Notifications

Clear all

Looking for Hidden messages

Juniper · 2004-11-07T22:50:12Z

I have been given some work to find some hidden messages in 5 files. I have found 3 of them but am a little stumped in finding them on a ppm graphic image and in a document with 32 - bit floating point numbers. (Actually I have been sat in front of the screen for hours on end). 8O 8O Any tips would be gratefully appreciated, as well as links to the types of software (freeware) I could use on a windows GUI. Also, a methodology would be nice. Thanx in Advance

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Andy 21 years ago

14 Posts

5 Users

0 Reactions

13 K Views

RSS

Suomi

(@suomi)

Active Member

Joined: 21 years ago

Posts: 8

10/11/2004 4:56 pm

This is just a total shot in the dark here, but I think you may be looking at this the wrong way.

At a quick twenty second glance I dont think that this relates to any forensic program.. but rather a brain teaser.

Uhhhs!texu sintmd ce!e sx!ghodE nes hu riow!ho uhd!qhcture?

Maybe if you reorganize these letters in different patterns….

Basically, i agree with andy!

Best of luck!

ReplyQuote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

16/11/2004 12:50 pm

Andy,

ADS are just a â€˜possibilityâ€™ and although I am not overly familiar with their intricacies, I do believe they survive being copied across a Windows (NTFS) LAN or from one hard drive to another as long as both file system are NTFS - so I wouldn't discount it without the full facts.

Not to belabor the point, but I just wanted to take the opportunity to clear up a possible misconception. For NTFS ADSs to "survive being copied across a Windows (NTFS) LAN", the method of copying is important. Copying or doing the old "drag and drop" via CIFS/SMB allows the ADS to survive. Using cp.exe from the RK will work, as well.

Other methods of copying…FTP or HTTP download for example, even between NTFS drives…will not preserve the ADS.

With regards to your final comment about full facts, I provided a link to a fairly comprehensive paper on the subject, and there is my book, as well.

Thanks,

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com

ReplyQuote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

16/11/2004 12:51 pm

With regards to the string of text, I think a Perl script that walks through the various rotational schemes would probably reveal something of interest…

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com

ReplyQuote

Andy

(@andy)

Reputable Member

Joined: 21 years ago

Posts: 357

16/11/2004 5:59 pm

Harlan,

I meant the full facts from Juniper, regarding how he was presented with the files 😕 I think you have misunderstood the post…..

What I was trying to say was; for all we know he might have copied them from one NTFS volume to another, thus preserving the ADS. It's a long shot I know but when I mentioned ADS I was trying to be helpful and suggest ideas for the original request - "Any tips would be gratefully appreciated".

I think a Perl script that walks through the various rotational schemes would probably reveal something of interest…

Can you elaborate? I tried several Caesar cipher/rot type decryption tools, and it still appeared as cipher text.

Andy

ReplyQuote

Page 2 / 2 Prev

8 Forums
15.7 K Topics
92.3 K Posts
226 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed