Vulnerability Development mailing list archives
RE: How to hide a file ?
From: "Ken Pfeil" <Ken () infosec101 org>
Date: Tue, 8 Jan 2002 15:09:01 -0500
Unless (as HC said) it was attached to a directory, say "Temp"? You can even use root directories, which are a royal pain to get rid of even if the stream name is known. MAC times would be a moot point. Regards, Ken
-----Original Message----- From: Altheide, Cory [mailto:CAltheide () broadband att com] Sent: Tuesday, January 08, 2002 2:01 PM To: vuln-dev () security-focus com Subject: RE: How to hide a file ? I understand what you're saying, and don't feel slighted at all. :) I probably didn't make it clear, but my intention was just to point out that if the original poster was going to use ADSs to hide his data, he may want to be aware that he is altering the modified time of the parent file, which could *possibly* arouse some suspicion. I don't think from an administrative mindset, so I can't say what an admin would look for. In a cursory investigation though, I personally would check MAC times very early on. Cory Altheide Internet Security Coordinator AT&T Broadband Legal Demands Center
Current thread:
- Re: How to hide a file ?, (continued)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? Jon Zobrist (Jan 09)
- RE: How to hide a file ? Ken Pfeil (Jan 08)
- Re: How to hide a file ? bugtraq (Jan 08)
- Re: How to hide a file ? Blue Boar (Jan 09)
- RE: How to hide a file ? Bojan Zdrnja (Jan 10)