The presentation walks through various data hiding techniques, demonstrating those that have been used (and continue to be used) since the days of MS-DOS. Other techniques for hiding data are newer, developed more recently as Microsoft has increased the functionality and usability of its products. While some of the techniques will simply hide data from casual users, others can be used to hide data from system administrators and even forensics analysts. Each of these techniques will be covered thoroughly using demonstrations and real world examples. This presentation contains the single most comprehensive treatment of NTFS alternate data streams available to date. Harlan Carveys interest in information security began while he was an officer in the military, during which time he earned his masters degree. After leaving military service, he began working in the field of commercial and government information security consulting, performing vulnerability assessments and penetration tests. While employed at one company, he was the sole developer of a program for collecting security-specific information from Windows NT systems during vulnerability assessments. The purpose of the product was to overcome shortfalls in commercial scanning products and provide more valuable information to the customer. Harlan has also worked in the area of incident response and forensics, performing internal and external investigations as the network security professional for a now-defunct telecommunications firm. He has presented at Usenix, DefCon 9, and Black Hat, and has had articles published in the Information Security Bulletin and on the SecurityFocus web site.