Chapter 8. Extracting Hidden Data
In This Chapter
Avoiding being fooled by covert operations
Driving through digital roadblocks
Beating the odds
Passing through passwords
As a computer forensic investigator, you eventually run into evidence whose very existence is hidden (unseen) or that has been hidden in plain sight (disguised). That is, you're confronted with invisible electronic evidence. Criminals may hide their files so that you don't even know that the files exist — at least not without effort. When insidious camouflage tactics are in play, you're not only involved in detective work — you're also engaged in combat plus detective work.
Your challenge is to discover covert attempts and break through them to extract hidden information. This area of computer forensics is arguably the most intriguing. You're matching wits with a criminal mind and playing mental chess games using digital pieces. Outsmarting someone who has gone to great lengths to hide data feels good, but you have to pay a price for this excitement. You also face the dull wait for software to come back with a clue to help you break the code — a password or hidden piece of data. You may experience the agony of defeat if cracking the password or defeating the encryption is beyond the technical means at your disposal. Then you might need to use alternative means of extracting the evidence. In this chapter, you find out how data can become hidden or disguised and how to extract it.