Forensic artifacts left by virtual disk encryption tools

Sungsu Lim, Jungheum Park, Kyung Soo Lim, Changhoon Lee, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

A virtual disk encryption tool is a privacy protection tool that uses an encryption method by generating virtual disk images. It cannot mount an encrypted virtual disk without any authentication, such as key, passphrase, and etc. Thus, it can be used as an anti- forensic tool that makes difficult to process a digital forensic investigation because the content of the virtual disk cannot be identified without mounting the disk. This study investigates the installation, runtime, and deletion behaviors of virtual disk encryption tools in a Windows XP SP3 environment through experiments. Also, this study organizes the traces related to the tools and the elements that are able to verify the mount of the virtual disk.

Original languageEnglish
Title of host publication2010 3rd International Conference on Human-Centric Computing, HumanCom 2010
DOIs
Publication statusPublished - 2010 Oct 28
Event2010 3rd International Conference on Human-Centric Computing, HumanCom 2010 - Cebu, Philippines
Duration: 2010 Aug 112010 Aug 13

Other

Other2010 3rd International Conference on Human-Centric Computing, HumanCom 2010
CountryPhilippines
CityCebu
Period10/8/1110/8/13

Fingerprint

Cryptography
Mountings
Authentication
Experiments

Keywords

  • Digital forensics
  • Forensic artifacts
  • Virtual disk encryption

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Human-Computer Interaction
  • Software

Cite this

Lim, S., Park, J., Lim, K. S., Lee, C., & Lee, S. (2010). Forensic artifacts left by virtual disk encryption tools. In 2010 3rd International Conference on Human-Centric Computing, HumanCom 2010 [5563320] https://doi.org/10.1109/HUMANCOM.2010.5563320

Forensic artifacts left by virtual disk encryption tools. / Lim, Sungsu; Park, Jungheum; Lim, Kyung Soo; Lee, Changhoon; Lee, Sangjin.

2010 3rd International Conference on Human-Centric Computing, HumanCom 2010. 2010. 5563320.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lim, S, Park, J, Lim, KS, Lee, C & Lee, S 2010, Forensic artifacts left by virtual disk encryption tools. in 2010 3rd International Conference on Human-Centric Computing, HumanCom 2010., 5563320, 2010 3rd International Conference on Human-Centric Computing, HumanCom 2010, Cebu, Philippines, 10/8/11. https://doi.org/10.1109/HUMANCOM.2010.5563320
Lim S, Park J, Lim KS, Lee C, Lee S. Forensic artifacts left by virtual disk encryption tools. In 2010 3rd International Conference on Human-Centric Computing, HumanCom 2010. 2010. 5563320 https://doi.org/10.1109/HUMANCOM.2010.5563320
Lim, Sungsu ; Park, Jungheum ; Lim, Kyung Soo ; Lee, Changhoon ; Lee, Sangjin. / Forensic artifacts left by virtual disk encryption tools. 2010 3rd International Conference on Human-Centric Computing, HumanCom 2010. 2010.
@inproceedings{5aabd4e9d640427386b375d06f7d2303,
title = "Forensic artifacts left by virtual disk encryption tools",
abstract = "A virtual disk encryption tool is a privacy protection tool that uses an encryption method by generating virtual disk images. It cannot mount an encrypted virtual disk without any authentication, such as key, passphrase, and etc. Thus, it can be used as an anti- forensic tool that makes difficult to process a digital forensic investigation because the content of the virtual disk cannot be identified without mounting the disk. This study investigates the installation, runtime, and deletion behaviors of virtual disk encryption tools in a Windows XP SP3 environment through experiments. Also, this study organizes the traces related to the tools and the elements that are able to verify the mount of the virtual disk.",
keywords = "Digital forensics, Forensic artifacts, Virtual disk encryption",
author = "Sungsu Lim and Jungheum Park and Lim, {Kyung Soo} and Changhoon Lee and Sangjin Lee",
year = "2010",
month = "10",
day = "28",
doi = "10.1109/HUMANCOM.2010.5563320",
language = "English",
isbn = "9781424475704",
booktitle = "2010 3rd International Conference on Human-Centric Computing, HumanCom 2010",

}

TY - GEN

T1 - Forensic artifacts left by virtual disk encryption tools

AU - Lim, Sungsu

AU - Park, Jungheum

AU - Lim, Kyung Soo

AU - Lee, Changhoon

AU - Lee, Sangjin

PY - 2010/10/28

Y1 - 2010/10/28

N2 - A virtual disk encryption tool is a privacy protection tool that uses an encryption method by generating virtual disk images. It cannot mount an encrypted virtual disk without any authentication, such as key, passphrase, and etc. Thus, it can be used as an anti- forensic tool that makes difficult to process a digital forensic investigation because the content of the virtual disk cannot be identified without mounting the disk. This study investigates the installation, runtime, and deletion behaviors of virtual disk encryption tools in a Windows XP SP3 environment through experiments. Also, this study organizes the traces related to the tools and the elements that are able to verify the mount of the virtual disk.

AB - A virtual disk encryption tool is a privacy protection tool that uses an encryption method by generating virtual disk images. It cannot mount an encrypted virtual disk without any authentication, such as key, passphrase, and etc. Thus, it can be used as an anti- forensic tool that makes difficult to process a digital forensic investigation because the content of the virtual disk cannot be identified without mounting the disk. This study investigates the installation, runtime, and deletion behaviors of virtual disk encryption tools in a Windows XP SP3 environment through experiments. Also, this study organizes the traces related to the tools and the elements that are able to verify the mount of the virtual disk.

KW - Digital forensics

KW - Forensic artifacts

KW - Virtual disk encryption

UR - http://www.scopus.com/inward/record.url?scp=77958167716&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77958167716&partnerID=8YFLogxK

U2 - 10.1109/HUMANCOM.2010.5563320

DO - 10.1109/HUMANCOM.2010.5563320

M3 - Conference contribution

AN - SCOPUS:77958167716

SN - 9781424475704

BT - 2010 3rd International Conference on Human-Centric Computing, HumanCom 2010

ER -