The Method of Decrypting FileVault2 Offline and Applications in Forensics

doi:10.3969/j.issn.1671-1122.2014.09.049

Abstract

Abstract: Apple launched OS X 10.3 (Panther) system, the introduction of a FileVault disk encryption feature. In the latest release of OS X Lion system, the introduction of a new encryption FileVault2. FileVault2 uses full disk, AES-XTS 128 encryption to help keep data secure. Given that most of forensic soft can’t achieve forensics quickly on FileVault2 encrypting disk. This paper first discusser encrypting principles of the FileVault2, then puts the FileVault2 decryption method offline. And on this basis, designs the decrypting FileVault2 tools, which works independent of the operating system on the target data source and able to in the absence of Mac OS system environment through FileVault2 encrypted disk forensics. Practice shows that offline decryption method enriches the evidence items.

Key words: encrypting disk, encrypt, decrypt

LAN Chao-xiang, SHEN Chang-da, QIAN Jing-jie. The Method of Decrypting FileVault2 Offline and Applications in Forensics[J]. 信息网络安全, 2014, 14(9): 211-213.

[1]	FU Zhizhou, WANG Liming, TANG Ding, ZHANG Shuguang. HBase Secondary Ciphertext Indexing Method Based on Homomorphic Encryption [J]. Netinfo Security, 2020, 20(4): 55-64.
[2]	ZHOU Quan, YANG Ningbin, XU Shumei. Fault - tolerant and Verifiable Public Key Searchable Encryption Scheme Based on FBDH Algorithm [J]. Netinfo Security, 2020, 20(3): 29-35.
[3]	ZHANG Yi, LIU Hongyan, XIAN Hequn, TIAN Chengliang. A Cloud Storage Encrypted Data Deduplication Method Based on Authorization Records [J]. Netinfo Security, 2020, 20(3): 75-82.
[4]	LIU Peng, HE Qian, LIU Wangyang, CHENG Xu. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption [J]. Netinfo Security, 2020, 20(3): 90-97.
[5]	TANG Chunming, LIN Xuhui. Protocol of Privacy-preserving Set Intersection Computation [J]. Netinfo Security, 2020, 20(1): 9-15.
[6]	XU Shengwei, WANG Feijie. Attribute-based Encryption Scheme Traced Under Multi-authority [J]. Netinfo Security, 2020, 20(1): 33-39.
[7]	WANG Jinmiao, WANG Guowei, WANG Mei, ZHU Ruijin. Achieving Privacy Preserving and Flexible Access Control in Fog Computing [J]. Netinfo Security, 2019, 19(9): 41-45.
[8]	WANG Shengyu, WANG Jinmiao, DONG Qingfeng, ZHU Ruijin. A Survey of Attribute-based Encryption Technology [J]. Netinfo Security, 2019, 19(9): 76-80.
[9]	LIU Jianhua, ZHENG Xiaokun, ZHENG Dong, AO Zhangheng. Secure Attribute Based Encryption Enabled Cloud Storage System with Ciphertext Search [J]. Netinfo Security, 2019, 19(7): 50-58.
[10]	QIN Zhongyuan, HAN Yin, ZHANG Qunfang, ZHU Xuejin. An Improved Scheme of Multi-PKG Cloud Storage Access Control [J]. Netinfo Security, 2019, 19(6): 11-18.
[11]	LIU Wenchao, PAN Feng, YANG Xiaoyuan, ZHOU Tanping. Debug and Analysis of Fully Homomorphic Encryption Library Based on GPU [J]. Netinfo Security, 2019, 19(6): 76-83.
[12]	YAN Xixi, ZHANG Qichao, TANG Yongli, HUANG Qinlong. Ciphertext Policy Attribute-based Encryption Scheme Supporting Traitor Tracing [J]. 信息网络安全, 2019, 19(5): 47-53.
[13]	CHEN Liangchen, GAO Shu, LIU Baoxu, LU Zhigang. Research Status and Development Trends on Network Encrypted Traffic Identification [J]. 信息网络安全, 2019, 19(3): 19-25.
[14]	ZHANG Yulei, LIU Xiangzhen, LANG Xiaoli, WANG Caifen. Certificateless Multi-server Searchable Encryption Scheme in Cloud Environment [J]. 信息网络安全, 2019, 19(3): 72-80.
[15]	GUO Yajun, PU Dongqi. Privacy Data Protection Based on the Honey Encryption [J]. Netinfo Security, 2019, 19(12): 38-46.

The Method of Decrypting FileVault2 Offline and Applications in Forensics

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments