Security Analysis and Decryption of Filevault 2

Abstract : This paper describes the first security evaluation of FileVault 2, a volume encryption mechanism that was introduced in Mac OS X 10.7 (Lion). The evaluation results include the identification of the algorithms and data structures needed to successfully read an encrypted volume. Based on the analysis, an open-source tool named libfvde was developed to decrypt and mount volumes encrypted with FileVault 2. The tool can be used to perform forensic investigations on FileVault 2 encrypted volumes. Additionally, the evaluation discovered that part of the user data was left unencrypted; this was subsequently fixed in the CVE-2011-3212 operating system update.
Type de document :
Communication dans un congrès
Gilbert Peterson; Sujeet Shenoi. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-410, pp.349-363, 2013, Advances in Digital Forensics IX. 〈10.1007/978-3-642-41148-9_23〉
Liste complète des métadonnées

Littérature citée [19 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01460615
Contributeur : Hal Ifip <>
Soumis le : mardi 7 février 2017 - 17:26:10
Dernière modification le : vendredi 1 décembre 2017 - 01:16:43
Document(s) archivé(s) le : lundi 8 mai 2017 - 14:55:52

Fichier

978-3-642-41148-9_23_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Omar Choudary, Felix Grobert, Joachim Metz. Security Analysis and Decryption of Filevault 2. Gilbert Peterson; Sujeet Shenoi. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-410, pp.349-363, 2013, Advances in Digital Forensics IX. 〈10.1007/978-3-642-41148-9_23〉. 〈hal-01460615〉

Partager

Métriques

Consultations de la notice

86

Téléchargements de fichiers

242