The growing impact of full disk encryption on digital forensics

Stellatos, Gerasimos

doi:10.1016/j.diin.2011.09.005

Titre

The growing impact of full disk encryption on digital forensics

Type

article

Institution

Externe

Périodique

Digital Investigation

Auteur(s)

Casey, Eoghan

Auteure/Auteur

Fellows, Geoff

Auteure/Auteur

Geiger, Matthew

Auteure/Auteur

Stellatos, Gerasimos

Auteure/Auteur

Liens vers les personnes

Casey, Eoghan

ISSN

1742-2876

Statut éditorial

Publié

Date de publication

2011

Volume

8

Numéro

2

Première page

129

Dernière page/numéro d’article

134

Langue

anglais

Résumé

The increasing use of full disk encryption (FDE) can significantly hamper digital investigations, potentially preventing access to all digital evidence in a case. The practice of shutting down an evidential computer is not an acceptable technique when dealing with FDE or even volume encryption because it may result in all data on the device being rendered inaccessible for forensic examination. To address this challenge, there is a pressing need for more effective on-scene capabilities to detect and preserve encryption prior to pulling the plug. In addition, to give digital investigators the best chance of obtaining decrypted data in the field, prosecutors need to prepare search warrants with FDE in mind. This paper describes how FDE has hampered past investigations, and how circumventing FDE has benefited certain cases. This paper goes on to provide guidance for gathering items at the crime scene that may be useful for accessing encrypted data, and for performing on-scene forensic acquisitions of live computer systems. These measures increase the chances of acquiring digital evidence in an unencrypted state or capturing an encryption key or passphrase. Some implications for drafting and executing search warrants to dealing with FDE are discussed.

Sujets

Digital forensics, Fu...

PID Serval

serval:BIB_52974E4C51C4

DOI

10.1016/j.diin.2011.09.005

Permalien

https://iris.unil.ch/handle/iris/93970

URL éditeur

http://www.sciencedirect.com/science/article/pii/S1742287611000727

Date de création

2019-01-16T20:48:45.986Z

Date de création dans IRIS

2025-05-20T18:04:15Z

Fichier(s)

Nom

1-s2.0-S1742287611000727-main.pdf

Version du manuscrit

published

Taille

1.06 MB

Format

Adobe PDF

PID Serval

serval:BIB_52974E4C51C4.P001

Somme de contrôle

(MD5):0a67da02480af92ccd2cf0e43d68c417