An Introduction to the exFAT File System and How to Hide Data Within


  • Julian Heeger Fraunhofer SIT, Germany
  • York Yannikos Fraunhofer SIT, Germany
  • Martin Steinebach Fraunhofer SIT, Germany



data hiding, file systems, anti forensic


In the recent years steganographic techniques for hiding data in file system metadata gained focus. While commonly used file systems received tooling and publications the exFAT file system did not get much attention – probably because its structure provides only few suitable locations to hide data. In this work we present an overview of exFAT’s internals and describe the different structures used by the file system to store files. We also introduce two approaches that allow us to embed messages into the exFAT file system using steganographic techniques. The first approach has a lower embedding rate, but has less specific requirements for the embedding location. The other one, called exHide, uses error correcting to allow for an more robust approach. Both approaches are specified, evaluated and discussed in terms of their strengths and weaknesses.


Download data is not yet available.

Author Biographies

Julian Heeger, Fraunhofer SIT, Germany

Julian Heeger became a researcher in cybersecurity at the Media Security and IT Forensics department of Fraunhofer SIT, after he completed his master’s degree in IT security at the Technical University of Darmstadt.

York Yannikos, Fraunhofer SIT, Germany

York Yannikos is a Research Associate at the Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany. His research interests include digital forensic tool testing, darknet marketplaces, and open source intelligence.

Martin Steinebach, Fraunhofer SIT, Germany

Martin Steinebach. Prof. Dr. Martin Steinebach is the manager of the Media Security and IT Forensics division at Fraunhofer SIT. From 2003 to 2007 he was the manager of the Media Security in IT division at Fraunhofer IPSI. He studied computer science at the Technical University of Darmstadt and finished his diploma thesis on copyright protection for digital audio in 1999. In 2003 he received his PhD at the Technical University of Darmstadt for this work on digital audio watermarking. In 2016 he became honorary professor at the TU Darmstadt. He gives lectures on Multimedia Security as well as Civil Security. He is Principle Investigator at ATHENE and represents IT Forensics and AI Security. Before he was Principle Investigator at CASED with the topics Multimedia Security and IT Forensics.


Charles Arthur. China and the internet: Tricks to beat the online censor., 2010. Accessed: 2019-05-25.

Niklas Bunzel, Martin Steinebach, and Huajian Liu. Non-blind steganalysis. In Proceedings of the 15th International Conference on Availability, Reliability and Security, pages 1–7, 2020.

Niklas Bunzel, Martin Steinebach, and Huajian Liu. Cover-aware steganalysis. Journal of Cyber Security and Mobility, pages 1–26, 2021.

Sophia Cope. Law enforcement uses border search exception as fourth amendment loophole, 2016.

Ingemar Cox, Matthew Miller, Jeffrey Bloom, Jessica Fridrich, and Ton Kalker. Digital watermarking and steganography. Morgan kaufmann, 2007.

Knut Eckstein and Marko Jahnke. Data hiding in journaling file systems. In Digital Forensic Research Workshop (DFRWS), 01 2005.

Sean Gallagher. Steganography: how al-qaeda hid secret documents in a porn video. Accessed: 2021-05-24.

Thomas Göbel, Jan Türr, and Harald Baier. Revisiting data hiding techniques for apple file system. In Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES ’19, New York, NY, USA, 2019. Association for Computing Machinery.

Loren Grush. A us-born nasa scientist was detained at the border until he unlocked his phone, 2017.

Thomas Göbel and Harald Baier. Anti-forensics in ext4: on secrecy and usability of timestamp-based data hiding. Digital Investigation, 24:S111–S120, 2018.

Julian Heeger, York Yannikos, and Martin Steinebach. Exhide: Hiding data within the exfat file system. In The 16th International Conference on Availability, Reliability and Security, ARES 2021, New York, NY, USA, 2021. Association for Computing Machinery.

David Kahn. The history of steganography. In International workshop on information hiding, pages 1–5. Springer, 1996.

Sebastian Neuner, Artemios G. Voyiatzis, Martin Schmiedecker, Stefan Brunthaler, Stefan Katzenbeisser, and Edgar R. Weippl. Time is on my side: Steganography in filesystem metadata. Digital Investigation, 18:S76–S86, 2016.

Lily Hay Newman. Mysterious ’MuslimCrypt’ App Helps Jihadists Send Covert Messages. Accessed: 2021-05-24.

Martin Steinebach, Andre Ester, and Huajian Liu. Channel steganalysis. In Proceedings of the 13th International Conference on Availability, Reliability and Security, pages 1–8, 2018.

Martin Steinebach, Andre Ester, Huajian Liu, and Sascha Zmuzinksi. Double embedding steganalysis: Steganalysis with low false positive rate. In Proceedings of the 2nd International Workshop on Multimedia Privacy and Security, pages 38–47, 2018.

Martin Steinebach, Huajian Liu, and Andre Ester. The need for steganalysis in image distribution channels. Journal of Cyber Security and Mobility, pages 365–392, 2019.

Yves Vandermeer, Nhien-An Le-Khac, Joe Carthy, and Tahar Kechadi. Forensic analysis of the exfat artefacts. arXiv preprint arXiv:1804.08653, 04 2018.