Title :
Forensic analysis of encrypted volumes using hibernation file
Author :
Mrdovic, Sasa ; Huseinovic, Alvin
Author_Institution :
Fac. for Electr. Eng., Univ. of Sarajevo, Sarajevo, Bosnia-Herzegovina
Abstract :
Nowadays, software tools are commonly used to encrypt data on hard disk. Those tools keep encryption keys in system memory to provide the user easy access to plain text of encrypted files. Key possesion enables data decryption. A procedure that includes usage of hibernation file as a source of memory content is described. Publicly available tools are used to perform the procedure. The procedure is successfully tested on a system that uses current encryption program.
Keywords :
computer forensics; private key cryptography; public key cryptography; storage management; data decryption; encryption key; encryption program; forensic analysis; hibernation file; key possesion; memory content; software tool; volume encryption; Availability; Computers; Encryption; Forensics; Hard disks; Random access memory; encrypted storage; encryption keys; hibernation file; live analysis; static analysis;
Conference_Titel :
Telecommunications Forum (TELFOR), 2011 19th
Conference_Location :
Belgrade
Print_ISBN :
978-1-4577-1499-3
DOI :
10.1109/TELFOR.2011.6143785
