Security Analysis and Decryption of Filevault 2 - Advances in Digital Forensics IX Access content directly
Conference Papers Year : 2013

Security Analysis and Decryption of Filevault 2


This paper describes the first security evaluation of FileVault 2, a volume encryption mechanism that was introduced in Mac OS X 10.7 (Lion). The evaluation results include the identification of the algorithms and data structures needed to successfully read an encrypted volume. Based on the analysis, an open-source tool named libfvde was developed to decrypt and mount volumes encrypted with FileVault 2. The tool can be used to perform forensic investigations on FileVault 2 encrypted volumes. Additionally, the evaluation discovered that part of the user data was left unencrypted; this was subsequently fixed in the CVE-2011-3212 operating system update.
Fichier principal
Vignette du fichier
978-3-642-41148-9_23_Chapter.pdf (1.28 Mo) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-01460615 , version 1 (07-02-2017)




Omar Choudary, Felix Grobert, Joachim Metz. Security Analysis and Decryption of Filevault 2. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. pp.349-363, ⟨10.1007/978-3-642-41148-9_23⟩. ⟨hal-01460615⟩
437 View
4005 Download



Gmail Mastodon Facebook X LinkedIn More