While reading through Harlan Carvey’s slides from PFIC 2011 about Introduction to Windows Forensics, I came across a term File System Tunnelling. A quick Google search directed me to Raymond Chen’s blog post titled The apocryphal history of file system tunnelling.
As I started reading, I immediately realised that I have heard about this concept before but up until then I didn’t know what it was. Without spoiling it for you, I won’t tell you exactly what it says, but I really liked the analogy of quantum mechanics and how the process of “short name saving” works.
Cutting long story short, even if you know what File System Tunnelling is but you don’t know what I’m talking about, go and give it a read!