - Kim, Yeog
AU - Byun, Keun Duck
AU - Lee, Sangjin
PY - 2008
Y1 - 2008
N2 - A common technique for hiding information in executable files is the embedding a limited amount of information in program binaries. The hiding technique is commonly achieved by using special software tools as e.g. the tools presented by Hydan and Stilo in (Rakan, 2004, Bertrand, 2005). These tools can be used to commit crimes as e.g. industrial spy activities or other forms of illegal data access. In this paper, we propose new methods for hiding information in Portable Executable (PE) files. PE is a file format for executables used in the 32-bit and 64-bit versions of the Windows operating system. In addition, we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. The existing techniques for hiding information in an executable file determine the total number of bytes to be hidden on the foundation of the size of the executable code. Our novel methods proposed here do not limit the amount of hidden code.
AB - A common technique for hiding information in executable files is the embedding a limited amount of information in program binaries. The hiding technique is commonly achieved by using special software tools as e.g. the tools presented by Hydan and Stilo in (Rakan, 2004, Bertrand, 2005). These tools can be used to commit crimes as e.g. industrial spy activities or other forms of illegal data access. In this paper, we propose new methods for hiding information in Portable Executable (PE) files. PE is a file format for executables used in the 32-bit and 64-bit versions of the Windows operating system. In addition, we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. The existing techniques for hiding information in an executable file determine the total number of bytes to be hidden on the foundation of the size of the executable code. Our novel methods proposed here do not limit the amount of hidden code.
KW - Executable file
KW - Hiding information
KW - Portable executable (PE)
KW - Program binaries
UR - http://www.scopus.com/inward/record.url?scp=84867734960&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84867734960&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84867734960
SN - 9780729806664
T3 - Proceedings of the 6th Australian Digital Forensics Conference
SP - 153
EP - 159
BT - Proceedings of the 6th Australian Digital Forensics Conference
T2 - 6th Australian Digital Forensics Conference
Y2 - 1 December 2008 through 3 December 2008
ER -