Computer and Intrusion Forensics
Computer and Intrusion Forensics
Forensic Discovery
File System Forensic Analysis
Computer Forensics: Computer Crime Scene Investigation (Networking Series) (Networking Series)
Computer Forensics: Computer Crime Scene Investigation (Networking Series) (Networking Series)
Real Digital Forensics: Computer Security and Incident Response
Real Digital Forensics: Computer Security and Incident Response
Risks of live digital forensic analysis
Communications of the ACM - Next-generation cyber forensics
Live forensics: diagnosing your system without killing it first
Communications of the ACM - Next-generation cyber forensics
Next-generation digital forensics
Communications of the ACM - Next-generation cyber forensics
The advent of trusted computing: implications for digital forensics
Proceedings of the 2006 ACM symposium on Applied computing
Is the Open Way a Better Way? Digital Forensics Using Open Source Tools
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Augmenting password recovery with online profiling
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
In this paper we propose a sound methodology to perform the forensic analysis of hard disks protected with whole-disk encryption software, supposing to be in possession of the appropriate encryption keys. We demonstrate how to create a forensically sound clone-copy of the seized media, and how to access the information contained in the media in a repeatable way, minimizing the usage of unverified and proprietary software. We discuss the impact of such encryption solutions on the capability of forensic analysis software to reconstruct deleted files. We propose and perform scientific tests for validating each step of our proposed procedure.