CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Forensic Recovery of Fully Encrypted Volume

by Saravanan M, Mukesh Krishnan M B
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 91 - Number 7
Year of Publication: 2014
Authors: Saravanan M, Mukesh Krishnan M B
10.5120/15892-4896

Saravanan M, Mukesh Krishnan M B . Forensic Recovery of Fully Encrypted Volume. International Journal of Computer Applications. 91, 7 ( April 2014), 18-21. DOI=10.5120/15892-4896

@article{ 10.5120/15892-4896,
author = { Saravanan M, Mukesh Krishnan M B },
title = { Forensic Recovery of Fully Encrypted Volume },
journal = { International Journal of Computer Applications },
issue_date = { April 2014 },
volume = { 91 },
number = { 7 },
month = { April },
year = { 2014 },
issn = { 0975-8887 },
pages = { 18-21 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume91/number7/15892-4896/ },
doi = { 10.5120/15892-4896 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:12:08.280557+05:30
%A Saravanan M
%A Mukesh Krishnan M B
%T Forensic Recovery of Fully Encrypted Volume
%J International Journal of Computer Applications
%@ 0975-8887
%V 91
%N 7
%P 18-21
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

This paper is aimed at analyzing the efficiency of decrypting the bit locked volumes in PIN only mode. Based on the findings this paper considers the issue of decrypting the bit locked volumes in PIN only mode. The main drawback of the full volume encryption application is that it leaves several copies of the key used for encrypting the drive in the physical memory. This paper deals with the recovery of encryption key from the physical memory in case of live system. It also suggests offline methods for collecting the cryptographic keys required for decrypting the volume.

References
  1. Microsoft Corporation. Bit locker drive encryption technical overview. Technical report, Microsoft Corporation, May 2008. http://technet2microsoft. com/WindowsVista/en/library/ce4d5a2e-59a5-4742-89cc-ef9f5908b4731033. mspx?mfr=true.
  2. Microsoft Corporation. Protect Key with Numerical Password Method of the Win32 Encryptable Volume Class, February 2008. http://msdn. microsoft. com/enus/library/aa376467(VS. 85). aspx.
  3. Niels Ferguson. AES-CBC + Elephant diffuser A Disk Encryption Algorithm for Windows Vista. Technical report, Microsoft Corporation, Septem-ber 2006.
  4. . J. H. Choi, K. G. Lee, J. Park, C. Lee, and S. Lee, "Analysis framework to detect artifacts of portable web browser," Center for Information Security Technologies, 2012.
  5. Microsoft System Integrity Team. Bit locker recovery password details, August 2006. http://blogs. msdn. com/siteam/archive/2006
  6. Microsoft System Integrity Team. De-tecting bit locker, October 2006. http: //blogs. msdn. com/si team/archive/2006/10/26/detecting-bitlocker. aspx.
  7. Nitin Kumar and Vipin Kumar. Bit locker and Windows Vista, May 2008. http://www. nvlabs. In/node/9.
  8. ManTech International Corporation. ManTech Memory DD, 1. 3 editions, August 2008. http: //mdd. sf. net/.
  9. Microsoft Corporation. Bit Locker FIPS Security Policy, 2007. http://csrc. nist. gov/groups/14 STM/cmvp/documents/140-1/140sp/140p947. pdf.
Index Terms

Computer Science
Information Sciences

Keywords

Bit locker Physical memory forensics Password Meta data Brute Force.

Powered by PhDFocusTM