Skip to Main content Skip to Navigation
New interface
Conference papers

Security Analysis and Decryption of Filevault 2

Abstract : This paper describes the first security evaluation of FileVault 2, a volume encryption mechanism that was introduced in Mac OS X 10.7 (Lion). The evaluation results include the identification of the algorithms and data structures needed to successfully read an encrypted volume. Based on the analysis, an open-source tool named libfvde was developed to decrypt and mount volumes encrypted with FileVault 2. The tool can be used to perform forensic investigations on FileVault 2 encrypted volumes. Additionally, the evaluation discovered that part of the user data was left unencrypted; this was subsequently fixed in the CVE-2011-3212 operating system update.
Document type :
Conference papers
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, February 7, 2017 - 5:26:10 PM
Last modification on : Thursday, March 5, 2020 - 4:46:39 PM
Long-term archiving on: : Monday, May 8, 2017 - 2:55:52 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Omar Choudary, Felix Grobert, Joachim Metz. Security Analysis and Decryption of Filevault 2. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. pp.349-363, ⟨10.1007/978-3-642-41148-9_23⟩. ⟨hal-01460615⟩



Record views


Files downloads