We describe how container files in Portable Document Format (PDF) can be modified to inject modifiable pads for use in a steganographic file system. This produces a footprint that is less conspicuous than a randomized disk volume or disk image file. The PDF standard can be exploited to inject a modifiable segment into a file, without affecting the file’s interpretation or validity; these can be disguised as high-entropy segments that commonly occur in PDF files. We show two methods of achieving this embedding.
Scott Craver, Enshirah Altarawneh, "Nondestructive ciphertext injection in document files" in Proc. IS&T Int’l. Symp. on Electronic Imaging: Media Watermarking, Security, and Forensics, 2019, pp 541-1 - 541-9, https://doi.org/10.2352/ISSN.2470-1173.2019.5.MWSF-541