TY - GEN
T1 - Forensic artifacts left by virtual disk encryption tools
AU - Lim, Sungsu
AU - Park, Jungheum
AU - Lim, Kyung Soo
AU - Lee, Changhoon
AU - Lee, Sangjin
PY - 2010
Y1 - 2010
N2 - A virtual disk encryption tool is a privacy protection tool that uses an encryption method by generating virtual disk images. It cannot mount an encrypted virtual disk without any authentication, such as key, passphrase, and etc. Thus, it can be used as an anti- forensic tool that makes difficult to process a digital forensic investigation because the content of the virtual disk cannot be identified without mounting the disk. This study investigates the installation, runtime, and deletion behaviors of virtual disk encryption tools in a Windows XP SP3 environment through experiments. Also, this study organizes the traces related to the tools and the elements that are able to verify the mount of the virtual disk.
AB - A virtual disk encryption tool is a privacy protection tool that uses an encryption method by generating virtual disk images. It cannot mount an encrypted virtual disk without any authentication, such as key, passphrase, and etc. Thus, it can be used as an anti- forensic tool that makes difficult to process a digital forensic investigation because the content of the virtual disk cannot be identified without mounting the disk. This study investigates the installation, runtime, and deletion behaviors of virtual disk encryption tools in a Windows XP SP3 environment through experiments. Also, this study organizes the traces related to the tools and the elements that are able to verify the mount of the virtual disk.
KW - Digital forensics
KW - Forensic artifacts
KW - Virtual disk encryption
UR - http://www.scopus.com/inward/record.url?scp=77958167716&partnerID=8YFLogxK
U2 - 10.1109/HUMANCOM.2010.5563320
DO - 10.1109/HUMANCOM.2010.5563320
M3 - Conference contribution
AN - SCOPUS:77958167716
SN - 9781424475704
T3 - 2010 3rd International Conference on Human-Centric Computing, HumanCom 2010
BT - 2010 3rd International Conference on Human-Centric Computing, HumanCom 2010
T2 - 2010 3rd International Conference on Human-Centric Computing, HumanCom 2010
Y2 - 11 August 2010 through 13 August 2010
ER -