"Assuming NTFS and Windows.
A quick and dirty solution would be to create a virtual hard drive in the alternate data stream of an innocuous file. The drive won't appear empty, it will show used space, but it won't show you where.
Alternate data streams are accessed by putting a colon after the file name. So create a file called readme.txt with whatever in it. Then create a VHD at readme.txt:mydrive.vhd and store whatever you want in the VHD.
I haven't tried this to see if it would work and I'm on a phone so can't do the five minute experiment to see if the VHD tools in Windows can see the ADS, but they should. This is classic security by obscurity. If you wanted it to be secured, you could encrypt both the USB drive and the VHD with different bitlocker keys.
You could save an encrypted file (say, a VeraCrypt file) onto the stick, and then delete it and empty your recycle bin. You’ll still then be able to use a program like PhotoRec to recover the file, as long as it’s not overwritten first, and then decrypt it as normal. Since the filesystem is no longer aware of the file, as soon as someone saves something else to the disk, there’s a good chance it will overwrite part of your encrypted file and you’ll no longer be able to recover/decrypt it.
Another option is to use a feature of Windows called Alternate Data Streams. You’d create a dummy file (e.g., a text file) and then attach another file to it as an ADS. This won’t affect the size of the first file, but if someone does a little bit of arithmetic on your disk size, total files, and available space, they’ll be able to tell that an ADS is present. Then it’s just a matter of using a program like Lads or CrutialADS to find it.
VeraCrypt also supports the concept of a hidden volume. You create an encrypted file with a secret, second encrypted file within it. You have two passwords, one which will decrypt the outer volume only without disclosing the inner one, and another that decrypts both volumes."
https://www.quora.com/Could-I-encrypt-a-USB-stick-to-make-it-look-like-it-was-empty
A quick and dirty solution would be to create a virtual hard drive in the alternate data stream of an innocuous file. The drive won't appear empty, it will show used space, but it won't show you where.
Alternate data streams are accessed by putting a colon after the file name. So create a file called readme.txt with whatever in it. Then create a VHD at readme.txt:mydrive.vhd and store whatever you want in the VHD.
I haven't tried this to see if it would work and I'm on a phone so can't do the five minute experiment to see if the VHD tools in Windows can see the ADS, but they should. This is classic security by obscurity. If you wanted it to be secured, you could encrypt both the USB drive and the VHD with different bitlocker keys.
You could save an encrypted file (say, a VeraCrypt file) onto the stick, and then delete it and empty your recycle bin. You’ll still then be able to use a program like PhotoRec to recover the file, as long as it’s not overwritten first, and then decrypt it as normal. Since the filesystem is no longer aware of the file, as soon as someone saves something else to the disk, there’s a good chance it will overwrite part of your encrypted file and you’ll no longer be able to recover/decrypt it.
Another option is to use a feature of Windows called Alternate Data Streams. You’d create a dummy file (e.g., a text file) and then attach another file to it as an ADS. This won’t affect the size of the first file, but if someone does a little bit of arithmetic on your disk size, total files, and available space, they’ll be able to tell that an ADS is present. Then it’s just a matter of using a program like Lads or CrutialADS to find it.
VeraCrypt also supports the concept of a hidden volume. You create an encrypted file with a secret, second encrypted file within it. You have two passwords, one which will decrypt the outer volume only without disclosing the inner one, and another that decrypts both volumes."
https://www.quora.com/Could-I-encrypt-a-USB-stick-to-make-it-look-like-it-was-empty
No comments:
Post a Comment