The first thing a hacker wants to do when they’ve managed to get into a machine is to hide the data they want to leave behind. There are those who use techniques that even my grandmother knows about, and there are those who take advantage of the internal structure of the filesystem.

This article explains the different solutions for hiding data in an ext2/ext3 filesystem while taking into account the constraints that remain. However, we will not address the topic of deleted data and how to recover it, which is a completely different subject (that of leaving no trace :)).

Anti-forensics on ext2/ext3 filesystems

Edit this page

Last updated 25 Sep 2008, 12:00 CEST. history