Abstract
New versions of Windows come equipped with mechanisms, such as EFS and BitLocker, which are capable of encrypting data to an industrial standard on a Personal Computer. This creates problems if the computer in question contains electronic evidence. BitLocker, for instance, provides a secure way for an individual to hide the contents of their entire disk, but as with most technologies, there are bound to be weaknesses and threats to the security of the encrypted data. It is conceivable that this technology, while appearing robust and secure, may contain flaws, which would jeopardize the integrity of the whole system. As more people encrypt their hard drives, it will become harder and harder for forensic investigators to recover data from Personal Computers. This paper documents the Bitlocker Drive Encryption System (version 2) in Windows 7. In particular it describes how to forensically decrypt and load a FAT disk or image which is bitlocked, if the keys are provided.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kumar, N., Kumar, V.: Bitlocker and Windows Vista, May 2008. http://www.nvlabs.in/node/9
Microsoft Corporation. Bitlocker drive encryption technical overview. Technical report, Microsoft Corporation, May 2008. http://technet2microsoft.com/WindowsVista/en/library/ce4d5a2e-59a5-4742-89cc-ef9f5908b4731033.mspx?mfr=true
Kornblum, J.D.: Implementing Bitlocker Drive Encryption For Forensic Analysis, ManTech International Corporation. jessekornblum.com/publications/di09.pdf ‎
Metz, J.: Bitlocker Drive Encryption (BDE) format specification: Analysis of the BitLocker Drive Encryption (BDE) volume
Kornblum, J.D.: Bitlocker To Go, ManTech International Corporation. http://jessekornblum.com/presentations/dodcc10-1.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Shabana Subair, P., Balan, C., Dija, S., Thomas, K.L. (2014). Forensic Decryption of FAT BitLocker Volumes. In: Gladyshev, P., Marrington, A., Baggili, I. (eds) Digital Forensics and Cyber Crime. ICDF2C 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 132. Springer, Cham. https://doi.org/10.1007/978-3-319-14289-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-14289-0_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-14288-3
Online ISBN: 978-3-319-14289-0
eBook Packages: Computer ScienceComputer Science (R0)