Hsu et al., 2016 - Google Patents

Data concealments with high privacy in new technology file system

Hsu et al., 2016

Document ID: 3060089093548850468
Author: Hsu F; Wu M; Ou S; Wang S
Publication year: 2016
Publication venue: The Journal of Supercomputing

External Links

Cited by

Snippet

This paper proposes a new approach, called file concealer (FC), to conceal files in a computer system. FC modifies metadata about a file in NTFS (New Technology File System) to hide the file. Unlike traditional hooking methods which can be easily detected by antivirus …

Continue reading at link.springer.com (other versions)

238000005516 engineering process 0 title abstract description 18

Classifications

- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30067—File systems; File servers
- G06F17/30129—Details of further file system functionalities
- G06F17/30144—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from or digital output to record carriers, e.g. RAID, emulated record carriers, networked record carriers
- G06F3/0601—Dedicated interfaces to storage systems
- G06F3/0602—Dedicated interfaces to storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from or digital output to record carriers, e.g. RAID, emulated record carriers, networked record carriers
- G06F3/0601—Dedicated interfaces to storage systems
- G06F3/0628—Dedicated interfaces to storage systems making use of a particular technique
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring

Similar Documents

Publication	Publication Date	Title
TWI786399B (en)	2022-12-11	Non-transitory computer accessible storage medium, method and computer systems for post-processing in a cloud-based data protection service
US8171063B1 (en)	2012-05-01	System and method for efficiently locating and processing data on a deduplication storage system
US10713361B2 (en)	2020-07-14	Anti-malware protection using volume filters
Carrier	2006	Risks of live digital forensic analysis
US9400886B1 (en)	2016-07-26	System and method for using snapshots for rootkit detection
US7831560B1 (en)	2010-11-09	Snapshot-aware secure delete
US8433863B1 (en)	2013-04-30	Hybrid method for incremental backup of structured and unstructured files
KR101201118B1 (en)	2012-11-13	System and method of aggregating the knowledge base of antivirus software applications
US7640404B2 (en)	2009-12-29	File system write filtering for selectively permitting or preventing data from being written to write-protected storage
US20100280996A1 (en)	2010-11-04	Transactional virtual disk with differential snapshots
US20090164738A1 (en)	2009-06-25	Process Based Cache-Write Through For Protected Storage In Embedded Devices
Fowler	2008	SQL server forenisc analysis
US7634521B1 (en)	2009-12-15	Technique for scanning stealthed, locked, and encrypted files
US20060277183A1 (en)	2006-12-07	System and method for neutralizing locked pestware files
Hirano et al.	2018	LogDrive: a proactive data collection and analysis framework for time-traveling forensic investigation in IaaS cloud environments
US9152823B2 (en)	2015-10-06	Systems, methods, and computer readable media for computer data protection
Hsu et al.	2016	Data concealments with high privacy in new technology file system
Ma et al.	2023	Travelling the hypervisor and ssd: A tag-based approach against crypto ransomware with fine-grained data recovery
US10303556B1 (en)	2019-05-28	Modifiable volume snapshots
Berghel et al.	2008	Data hiding tactics for windows and unix file systems
US8452744B2 (en)	2013-05-28	System and method for analyzing locked files
US9053108B2 (en)	2015-06-09	File system extended attribute support in an operating system with restricted extended attributes
Zhang et al.	2006	Virtual-machine-based intrusion detection on file-aware block level storage
Freiling et al.	2017	Characterizing loss of digital evidence due to abstraction layers
Mankin et al.	2012	Dione: a flexible disk monitoring and analysis framework