Security Analysis and Decryption of Filevault 2 - Advances in Digital Forensics IX Access content directly
Conference Papers Year : 2013

Security Analysis and Decryption of Filevault 2

Abstract

This paper describes the first security evaluation of FileVault 2, a volume encryption mechanism that was introduced in Mac OS X 10.7 (Lion). The evaluation results include the identification of the algorithms and data structures needed to successfully read an encrypted volume. Based on the analysis, an open-source tool named libfvde was developed to decrypt and mount volumes encrypted with FileVault 2. The tool can be used to perform forensic investigations on FileVault 2 encrypted volumes. Additionally, the evaluation discovered that part of the user data was left unencrypted; this was subsequently fixed in the CVE-2011-3212 operating system update.
Fichier principal
Vignette du fichier
978-3-642-41148-9_23_Chapter.pdf (1.28 Mo) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01460615 , version 1 (07-02-2017)

Licence

Attribution

Identifiers

Cite

Omar Choudary, Felix Grobert, Joachim Metz. Security Analysis and Decryption of Filevault 2. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. pp.349-363, ⟨10.1007/978-3-642-41148-9_23⟩. ⟨hal-01460615⟩
427 View
3932 Download

Altmetric

Share

Gmail Facebook X LinkedIn More