Rootkits are programs that hackers use in order to evade detection while trying to gain unauthorized access to a computer. Rootkits when installing on a computer, are invisible to the user and also take steps to avoid being detected by security software. A rootkit is a set of binaries, scripts and configuration files that allows someone to covertly maintain access to a computer so that he can issue commands and scavenge data without alerting the system's owner. Depending on where they are installed there are various types of rootkits: Kernel Level Rootkits Hardware/Firmware Rootkits Hypervisor (Virtualized) Level Rootkits Boot loader Level (Bootkit) Rootkits Alternative Data Stream support was added to NTFS (Windows NT, Windows 2000 and Windows XP) to help support Macintosh Hierarchical File System (HFS) which uses resource forks to store icons and other information for a file. Using Alternative Data Streams a user can easily hide files that can go undetected unless close inspection. The art of hiding a data inside another data/medium is called steganography. For eg: hiding data within an image file The secret message is called overt file and the covering file is called covert file. Image Steganography Document Steganography Folder Steganography Video Steganography Audio Steganography White Space Steganography
Hiding Files
Rootkits
NTFS DATA Stream
Steganography
Types of Steganography