Skip to Main content Skip to Navigation
Conference papers

Security Analysis and Decryption of Filevault 2

Abstract : This paper describes the first security evaluation of FileVault 2, a volume encryption mechanism that was introduced in Mac OS X 10.7 (Lion). The evaluation results include the identification of the algorithms and data structures needed to successfully read an encrypted volume. Based on the analysis, an open-source tool named libfvde was developed to decrypt and mount volumes encrypted with FileVault 2. The tool can be used to perform forensic investigations on FileVault 2 encrypted volumes. Additionally, the evaluation discovered that part of the user data was left unencrypted; this was subsequently fixed in the CVE-2011-3212 operating system update.
Complete list of metadatas

Cited literature [19 references]  Display  Hide  Download

https://hal.inria.fr/hal-01460615
Contributor : Hal Ifip <>
Submitted on : Tuesday, February 7, 2017 - 5:26:10 PM
Last modification on : Thursday, March 5, 2020 - 4:46:39 PM
Document(s) archivé(s) le : Monday, May 8, 2017 - 2:55:52 PM

File

978-3-642-41148-9_23_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Omar Choudary, Felix Grobert, Joachim Metz. Security Analysis and Decryption of Filevault 2. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. pp.349-363, ⟨10.1007/978-3-642-41148-9_23⟩. ⟨hal-01460615⟩

Share

Metrics

Record views

416

Files downloads

3726