CFP last date
20 January 2025
Reseach Article

Forensic Recovery of Fully Encrypted Volume

by Saravanan M, Mukesh Krishnan M B
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 91 - Number 7
Year of Publication: 2014
Authors: Saravanan M, Mukesh Krishnan M B
10.5120/15892-4896

Saravanan M, Mukesh Krishnan M B . Forensic Recovery of Fully Encrypted Volume. International Journal of Computer Applications. 91, 7 ( April 2014), 18-21. DOI=10.5120/15892-4896

@article{ 10.5120/15892-4896,
author = { Saravanan M, Mukesh Krishnan M B },
title = { Forensic Recovery of Fully Encrypted Volume },
journal = { International Journal of Computer Applications },
issue_date = { April 2014 },
volume = { 91 },
number = { 7 },
month = { April },
year = { 2014 },
issn = { 0975-8887 },
pages = { 18-21 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume91/number7/15892-4896/ },
doi = { 10.5120/15892-4896 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:12:08.280557+05:30
%A Saravanan M
%A Mukesh Krishnan M B
%T Forensic Recovery of Fully Encrypted Volume
%J International Journal of Computer Applications
%@ 0975-8887
%V 91
%N 7
%P 18-21
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

This paper is aimed at analyzing the efficiency of decrypting the bit locked volumes in PIN only mode. Based on the findings this paper considers the issue of decrypting the bit locked volumes in PIN only mode. The main drawback of the full volume encryption application is that it leaves several copies of the key used for encrypting the drive in the physical memory. This paper deals with the recovery of encryption key from the physical memory in case of live system. It also suggests offline methods for collecting the cryptographic keys required for decrypting the volume.

References
  1. Microsoft Corporation. Bit locker drive encryption technical overview. Technical report, Microsoft Corporation, May 2008. http://technet2microsoft. com/WindowsVista/en/library/ce4d5a2e-59a5-4742-89cc-ef9f5908b4731033. mspx?mfr=true.
  2. Microsoft Corporation. Protect Key with Numerical Password Method of the Win32 Encryptable Volume Class, February 2008. http://msdn. microsoft. com/enus/library/aa376467(VS. 85). aspx.
  3. Niels Ferguson. AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista. Technical report, Microsoft Corporation, Septem-ber 2006.
  4. . J. H. Choi, K. G. Lee, J. Park, C. Lee, and S. Lee, "Analysis framework to detect artifacts of portable web browser," Center for Information Security Technologies, 2012.
  5. Microsoft System Integrity Team. Bit locker recovery password details, August 2006. http://blogs. msdn. com/siteam/archive/2006
  6. Microsoft System Integrity Team. De-tecting bit locker, October 2006. http: //blogs. msdn. com/si team/archive/2006/10/26/detecting-bitlocker. aspx.
  7. Nitin Kumar and Vipin Kumar. Bit locker and Windows Vista, May 2008. http://www. nvlabs. In/node/9.
  8. ManTech International Corporation. ManTech Memory DD, 1. 3 editions, August 2008. http: //mdd. sf. net/.
  9. Microsoft Corporation. Bit Locker FIPS Security Policy, 2007. http://csrc. nist. gov/groups/14 STM/cmvp/documents/140-1/140sp/140p947. pdf.
Index Terms

Computer Science
Information Sciences

Keywords

Bit locker Physical memory forensics Password Meta data Brute Force.