|
Posted by =?ISO-8859-1?Q?j=F8rgen?= on January 19, 2007, 12:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options
jørgen wrote:
> If using NTFS, check up on alternate data streams
Just know, if they snoop around with special utilities, hidden files in
alternate streams will be found rather quickly
|
|
Posted by Someone Else on January 19, 2007, 12:38 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>To contain the TrueCrypt encrypted volume, I can choose any file name and
>location that doesn't already exist. But, my question is what file name and
>location would arouse the least suspicion were a coworker to be snooping
>around looking for my personal data on my WinXP computer?
>
>Specifically what binary file could reasonable be expected to be a few
>megabytes in size, yet have a normal sounding name in a normal sounding
>location containing "gibberish" (ie encrypted data) that would not arouse
>suspicions that it is actually a TrueCrypt encrypted volume?
Do a search on your own computer for all files larger than <some
value>. On mine, I found some 50MB CAB files and a gigabyte swap
file.
You could put another CAB file into the same directory or create
an "orphaned" swap file.
But, these are examples from *my* system. You should find what's
not unusual on your own. (Have you considered a thumb drive,
instead?)
Of course, this is the practical side. There are also the legal
and ethical sides: The computer is owned by your company, and
they might believe they have some say in what goes on it. They
might even have a written policy about installing unauthorized
software or about keeping personal files on work computers.
|
|
Posted by Wraeth on January 19, 2007, 9:43 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> What is a good filespec to hold an encrypted volume on WinXP?
>
> Based on extensive googling, I installed the TrueCrypt freeware disk
> encryption to safeguard my private files on a rather public computer.
>
> TrueCrypt requires a file name to contain the rather large encrypted volume
> file even if a hidden volume is used inside the regular encrypted volume.
> For example, the file name containing the encrypted volume could be
> C:\Documents and Settings\Administrator\My TrueCrypt Encrypted Volume.bin
>
> To contain the TrueCrypt encrypted volume, I can choose any file name and
> location that doesn't already exist. But, my question is what file name and
> location would arouse the least suspicion were a coworker to be snooping
> around looking for my personal data on my WinXP computer?
>
> Specifically what binary file could reasonable be expected to be a few
> megabytes in size, yet have a normal sounding name in a normal sounding
> location containing "gibberish" (ie encrypted data) that would not arouse
> suspicions that it is actually a TrueCrypt encrypted volume?
Jane-G,
As you can no doubt see, there are a lot of suggestions for you to
follow up on regarding the solution to your problem. However, to find
the best solution applicable to your situation, it may be wise to
consider exactly what scenario you are trying to avoid.
From your post, you say that you don't want your co-workers, who
occasionally snoop around your computer, to even know that you have the
data. Therefore, it is not the content that you are hiding, but the
existence.
If this is the case, then perhaps it is not a wise idea to store the
data on a computer to which your co-workers have access; instead, as
suggested before, use a USB thumb drive, or burn the data to a removable
disc. This way, you remove the threat that a co-worker with above
average computer literacy (such as the IT administration or support
team) will notice an unusual file with a large file, or recognize
possibilities from the existence of TrueCrypt on the computer in question.
If, however, it is only the content that you are wishing to hide, not
the existence, then all you really need is a decent encryption program.
If the file you wish to encrypt is large, then perhaps you could place
the file into an archive and split the archive into separate files
before you encrypt it.
It would be a wise move, as also mentioned in a previous response, to
consider the policies in effect at your workplace regarding the use of
company computers for personal reasons. Another point is perhaps
securing the computer against unauthorized use by your co-workers (if
their use is constituted as unauthorized).
I hope that this helps you with your problem, and that you find a
solution that is manageable, practicable, and allows your data to remain
undiscovered.
Regards,
wraeth
|
|
Posted by Bill on January 20, 2007, 12:06 am
If you were Registered and logged in, you could reply and use other advanced thread options
Jane_G wrote:
> What is a good filespec to hold an encrypted volume on WinXP?
>
> Based on extensive googling, I installed the TrueCrypt freeware disk
> encryption to safeguard my private files on a rather public computer.
>
> TrueCrypt requires a file name to contain the rather large encrypted volume
> file even if a hidden volume is used inside the regular encrypted volume.
> For example, the file name containing the encrypted volume could be
> C:\Documents and Settings\Administrator\My TrueCrypt Encrypted Volume.bin
>
> To contain the TrueCrypt encrypted volume, I can choose any file name and
> location that doesn't already exist. But, my question is what file name and
> location would arouse the least suspicion were a coworker to be snooping
> around looking for my personal data on my WinXP computer?
>
> Specifically what binary file could reasonable be expected to be a few
> megabytes in size, yet have a normal sounding name in a normal sounding
> location containing "gibberish" (ie encrypted data) that would not arouse
> suspicions that it is actually a TrueCrypt encrypted volume?
Look at the _hidden_ uninstall service pack directories in a typical
Windows XP installation. They are in the \Windows directory, usually,
with folder names like '$NTUninstallKB999999_0$' and they typically
contain dll files. Create one that does not exist in real
life--probably a directory name starting with $NTUninstallKB0 since all
the current KB numbers are larger than that. Create the file as a
hidden .dll file there. Since the folder will not be listed as a
service pack in the registry, the system unistaller ought to ignore it,
AFAIK. And those directories are a hidden forest that almost nobody
but M$ understands :).
|
|
Posted by Sebastian Gottschalk on January 20, 2007, 3:19 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Look at the _hidden_ uninstall service pack directories in a typical
> Windows XP installation. They are in the \Windows directory, usually,
> with folder names like '$NTUninstallKB999999_0$' and they typically
> contain dll files. Create one that does not exist in real
> life--probably a directory name starting with $NTUninstallKB0 since all
> the current KB numbers are larger than that.
Non-admin users don't have write-access there.
> And those directories are a hidden forest that almost nobody but M$
understands :).
Wrong again.
|
| Similar Threads | Posted | | Any good free spyware scan that I can run in bat file so I can schedule it daily | June 21, 2007, 10:32 am |
| Index.btr file in Windows XP Help please | January 20, 2006, 12:56 pm |
| HELP. Windows file names changed | September 29, 2006, 11:01 am |
| Evidence of file copy to external device on Windows 2000 / FAT 32 | April 19, 2006, 4:05 am |
| Re: portably encrypting a file system's partition, directory and/or file | November 25, 2005, 6:10 pm |
| Encrypted Anonymous Surfing | January 1, 2006, 10:52 pm |
| Can you keep a secret? This encrypted drive can... | October 30, 2006, 11:25 pm |
| Secure encrypted data backup? | January 31, 2008, 3:10 pm |
| Encrypted backup of whole-disk encryption | March 13, 2008, 11:50 am |
| Webmasterslookup launches Encrypted Messaging Service. | March 10, 2008, 4:21 pm |
|
XML site map