Implementing BitLocker Drive Encryption for forensic analysis
نویسنده
چکیده
This paper documents the BitLocker Drive Encryption system included with some versions of Microsoft’s Windows Vista. In particular it describes the key management system, the algorithms and modes used, and the metadata format. Particular attention is given to methods forensic examiners can use to access protected data. There are some unanswered questions about how the cryptosystem operates, including an undocumented key management decision. This decision could allow, in a particular usage scenario, unauthorized access to a protected volume.
منابع مشابه
Forensic Decryption of FAT BitLocker Volumes
New versions of Windows come equipped with mechanisms, such as EFS and BitLocker, which are capable of encrypting data to an industrial standard on a Personal Computer. This creates problems if the computer in question contains electronic evidence. BitLocker, for instance, provides a secure way for an individual to hide the contents of their entire disk, but as with most technologies, there are...
متن کاملThe Analysis of Windows Vista Disk Encryption Algorithm
Windows Vista Enterprise and Ultimate editions use Bitlocker Drive Encryption as its disk encryption algorithm, and at its heart is the AES-CBC + Elephant diffuser encryption algorithm (ELEPHANT). In this paper we present our analysis of ELEPHANT using statistical tests. Our analysis has explored some weaknesses in its diffusers, thus we propose new diffusers to replace them. The new diffusers ...
متن کاملAttacking the BitLocker Boot Process
We discuss five attack strategies against BitLocker, which target the way BitLocker is using the TPM sealing mechanism. BitLocker is a disk encryption feature included in some versions of Microsoft Windows. It represents a state-of-the-art design, enhanced with TPM support for improved security. We show that, under certain assumptions, a dedicated attacker can circumvent the protection and brea...
متن کاملPreventing the Acquisition of Data from Virtual Machine based Secure Portable Execution Environments
A Virtual Machine (VM) based secure Portable Execution Environment (PEE) provides a safe and secure environment that can be loaded into a host PC and an application executed with a degree of confidence that the application is separated, protected and little or no forensic evidence remains after the application has executed. A VM based secure PEE is characterised as a USB storage device containi...
متن کاملCan SDV Technology be Utilised in a Smartphone to Prevent Forensic Analysis?
Eliminating the opportunities to successfully acquire data from mobile devices is a critical security objective for certain organisations. In particular, Government agencies require assurance that classified data is secured against hostile forensic analysis. The Secure Systems Silicon Data Vault (SDV) is a hardware based data encryption and access control device that has been accredited by the ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Digital Investigation
دوره 5 شماره
صفحات -
تاریخ انتشار 2009