Title :
Forensic Artifacts Left by Virtual Disk Encryption Tools
Author :
Lim, Sungsu ; Park, Jungheum ; Lim, Kyung-soo ; Lee, Changhoon ; Lee, Sangjin
Author_Institution :
Center for Inf. Security Technol. (CIST), Korea Univ., Seoul, South Korea
Abstract :
A virtual disk encryption tool is a privacy protection tool that uses an encryption method by generating virtual disk images. It cannot mount an encrypted virtual disk without any authentication, such as key, passphrase, and etc. Thus, it can be used as an anti- forensic tool that makes difficult to process a digital forensic investigation because the content of the virtual disk cannot be identified without mounting the disk. This study investigates the installation, runtime, and deletion behaviors of virtual disk encryption tools in a Windows XP SP3 environment through experiments. Also, this study organizes the traces related to the tools and the elements that are able to verify the mount of the virtual disk.
Keywords :
computer forensics; cryptography; data privacy; operating systems (computers); virtual storage; Windows XP SP3; anti forensic tool; digital forensic investigation; forensic artifact; privacy protection tool; virtual disk encryption tool; virtual disk images; Digital forensics; Encryption; Monitoring; Prefetching; Public key; Runtime;
Conference_Titel :
Human-Centric Computing (HumanCom), 2010 3rd International Conference on
Conference_Location :
Cebu
Print_ISBN :
978-1-4244-7567-4
DOI :
10.1109/HUMANCOM.2010.5563320
