Data hiding in windows executable files

Dae Min Shin, Yeog Kim, Keun Duck Byun, Sangjin Lee

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    4 Citations (Scopus)

    Abstract

    A common technique for hiding information in executable files is the embedding a limited amount of information in program binaries. The hiding technique is commonly achieved by using special software tools as e.g. the tools presented by Hydan and Stilo in (Rakan, 2004, Bertrand, 2005). These tools can be used to commit crimes as e.g. industrial spy activities or other forms of illegal data access. In this paper, we propose new methods for hiding information in Portable Executable (PE) files. PE is a file format for executables used in the 32-bit and 64-bit versions of the Windows operating system. In addition, we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. The existing techniques for hiding information in an executable file determine the total number of bytes to be hidden on the foundation of the size of the executable code. Our novel methods proposed here do not limit the amount of hidden code.

    Original languageEnglish
    Title of host publicationProceedings of the 6th Australian Digital Forensics Conference
    Pages153-159
    Number of pages7
    Publication statusPublished - 2008
    Event6th Australian Digital Forensics Conference - Perth, WA, Australia
    Duration: 2008 Dec 12008 Dec 3

    Publication series

    NameProceedings of the 6th Australian Digital Forensics Conference

    Other

    Other6th Australian Digital Forensics Conference
    Country/TerritoryAustralia
    CityPerth, WA
    Period08/12/108/12/3

    Keywords

    • Executable file
    • Hiding information
    • Portable executable (PE)
    • Program binaries

    ASJC Scopus subject areas

    • Information Systems

    Fingerprint

    Dive into the research topics of 'Data hiding in windows executable files'. Together they form a unique fingerprint.

    Cite this