Skip to content
/ fsworker Public

Hide data in file slack or fake bad clusters (Steganography) - FAT16, VFAT

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bpoje/fsworker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits

fsWorker

fsWorker

 
 

screenshot

screenshot

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

Repository files navigation

FAT16 Steganography

Eclipse java project:

  • GUI for hiding data in FAT16
  • VFAT support (LFN - long filenames)

Data can be hidden in:

  • file slack
  • fake bad clusters

About FAT

In order for FAT to manage files with satisfactory efficiency, it groups sectors into larger blocks referred to as clusters. A cluster is the smallest unit of disk space that can be allocated to a file, which is why clusters are often called allocation units. Clusters are groups of consecutive sectors (usually 512 B). File slack is data that starts from the end of the file written and continues to the end of the sectors designated to the file.

(http://www.sleuthkit.org/informer/sleuthkit-informer-18.html) (http://www.forensicswiki.org/wiki/FAT)

Output log example

Program generates log that allows user to later reconstruct the hidden files:

Input file:test1/163840/5b28cb5d0651fe6999a810c47100e580
Hidden in:
c/65536/65536/072c396e6b9dc02c1039fd9b2f29baf1/2
f/45056/45056/ffacdaa662af0578acac3e1d8f3ff0e4/Archive/Parrot.7z.001
f/45056/45056/ef3661b95935982f84516358718784cd/Archive/Parrot.7z.002
c/8192/65536/1483613f9929cbad55e19f8bbbfe8048/754

Screenshot

Alt text

About

Hide data in file slack or fake bad clusters (Steganography) - FAT16, VFAT

Topics

java fat16 steganography vfat

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages