• DocumentCode
    3218399
  • Title

    Forensic analysis of encrypted volumes using hibernation file

  • Author

    Mrdovic, Sasa ; Huseinovic, Alvin

  • Author_Institution
    Fac. for Electr. Eng., Univ. of Sarajevo, Sarajevo, Bosnia-Herzegovina
  • fYear
    2011
  • fDate
    22-24 Nov. 2011
  • Firstpage
    1277
  • Lastpage
    1280
  • Abstract
    Nowadays, software tools are commonly used to encrypt data on hard disk. Those tools keep encryption keys in system memory to provide the user easy access to plain text of encrypted files. Key possesion enables data decryption. A procedure that includes usage of hibernation file as a source of memory content is described. Publicly available tools are used to perform the procedure. The procedure is successfully tested on a system that uses current encryption program.
  • Keywords
    computer forensics; private key cryptography; public key cryptography; storage management; data decryption; encryption key; encryption program; forensic analysis; hibernation file; key possesion; memory content; software tool; volume encryption; Availability; Computers; Encryption; Forensics; Hard disks; Random access memory; encrypted storage; encryption keys; hibernation file; live analysis; static analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Telecommunications Forum (TELFOR), 2011 19th
  • Conference_Location
    Belgrade
  • Print_ISBN
    978-1-4577-1499-3
  • Type

    conf

  • DOI
    10.1109/TELFOR.2011.6143785
  • Filename
    6143785
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3218399