Forensic artifacts left by virtual disk encryption tools

Sungsu Lim, Jungheum Park, Kyung Soo Lim, Changhoon Lee, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

A virtual disk encryption tool is a privacy protection tool that uses an encryption method by generating virtual disk images. It cannot mount an encrypted virtual disk without any authentication, such as key, passphrase, and etc. Thus, it can be used as an anti- forensic tool that makes difficult to process a digital forensic investigation because the content of the virtual disk cannot be identified without mounting the disk. This study investigates the installation, runtime, and deletion behaviors of virtual disk encryption tools in a Windows XP SP3 environment through experiments. Also, this study organizes the traces related to the tools and the elements that are able to verify the mount of the virtual disk.

Original languageEnglish
Title of host publication2010 3rd International Conference on Human-Centric Computing, HumanCom 2010
DOIs
Publication statusPublished - 2010
Event2010 3rd International Conference on Human-Centric Computing, HumanCom 2010 - Cebu, Philippines
Duration: 2010 Aug 112010 Aug 13

Publication series

Name2010 3rd International Conference on Human-Centric Computing, HumanCom 2010

Other

Other2010 3rd International Conference on Human-Centric Computing, HumanCom 2010
Country/TerritoryPhilippines
CityCebu
Period10/8/1110/8/13

Keywords

  • Digital forensics
  • Forensic artifacts
  • Virtual disk encryption

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Human-Computer Interaction
  • Software

Fingerprint

Dive into the research topics of 'Forensic artifacts left by virtual disk encryption tools'. Together they form a unique fingerprint.

Cite this