Abstract
The hard disk drive remains the most commonly used form of storage media in both commercial and domestic computer systems. These drives can contain a vast range of data both of personal value and commercial significance. This paper focuses on two key areas; the potential for the drive operation to be impacted by malicious software and the possibility for the drive firmware to be manipulated to enable a form of steganography. Hard drive firmware is required for the correct operation of the disk drive in particular for dealing with errors arising due to natural wear as the drive ages. Where an area of the drive becomes unreliable due to wear and tear, the disk firmware which monitors the reliability of data access will copy the data from the failing area to a specially designated reserved area. The firmware remaps this data shift so the old data area and the original copy of the data are no longer accessible by the computer operating system. There are now a small number of commercially available devices, intended for data recovery, which can be used to modify the hard drive firmware components. This functionality can be used to conceal code on the disk drive, either as a form of steganography or to potentially include malicious code with the intention to infect or damage software or possibly system hardware. This paper discusses the potential problem generated by firmware being manipulated for malicious purposes.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Gendarmerie Nationale.: http://www.gendarmerie.interieur.gouv.fr. Accessed 10 April 2010
ACPO: Association of Chief Police Officers Good Practice Guide for Computer based Electronic Evidence, Version 4.0. http://www.7safe.com/electronic_evidence/ACPO_guidelines_computer_evidence.pdf. Accessed 9 April 2010 (2008)
Hitachi Website.: http://www.hitachi.com/New/cnews/071015a.html. Accessed 12 April 2010
Carrier B.: Forensic File System Analysis. Addison Wesley, Reading (2005)
Gupta, M.R., Hoeschele, M.D., Marcus, K., Rogers, M.K.: Hidden disk areas: HPA and DCO. Int. J. Digit. Evidence, Fall 2006, vol. 5, Issue 1 (2006)
Blyth, A.J.C., Sutherland, I, Pringle, N.: Tools and techniques for steganography and data insertion onto computer hard-drives. In: 8th Annual Program Manager’s Anti-Tamper Workshop. Sponsored by US DoD Anti-Tamper Executive Agent SAF/AQL and Department of the Army, Redstone Arsenal, Huntsville (2008)
Sutherland, I., Davies, G., Pringle, P., Blyth, A.J.C.: The impact of hard disk firmware steganography on computer forensics. In: The 2009 ADFSL Conference on Digital Forensics, Security and Law, May 20–22, Champlain College, Burlington (2009)
Ace Laboratories Website.: http://www.acelaboratory.com. Accessed 14 October 2010
Winhex Website.: http://www.winhex.com/winhex. Accessed 14 October 2010
Browsedata: HDD firmware serial number source code 1.01 free download. http://www.softlow.com/windows/development-tools/debugging/shareware/hdd-firmware-serial-number-source-code.html. Accessed 11 March 2009 (2004)
Salvationdata Website.: http://www.salvationdata.com. Accessed 14 October 2010
Davies, G., Sutherland, I.: Hard disk storage: firmware manipulation and forensic impact and current best practice. The 2010 ADFSL Conference on Digital Forensics, Security and Law, May 19–21, 2010, St. Paul (2010)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sutherland, I., Davies, G. & Blyth, A. Malware and steganography in hard disk firmware. J Comput Virol 7, 215–219 (2011). https://doi.org/10.1007/s11416-010-0149-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-010-0149-x