Open Access   Article Go Back

Towards Enablement Of Efficient Forensics Of Encrypted Storage Devices Such As HDDs and SSDs

Jay Parag Mehta1 , Digvijaysinh Rathod2

Section:Review Paper, Product Type: Journal Paper
Volume-6 , Issue-9 , Page no. 467-473, Sep-2018

CrossRef-DOI:   https://doi.org/10.26438/ijcse/v6i9.467473

Online published on Sep 30, 2018

Copyright © Jay Parag Mehta, Digvijaysinh Rathod . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

View this paper at   Google Scholar | DPI Digital Library

XML View
PDF Download

How to Cite this Paper

  • IEEE Citation
  • MLA Citation
  • APA Citation
  • BibTex Citation
  • RIS Citation

IEEE Style Citation: Jay Parag Mehta, Digvijaysinh Rathod, “Towards Enablement Of Efficient Forensics Of Encrypted Storage Devices Such As HDDs and SSDs,” International Journal of Computer Sciences and Engineering, Vol.6, Issue.9, pp.467-473, 2018.

MLA Style Citation: Jay Parag Mehta, Digvijaysinh Rathod "Towards Enablement Of Efficient Forensics Of Encrypted Storage Devices Such As HDDs and SSDs." International Journal of Computer Sciences and Engineering 6.9 (2018): 467-473.

APA Style Citation: Jay Parag Mehta, Digvijaysinh Rathod, (2018). Towards Enablement Of Efficient Forensics Of Encrypted Storage Devices Such As HDDs and SSDs. International Journal of Computer Sciences and Engineering, 6(9), 467-473.

BibTex Style Citation:
@article{Mehta_2018,
author = {Jay Parag Mehta, Digvijaysinh Rathod},
title = {Towards Enablement Of Efficient Forensics Of Encrypted Storage Devices Such As HDDs and SSDs},
journal = {International Journal of Computer Sciences and Engineering},
issue_date = {9 2018},
volume = {6},
Issue = {9},
month = {9},
year = {2018},
issn = {2347-2693},
pages = {467-473},
url = {https://www.ijcseonline.org/full_paper_view.php?paper_id=2893},
doi = {https://doi.org/10.26438/ijcse/v6i9.467473}
publisher = {IJCSE, Indore, INDIA},
}

RIS Style Citation:
TY - JOUR
DO = {https://doi.org/10.26438/ijcse/v6i9.467473}
UR - https://www.ijcseonline.org/full_paper_view.php?paper_id=2893
TI - Towards Enablement Of Efficient Forensics Of Encrypted Storage Devices Such As HDDs and SSDs
T2 - International Journal of Computer Sciences and Engineering
AU - Jay Parag Mehta, Digvijaysinh Rathod
PY - 2018
DA - 2018/09/30
PB - IJCSE, Indore, INDIA
SP - 467-473
IS - 9
VL - 6
SN - 2347-2693
ER -

VIEWS PDF XML
469 238 downloads 166 downloads
  
  
           

Abstract

Today, encryption is considered as a basic security measure to ensure protection of sensitive data contained within storage devices from external physical threats (such as people on-site) as well as network threats (such as malicious users over the internet or intranet). Today, since encryption techniques are freely and commercially available at ease to computer users all over the world, they have far reaching effects when utilized by malicious users to hide their data for the purpose of avoiding to get caught by lawful authorities. This research work essentially takes the case of encrypted disks/volumes that could cause problems in digital forensic investigations, since they provide criminal suspects with a range of opportunities for deceptive anti-forensics and a countermeasure to legislation written to force suspects to reveal decryption keys. This research work also covers techniques using which decryption keys could be found out so that encrypted data could be obtained in decrypted form to uncover artifacts of evidentiary value. This could also help the lawful authorities to bring cyber-criminals to justice and aid digital forensic analysts with a technique in their hands for retrieving data out of encrypted storage devices especially HDDs and SSDs.

Key-Words / Index Term

Attack vector, BitLocker, Decryption, Disk, Encryption, Forensics, Hackers, HDD, Lawful, Malicious, SSD, Volume

References

[1] Adi Shamir, Nicko van Someren, "Playing Hide and Seek with Stored Keys", Proceeding, FC `99 Proceedings of the Third International Conference on Financial Cryptography, Springer-Verlag , pp.118-124, 1998.
[2] Brian Kaplan, Matthew Geiger, "RAM is Key: Extracting Disk Encryption Keys From Volatile Memory", pp.1-29, 2007.
[3] Eoghan Casey, Gerasimos J. Stellatos, "The Impact of Full Disk Encryption on Digital Forensics", pp.93-98, 2008.
[4] Sarah Lowman, "The Effect of File and Disk Encryption on Computer Forensics", pp.1-14, 2010.
[5] Christopher Hargreaves, Howard Chivers, "Detecting Hidden Encrypted Volumes", IFIP International Conference on Communications and Multimedia Security, pp.233-244, 2010.
[6] Sasa Mrdovic, Alvin Huseinovic, "Forensic Analysis of Encrypted Volumes Using Hibernation File", 19th Telecommunications Forum (TELFOR) Proceedings of Papers, pp.22-24, 2011.
[7] Eoghan Casey, Geoff Fellows, Matthew Geiger, Gerasimos Stellatos, "The growing impact of full disk encryption on digital forensics", DIGITAL INVESTIGATION 8, pp.129-134, 2011.
[8] Adedayo M. Balogun, Shao Ying Zhu, "Privacy Impacts of Data Encryption on the Efficiency of Digital Forensics Technology", International Journal of Advanced Computer Science and Applications (IJACSA), Vol. 4, Issue.5, pp.36-40, 2013.
[9] Mario Piccinelli, Paolo Gubian, "Detecting Hidden Encrypted Volume Files via Statistical Analysis", International Journal of Cyber-Security and Digital Forensics (IJCSDF), Vol. 3, Issue.1, pp.30-37, 2014.
[10] P. Shabana Subair, C. Balan, S. Dija, K.L. Thomas, "Forensic Decryption of FAT BitLocker Volumes", Digital Forensics and Cyber Crime: Fifth International Conference, ICDF2C,pp.17-29, 2014.