Hiding Data in the Registry

The Registry is yet another location for hiding data within a live file system. The data stored in the Registry consists of several formats, including strings and binary data. Many types of data can be hidden within the Registry, such as text information, passwords, URLs, and binary information. Binary information can include segments of programs or even entire programs. Small programs can be hidden as a binary data type in a Registry key, or a larger program can be segmented, and those segments can be placed in separate keys.

Another place to hide data in the Registry is in the time zone information[22]. Time zone information is maintained in the following key:

[22] See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/gettimezoneinformation.asp ...

Get Windows Forensics and Incident Recovery now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.