Hard Drives - Host Protected Area (HPA) and Device Configuration Overlay (DCO)

Discussion in 'backup, imaging & disk mgmt' started by TheKid7, Jun 5, 2013.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,576
    Hard Drives - Host Protected Area (HPA) and Device Configuration Overlay (DCO)

    Does anyone know if Malware can hide and be active in either one or both of these areas? It is my understanding that most hard drive wiping tools will not wipe these two areas.

    Thanks in Advance.
     
    TheKid7, Jun 5, 2013
    #1
  2. Jim1cor13

    Jim1cor13 Registered Member

    Joined:
    Aug 4, 2012
    Posts:
    545
    Location:
    US
    Hi TheKid7 :)

    Perhaps this older wilders post will offer some insight:
    https://www.wilderssecurity.com/showthread.php?t=194590

    It contains some good reference material and I think may help address your question/concern regarding the HPA/DCO.

    Also here from the above forum link: http://en.wikipedia.org/wiki/Host_Protected_Area

    It comments further in the article from Wikipedia: "Some rootkits hide in the HPA to avoid being detected by anti-rootkit and antivirus software."

    It also gives reference to the book 'The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System' written by Bill Blunden.

    I hope this helps in some way. Have a good day TK7 :)

    Jim
     
    Jim1cor13, Jun 6, 2013
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...