Abstract
The article describes the theoretical and practical methods for detecting and analyzing hidden volumes created with the use of cryptographic tools. The presented method is based on an analysis of the differences that result from the use of a hidden volume in FAT32 file systems. The method is effective both when the password is known to the host container and in the situations when password is not known. Potential computer forensic application of this methodology varies from standard investigations to advanced analysis of network and in the cloud data storages.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Kornblum, J.D.: Implementing BitLocker Drive Encryption for forensic analysis. Digital Investigation 5(3-4), 75–84 (2009) ISSN 1742-2876
Casey, E.: Practical Approaches to Recovering Encrypted Digital Evidence. International Journal of Digital Evidence 1(3) (Fall 2002)
Altheide, C., Merloni, C., Zanero, S.: A methodology for the repeatable forensic analysis of encrypted drives. In: Proceedings of the 1st European Workshop on System Security, EUROSEC 2008 (2008)
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: Cold boot attacks on encryption keys (February 2008) (submitted for publication)
Liskov, M., Rivest, R., Wagner, D.: Tweakable Block Ciphers. MIT and UC Berkeley (2002)
Security in Storage Working Group of the IEEE Computer Society Committee. IEEE P1619, Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices (2007)
National Institute of Standards and Technology (NIST). NIST Special Publication 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices (January 2010)
Information Technology Laboratory, NIST. FIPS Pub 140-2: Security Requirements For Cryptographic Modules
Kleidermacher, D.: Enhance system security with better data-at-rest encryption. Embeded (March 2012)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1996) ISBN 0-8493-8523-7
Czeskis, A., St. Hilaire, D.J., Koscher, K., Gribble, S.D., Kohno, T., Schneier, B.: Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications. In: 3rd Workshop on Hot Topics in Security (2008)
Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable Encryption, Cryptology ePrint Archive, Report 1996/002
Anderson, R., Needham, R., Shamir, A.: The steganographic file system. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 73–82. Springer, Heidelberg (1998)
Jozwiak, I., Kedziora, M., Melinska, A.: Theoretical and practical aspects of encrypted containers detection - digital forensics approach. In: Zamojski, W., Kacprzyk, J., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds.) Dependable Computer Systems. AISC, vol. 97, pp. 75–85. Springer, Heidelberg (2011)
Walker, J.: Introduction to Probability and Statistics, A Pseudorandom Number Sequence Test Program. Fourmilab (January 28, 2008)
Fragkos, G., Tryfonas, T.: A cognitive Model for the Forensic Recovery of End User Passwords. Digital Forensics and Incident Analysis, 48–54 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Jóźwiak, I., Kędziora, M., Melińska, A. (2013). Methods for Detecting and Analyzing Hidden FAT32 Volumes Created with the Use of Cryptographic Tools. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) New Results in Dependability and Computer Systems. Advances in Intelligent Systems and Computing, vol 224. Springer, Heidelberg. https://doi.org/10.1007/978-3-319-00945-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-00945-2_21
Publisher Name: Springer, Heidelberg
Print ISBN: 978-3-319-00944-5
Online ISBN: 978-3-319-00945-2
eBook Packages: Chemistry and Materials ScienceChemistry and Material Science (R0)