Are there ways to hide data on a hdd that Encase wont be able to find? ?
Password protection of a file/container usually means that the data will be 'hidden' from EnCase.
So password protecting a .rar file for example would hide the contents from Encase
Nothing will make data "invisible" (other than destruction), but encryption will make it uninterpretable.
So no, password protecting a "rar" file will not make it invisible.
Are their places on a hdd that would make it difficult to find then?
Are their places on a hdd that would make it difficult to find then?
Can I ask why you'd want to know?
Im studying a computer forensics masters, nothing sinister ) More interest than anything
try this tool, is very interesting (but not definitive, of course)
Slacker - First ever tool that allows you to hide files within the slack space of the NTFS file system.
http//
Thanks, I have already used that tool before
Here are a few tweets from @Disklabs (
@robtlee @Schizophreud You spoke to me about data recovery. Hashing a disk - I put data on it - hash it again - same hash.
@robtlee @Schizophreud Makes no difference. We put data in system areas. Nothing can find it - well no standard equipment or software anyhow
@swako Looked at the hash thing. No good for me. We can only do this on certain hard drives - we access the system area and write there below the level that Encase, FTK, or any other tools can access, hence the hash isnt changed.
