Acquiring Hidden Space via Modifying Block Bitmap for Android Devices

  • Wang Lianfang
  • Huang Hong
  • Li Yuanzhang
  • Zhang LiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11336)


Mobile devices are widely used to process sensitive data. In certain situations, the sensitive data must be hidden rather than be encrypted. The existing approaches of setting up hidden space are not suitable for advanced Ext4 file system because they may require external storage device. To address the issue, we propose a novel method to establish the hidden space in Ext4 via artificially modifying the block bitmaps. To further improve usefulness of our method, we modify the multiply bits of the block bitmaps one time by creating a “host file” rather than by bit. This method is lightweight and does not require modifying the linux kernel and has no effect on the normal operations of the operating system. To validate the method performance, distributions of hidden spaces under different storage capacity are conducted. The results show that our method is effective and reliable.


Hidden space Ext4 Block bitmap 



This work was supported in part by the key scientific research program of He’nan Education Department of China (No. 61361166006).


  1. 1.
  2. 2.
    Pang, H., Tan, K.L., Zhou, X.: StegFS: a steganographic file system. In: 2003 Proceedings of International Conference on Data Engineering, pp. 657–667 (2003)Google Scholar
  3. 3.
    Göbel, T., Baier, H.: Anti-forensics in ext4: on secrecy and usability of timestamp-based data hiding. Dig. Investig. 24, S111–S120 (2018)CrossRefGoogle Scholar
  4. 4.
    Zhang, X., Tan, Y., Zhang, C., Xue, Y., Li, Y., Zheng, J.: A code protection scheme by process memory relocation for android devices. Multimedia Tools Appl. 77(9), 11137–11157 (2018)CrossRefGoogle Scholar
  5. 5.
    Xiao, Y., et al.: A high-performance hierarchical snapshot scheme for hybrid storage systems. Chin. J. Electr. 27(1), 76–85 (2018)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Xiao, Y., Zhang, C., Xue, Y., Zhu, H., Li, Y., Tan, Y.: An extra-parity energy saving data layout for video surveillance. Multimedia Tools Appl. 77, 4563–4583 (2018)CrossRefGoogle Scholar
  7. 7.
    Skillen, A., Mannan, M.: On implementing deniable storage encryption for mobile devices (2013)Google Scholar
  8. 8.
    Carrier, B.: File System Forensic Analysis. Addison-Wesley Professional, Boston (2005)Google Scholar
  9. 9.
    Piper, S., Davis, M., Manes, G., Shenoi, S.: Detecting hidden data in Ext2/Ext3 file systems. In: Pollitt, M., Shenoi, S. (eds.) DigitalForensics 2005. ITIFIP, vol. 194, pp. 245–256. Springer, Boston, MA (2006). Scholar
  10. 10.
    Sun, Z., Zhang, Q., Li, Y., Tan, Y.: DPPDL: a dynamic partial-parallel data layout for green video surveillance storage. IEEE Trans. Circ. Syst. Video Technol. 28(1), 193–205 (2018)Google Scholar
  11. 11.
    Eckstein, K., Jahnke, M.: Data hiding in journaling file systems. In: Refereed Proceedings of the Digital Forensic Research Workshop, DFRWS 2005, Astor Crowne Plaza, New Orleans, Louisiana, USA, pp. 595–599, August 2005Google Scholar
  12. 12.
    Wong, D.J.: Ext4 Disk Layout - Ext4 Wiki (2016). Accessed 1 Oct 2017
  13. 13.
    Forensic Research Workshop, DFRWS 2005, Astor Crowne Plaza, New Orleans, Louisiana, USA, pp. 595–599, August 2005Google Scholar
  14. 14.
    Xue, Y., Tan, Y., Liang, C., Zhang, C., Zheng, J.: An optimized data hiding scheme for deflate codes. Soft. Comput. 22(13), 4445–4455 (2018)CrossRefGoogle Scholar
  15. 15.
    Yu, X., Tan, Y., Sun, Z., Liu, J., Liang, C., Zhang, Q.: A fault-tolerant and energy-efficient continuous data protection system. J. Ambient Intell. Humanized Comput. (2018).
  16. 16.
    Neuner, S., Voyiatzis, A.G., Schmiedecker, M., et al.: Time is on my side: steganography in filesystem metadata. Dig. Investig. 18, S76–S86 (2016)CrossRefGoogle Scholar
  17. 17.
    Fairbanks, K.D.: An analysis of Ext4 for digital forensics. Dig. Investig. 9, S118–S130 (2012)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Wang Lianfang
    • 1
  • Huang Hong
    • 2
  • Li Yuanzhang
    • 1
  • Zhang Li
    • 3
    Email author
  1. 1.School of Computer Science and TechnologyBeijing Institute of TechnologyBeijingChina
  2. 2.Troops 61516 of Chinese People’s Liberation ArmyBeijingChina
  3. 3.School of Computer and Information TechnologyNanyang Normal UniversityNanyangChina

Personalised recommendations