Question
Question #1. Would there be any benefit in hiding a file in the registry versus an alternate data stream? Would the type of file or
Question #1. Would there be any benefit in hiding a file in the registry versus an alternate data stream? Would the type of file or file size affect your decision? What might prevent you from being able to hide data in this manner?
Question #2.In this weeks reading we learned of ways to hide data in Windows and Linux by deleting a file and then recovering it. In Windows this was accomplished using VSSADMIN and in Linux this was accomplished by using E2undel. Knowing this, how could you apply what you have learned to hide or recover data on a windows system using Volume Shadow Copies? What about a Linux based system? What type of scenarios can you imagine where this might be useful for an investigator.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started