E. Casey, Practical Approaches to Recovering Encrypted Digital Evidence, International Journal for Digital Evidence, vol.1, 2002.

H. B. Wolfe, Encountering Encrypted Evidence (Potential), Proceedings of the 4th Conference on Information Technology Curriculum, 2002.

H. Wolfe, Encountering encryption, Computers & Security, vol.22, issue.5, pp.388-391, 2003.
DOI : 10.1016/S0167-4048(03)00504-2

H. Wolfe, Penetrating encrypted evidence, Digital Investigation, vol.1, issue.2, pp.102-105, 2004.
DOI : 10.1016/j.diin.2004.04.002

A. Czeskis, D. J. Hilaire, K. Koscher, S. D. Gribble, T. Kohno et al., Defeating encrypted and deniable file systems: TrueCrypt v5, 2008.

J. P. Craiger, M. Pollitt, and J. Swauger, Law Enforcement and Digital EvidenceMicrosoft: Learn about the features: Shadow Copy, 2005.

D. Titheridge, Microsoft Windows Vista Registry, MSc. Cranfield University, 2009.

B. Carrier, File System Forensic Analysis, 2005.

T. Sammes and B. Jenkinson, Forensic Computing: A Practitioners GuideMicrosoft: Default cluster size for NTFS, FAT, and exFAT http, p.140365, 2007.

C. Hargreaves and H. Chivers, Recovery of Encryption Keys from Memory Using a Linear Scan. The International Workshop on Digital Forensics, 2008.