Skip to main content
SpringerLink
Log in

Forensic Decryption of FAT BitLocker Volumes

  • Conference paper
  • First Online:
Digital Forensics and Cyber Crime (ICDF2C 2013)

Included in the following conference series:

  • 1381 Accesses

Abstract

New versions of Windows come equipped with mechanisms, such as EFS and BitLocker, which are capable of encrypting data to an industrial standard on a Personal Computer. This creates problems if the computer in question contains electronic evidence. BitLocker, for instance, provides a secure way for an individual to hide the contents of their entire disk, but as with most technologies, there are bound to be weaknesses and threats to the security of the encrypted data. It is conceivable that this technology, while appearing robust and secure, may contain flaws, which would jeopardize the integrity of the whole system. As more people encrypt their hard drives, it will become harder and harder for forensic investigators to recover data from Personal Computers. This paper documents the Bitlocker Drive Encryption System (version 2) in Windows 7. In particular it describes how to forensically decrypt and load a FAT disk or image which is bitlocked, if the keys are provided.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Kumar, N., Kumar, V.: Bitlocker and Windows Vista, May 2008. http://www.nvlabs.in/node/9

  2. Microsoft Corporation. Bitlocker drive encryption technical overview. Technical report, Microsoft Corporation, May 2008. http://technet2microsoft.com/WindowsVista/en/library/ce4d5a2e-59a5-4742-89cc-ef9f5908b4731033.mspx?mfr=true

  3. Kornblum, J.D.: Implementing Bitlocker Drive Encryption For Forensic Analysis, ManTech International Corporation. jessekornblum.com/publications/di09.pdf ‎

  4. Metz, J.: Bitlocker Drive Encryption (BDE) format specification: Analysis of the BitLocker Drive Encryption (BDE) volume

    Google Scholar 

  5. Kornblum, J.D.: Bitlocker To Go, ManTech International Corporation. http://jessekornblum.com/presentations/dodcc10-1.pdf

Download references

Author information

Authors and Affiliations

  1. Centre for Development of Advanced Computing, PO Box 6520, Vellayambalam, Thiruvananthapuram, 695033, Kerala, India

    P. Shabana Subair, C. Balan, S. Dija & K. L. Thomas

Authors
  1. P. Shabana Subair
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. C. Balan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. Dija
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. K. L. Thomas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to C. Balan .

Editor information

Editors and Affiliations

  1. School of Computer Science and Informatics, University College Dublin, Dublin, Ireland

    Pavel Gladyshev

  2. College of Technical Innovation, Zayed University, Dubai, Utd.Arab.Emir.

    Andrew Marrington

  3. Tagliatela College of Engineering, University of New Haven, West Haven, USA

    Ibrahim Baggili

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Shabana Subair, P., Balan, C., Dija, S., Thomas, K.L. (2014). Forensic Decryption of FAT BitLocker Volumes. In: Gladyshev, P., Marrington, A., Baggili, I. (eds) Digital Forensics and Cyber Crime. ICDF2C 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 132. Springer, Cham. https://doi.org/10.1007/978-3-319-14289-0_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-14289-0_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-14288-3

  • Online ISBN: 978-3-319-14289-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation