Towards Enablement Of Efficient Forensics Of Encrypted Storage Devices Such As HDDs and SSDs
DOI:
https://doi.org/10.26438/ijcse/v6i9.467473Keywords:
Attack vector, BitLocker, Decryption, Disk, Encryption, Forensics, Hackers, HDD, Lawful, Malicious, SSD,, VolumeAbstract
Today, encryption is considered as a basic security measure to ensure protection of sensitive data contained within storage devices from external physical threats (such as people on-site) as well as network threats (such as malicious users over the internet or intranet). Today, since encryption techniques are freely and commercially available at ease to computer users all over the world, they have far reaching effects when utilized by malicious users to hide their data for the purpose of avoiding to get caught by lawful authorities. This research work essentially takes the case of encrypted disks/volumes that could cause problems in digital forensic investigations, since they provide criminal suspects with a range of opportunities for deceptive anti-forensics and a countermeasure to legislation written to force suspects to reveal decryption keys. This research work also covers techniques using which decryption keys could be found out so that encrypted data could be obtained in decrypted form to uncover artifacts of evidentiary value. This could also help the lawful authorities to bring cyber-criminals to justice and aid digital forensic analysts with a technique in their hands for retrieving data out of encrypted storage devices especially HDDs and SSDs.
References
Adi Shamir, Nicko van Someren, "Playing Hide and Seek with Stored Keys", Proceeding, FC '99 Proceedings of the Third International Conference on Financial Cryptography, SpringerVerlag , pp.118-124, 1998.
Brian Kaplan, Matthew Geiger, "RAM is Key: Extracting Disk Encryption Keys From Volatile Memory", pp.1-29, 2007.
Eoghan Casey, Gerasimos J. Stellatos, "The Impact of Full Disk Encryption on Digital Forensics", pp.93-98, 2008.
Sarah Lowman, "The Effect of File and Disk Encryption on Computer Forensics", pp.1-14, 2010.
Christopher Hargreaves, Howard Chivers, "Detecting Hidden Encrypted Volumes", IFIP International Conference on Communications and Multimedia Security, pp.233-244, 2010.
Sasa Mrdovic, Alvin Huseinovic, "Forensic Analysis of Encrypted Volumes Using Hibernation File", 19th Telecommunications Forum (TELFOR) Proceedings of Papers, pp.22-24, 2011.
Eoghan Casey, Geoff Fellows, Matthew Geiger, Gerasimos Stellatos, "The growing impact of full disk encryption on digital forensics", DIGITAL INVESTIGATION 8, pp.129-134, 2011.
Adedayo M. Balogun, Shao Ying Zhu, "Privacy Impacts of Data Encryption on the Efficiency of Digital Forensics Technology", International Journal of Advanced Computer Science and Applications (IJACSA), Vol. 4, Issue.5, pp.36-40, 2013.
Mario Piccinelli, Paolo Gubian, "Detecting Hidden Encrypted Volume Files via Statistical Analysis", International Journal of Cyber-Security and Digital Forensics (IJCSDF), Vol. 3, Issue.1, pp.30-37, 2014.
P. Shabana Subair, C. Balan, S. Dija, K.L. Thomas, "Forensic Decryption of FAT BitLocker Volumes", Digital Forensics and Cyber Crime: Fifth International Conference, ICDF2C,pp.17-29, 2014.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
