Data hiding in windows executable files

DaeMin Shin, Yeog Kim, KeunDuck Byun, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

A common technique for hiding information in executable files is the embedding a limited amount of information in program binaries. The hiding technique is commonly achieved by using special software tools as e.g. the tools presented by Hydan and Stilo in (Rakan, 2004, Bertrand, 2005). These tools can be used to commit crimes as e.g. industrial spy activities or other forms of illegal data access. In this paper, we propose new methods for hiding information in Portable Executable (PE) files. PE is a file format for executables used in the 32-bit and 64-bit versions of the Windows operating system. In addition, we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. The existing techniques for hiding information in an executable file determine the total number of bytes to be hidden on the foundation of the size of the executable code. Our novel methods proposed here do not limit the amount of hidden code.

Original languageEnglish
Title of host publicationProceedings of the 6th Australian Digital Forensics Conference
Pages153-159
Number of pages7
Publication statusPublished - 2008 Dec 1
Event6th Australian Digital Forensics Conference - Perth, WA, Australia
Duration: 2008 Dec 12008 Dec 3

Other

Other6th Australian Digital Forensics Conference
CountryAustralia
CityPerth, WA
Period08/12/108/12/3

Fingerprint

Windows operating system
Crime

Keywords

  • Executable file
  • Hiding information
  • Portable executable (PE)
  • Program binaries

ASJC Scopus subject areas

  • Information Systems

Cite this

Shin, D., Kim, Y., Byun, K., & Lee, S. (2008). Data hiding in windows executable files. In Proceedings of the 6th Australian Digital Forensics Conference (pp. 153-159)

Data hiding in windows executable files. / Shin, DaeMin; Kim, Yeog; Byun, KeunDuck; Lee, Sangjin.

Proceedings of the 6th Australian Digital Forensics Conference. 2008. p. 153-159.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Shin, D, Kim, Y, Byun, K & Lee, S 2008, Data hiding in windows executable files. in Proceedings of the 6th Australian Digital Forensics Conference. pp. 153-159, 6th Australian Digital Forensics Conference, Perth, WA, Australia, 08/12/1.
Shin D, Kim Y, Byun K, Lee S. Data hiding in windows executable files. In Proceedings of the 6th Australian Digital Forensics Conference. 2008. p. 153-159
Shin, DaeMin ; Kim, Yeog ; Byun, KeunDuck ; Lee, Sangjin. / Data hiding in windows executable files. Proceedings of the 6th Australian Digital Forensics Conference. 2008. pp. 153-159
@inproceedings{0272f478312d4347ad2e8bbaed4d58c1,
title = "Data hiding in windows executable files",
abstract = "A common technique for hiding information in executable files is the embedding a limited amount of information in program binaries. The hiding technique is commonly achieved by using special software tools as e.g. the tools presented by Hydan and Stilo in (Rakan, 2004, Bertrand, 2005). These tools can be used to commit crimes as e.g. industrial spy activities or other forms of illegal data access. In this paper, we propose new methods for hiding information in Portable Executable (PE) files. PE is a file format for executables used in the 32-bit and 64-bit versions of the Windows operating system. In addition, we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. The existing techniques for hiding information in an executable file determine the total number of bytes to be hidden on the foundation of the size of the executable code. Our novel methods proposed here do not limit the amount of hidden code.",
keywords = "Executable file, Hiding information, Portable executable (PE), Program binaries",
author = "DaeMin Shin and Yeog Kim and KeunDuck Byun and Sangjin Lee",
year = "2008",
month = "12",
day = "1",
language = "English",
isbn = "9780729806664",
pages = "153--159",
booktitle = "Proceedings of the 6th Australian Digital Forensics Conference",

}

TY - GEN

T1 - Data hiding in windows executable files

AU - Shin, DaeMin

AU - Kim, Yeog

AU - Byun, KeunDuck

AU - Lee, Sangjin

PY - 2008/12/1

Y1 - 2008/12/1

N2 - A common technique for hiding information in executable files is the embedding a limited amount of information in program binaries. The hiding technique is commonly achieved by using special software tools as e.g. the tools presented by Hydan and Stilo in (Rakan, 2004, Bertrand, 2005). These tools can be used to commit crimes as e.g. industrial spy activities or other forms of illegal data access. In this paper, we propose new methods for hiding information in Portable Executable (PE) files. PE is a file format for executables used in the 32-bit and 64-bit versions of the Windows operating system. In addition, we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. The existing techniques for hiding information in an executable file determine the total number of bytes to be hidden on the foundation of the size of the executable code. Our novel methods proposed here do not limit the amount of hidden code.

AB - A common technique for hiding information in executable files is the embedding a limited amount of information in program binaries. The hiding technique is commonly achieved by using special software tools as e.g. the tools presented by Hydan and Stilo in (Rakan, 2004, Bertrand, 2005). These tools can be used to commit crimes as e.g. industrial spy activities or other forms of illegal data access. In this paper, we propose new methods for hiding information in Portable Executable (PE) files. PE is a file format for executables used in the 32-bit and 64-bit versions of the Windows operating system. In addition, we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. The existing techniques for hiding information in an executable file determine the total number of bytes to be hidden on the foundation of the size of the executable code. Our novel methods proposed here do not limit the amount of hidden code.

KW - Executable file

KW - Hiding information

KW - Portable executable (PE)

KW - Program binaries

UR - http://www.scopus.com/inward/record.url?scp=84867734960&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84867734960&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84867734960

SN - 9780729806664

SP - 153

EP - 159

BT - Proceedings of the 6th Australian Digital Forensics Conference

ER -