Shufflecake on Linux: what deniable, multi-layer volumes mean for DFIR
Shufflecake implements plausible deniability on Linux by scattering several independently-keyed volumes across what looks like random free space, making both the existence and the number of volumes hard to prove in deadbox exams. The design ships as a device-mapper target (kernel module) plus a userland CLI, with volumes exposed as virtual block devices under /dev/mapper when opened (Shufflecake project site). The project originated at Kudelski Security and EPFL in November 2022 (Kudelski Security blog), and the research was later peer-reviewed at ACM CCS 2023 (Shufflecake ePrint).