ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.
Hidden channels (covert channels) are communication channels that transmit information without the authorization or knowledge of the channel's designer, owner, or operator.
- Bypassing network filters;
- Bypassing network sniffers.
Information can be hidden within:
- IP ID;
- TCP SEQ/ACK numbers;
- TCP options;
Generally, it is impossible to detect well-designed hidden channels by means of traffic analysis. For example, information hidden within TLS Client/Server Hello random bytes in encrypted form cannot be distinguished from bytes produced by secure random number generator.
However, it is possible to detect hidden channels by detecting attendant events, such as successful intrusion attempts.