Return to Data Hiding

Hiding Data in Registry

Tutorial Key Facts
Supported Operating SystemWindows XP , Vista , 7
Last Update2014/06/27
AuthorNihad Hassan
We can hide data of different format within Windows registry (strings, binary data), some registry entries are already available for storing hidden data , the best known location is HKEY_LOCAL_MACHINESystemCurrentControlSetControlTimeZoneInformation , this key records the difference between PC local time and UTC time zone in addition to other functions. This key contains two entries that could hold both string and binary data and could be left empty as they are not used by Windows. These entries are StandardName and DaylightName.

We can also create a new key under TimeZoneInformation key and create different values inside it to hide our data (of course we should use misleading names for our values to make discovering our hidden keys more difficult).

1

Figure 1: Adding new key under TimeZoneInformation key to hide different data formats

Permanent link to this article: http://www.darknessgate.com/security-tutorials/date-hiding/hiding-data-in-registry/