An Introduction to the exFAT File System and How to Hide Data Within
Keywords:data hiding, file systems, anti forensic
In the recent years steganographic techniques for hiding data in file system metadata gained focus. While commonly used file systems received tooling and publications the exFAT file system did not get much attention – probably because its structure provides only few suitable locations to hide data. In this work we present an overview of exFAT’s internals and describe the different structures used by the file system to store files. We also introduce two approaches that allow us to embed messages into the exFAT file system using steganographic techniques. The first approach has a lower embedding rate, but has less specific requirements for the embedding location. The other one, called exHide, uses error correcting to allow for an more robust approach. Both approaches are specified, evaluated and discussed in terms of their strengths and weaknesses.
Charles Arthur. China and the internet: Tricks to beat the online censor. www.theguardian.com/world/2010/mar/25/china-internet-how-to-beat-censorship?intcmp=239, 2010. Accessed: 2019-05-25.
Niklas Bunzel, Martin Steinebach, and Huajian Liu. Non-blind steganalysis. In Proceedings of the 15th International Conference on Availability, Reliability and Security, pages 1–7, 2020.
Niklas Bunzel, Martin Steinebach, and Huajian Liu. Cover-aware steganalysis. Journal of Cyber Security and Mobility, pages 1–26, 2021.
Sophia Cope. Law enforcement uses border search exception as fourth amendment loophole, 2016.
Ingemar Cox, Matthew Miller, Jeffrey Bloom, Jessica Fridrich, and Ton Kalker. Digital watermarking and steganography. Morgan kaufmann, 2007.
Knut Eckstein and Marko Jahnke. Data hiding in journaling file systems. In Digital Forensic Research Workshop (DFRWS), 01 2005.
Sean Gallagher. Steganography: how al-qaeda hid secret documents in a porn video. https://arstechnica.com/information-technology/2012/05/steganography-how-al-qaeda-hid-secret-documents-in-a-porn-video. Accessed: 2021-05-24.
Thomas Göbel, Jan Türr, and Harald Baier. Revisiting data hiding techniques for apple file system. In Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES ’19, New York, NY, USA, 2019. Association for Computing Machinery.
Loren Grush. A us-born nasa scientist was detained at the border until he unlocked his phone, 2017.
Thomas Göbel and Harald Baier. Anti-forensics in ext4: on secrecy and usability of timestamp-based data hiding. Digital Investigation, 24:S111–S120, 2018.
Julian Heeger, York Yannikos, and Martin Steinebach. Exhide: Hiding data within the exfat file system. In The 16th International Conference on Availability, Reliability and Security, ARES 2021, New York, NY, USA, 2021. Association for Computing Machinery.
David Kahn. The history of steganography. In International workshop on information hiding, pages 1–5. Springer, 1996.
Sebastian Neuner, Artemios G. Voyiatzis, Martin Schmiedecker, Stefan Brunthaler, Stefan Katzenbeisser, and Edgar R. Weippl. Time is on my side: Steganography in filesystem metadata. Digital Investigation, 18:S76–S86, 2016.
Lily Hay Newman. Mysterious ’MuslimCrypt’ App Helps Jihadists Send Covert Messages. https://www.wired.com/story/muslimcrypt-steganography/. Accessed: 2021-05-24.
Martin Steinebach, Andre Ester, and Huajian Liu. Channel steganalysis. In Proceedings of the 13th International Conference on Availability, Reliability and Security, pages 1–8, 2018.
Martin Steinebach, Andre Ester, Huajian Liu, and Sascha Zmuzinksi. Double embedding steganalysis: Steganalysis with low false positive rate. In Proceedings of the 2nd International Workshop on Multimedia Privacy and Security, pages 38–47, 2018.
Martin Steinebach, Huajian Liu, and Andre Ester. The need for steganalysis in image distribution channels. Journal of Cyber Security and Mobility, pages 365–392, 2019.
Yves Vandermeer, Nhien-An Le-Khac, Joe Carthy, and Tahar Kechadi. Forensic analysis of the exfat artefacts. arXiv preprint arXiv:1804.08653, 04 2018.
Copyright (c) 2022 Journal of Cyber Security and Mobility
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.