I am going ot try and answer as many question as I can here. Sorry if I don't properly address teh person who asked the question.
Thank you for suggesting Brian Carrier. I may try to examine his book over the summer when I have more time away from class.
Alternative Data Streams are a rather interesting way of hiding data. Unfortunatley, half our recent midterm featured these and it is one of the first things I would be expecting my classmates to be looking for. Not that this necessarily rules it out.
Multiple primary partitions sounds interesting. we are limited to a 1 gig thumb drive though. Sounds interesting. Wish I had more time to consult with the instructor on if he would allow this.
Bithead my coding skill are probably not up to the suggested "confounding the examiner (think int0x80)? Or what about a time/space waster (think zip 'o death)?" that you suggest.
jaclaz, yes I would like something where the cursory tools like Disk Management or fdisk saw only one volume. I don't necessarily expect such a technique to with stand more serious or dedicated Forensics tools. I just want to slow them down a little.
As far as how much unallocated space do I need? not much. I was thinking more in the line of placing random data strings because I know a couple of people in my class would not let it go and try to decrypt whatever message must be hidden there. Just like a couple of Rottweilers.
FAT might be easier but the instructor has mostly been limiting class discussion to NTFS and I feel like I need to stick to that artificial limitation.
I don't thinks the contents of the device necessarilly need to be resillent to the OS has the instructor has stressed over and over again the need to make a forensics copy of things before starting any work.
AS far as making an uncrackable drive the instructor has already given me permissiion to encrypt the drive as long a I include a "hint" sheet of clues. So that that opposing team can try a cracking via the hints or using brute force.
Oh and bithead about your question on DOS attacks, I doubt someone would try to gain any godlike knowledge from me as I am still at the stage where I would wet myself with a water pistol.
Thank you for your hints .
↧