Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EUROSEC
2008
ACM
2008
ACM
A methodology for the repeatable forensic analysis of encrypted drives
In this paper we propose a sound methodology to perform the forensic analysis of hard disks protected with whole-disk encryption software, supposing to be in possession of the appropriate encryption keys. We demonstrate how to create a forensically sound clone-copy of the seized media, and how to access the information contained in the media in a repeatable way, minimizing the usage of unverified and proprietary software. We discuss the impact of such encryption solutions on the capability of forensic analysis software to reconstruct deleted files. We propose and perform scientific tests for validating each step of our proposed procedure. Categories and Subject Descriptors K.5.m [Legal Aspects of Computing]: Miscellaneous-computer forensics; K.6.5 [Management of Computing and Information Systems]: Security and Protection-Unauthorized access (e.g., hacking, phreaking); E.5 [Files]: [Organization/structure] General Terms Documentation, Experimentation, Legal Aspects Keywords Computer fo...
Real-time TrafficAppropriate Encryption Keys | EUROSEC 2008 | Forensic Analysis | Security Privacy | Whole-disk Encryption Software |
| Added | 19 Oct 2010 |
| Updated | 19 Oct 2010 |
| Type | Conference |
| Year | 2008 |
| Where | EUROSEC |
| Authors | Cory Altheide, Claudio Merloni, Stefano Zanero |
Comments (0)
Researcher Info
|
