Hiding Data in the Registry
The Registry is yet another location for hiding data within a live file system. The data stored in the Registry consists of several formats, including strings and binary data. Many types of data can be hidden within the Registry, such as text information, passwords, URLs, and binary information. Binary information can include segments of programs or even entire programs. Small programs can be hidden as a binary data type in a Registry key, or a larger program can be segmented, and those segments can be placed in separate keys.
Another place to hide data in the Registry is in the time zone information[22]. Time zone information is maintained in the following key:
[22] See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/gettimezoneinformation.asp ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.