A comparison of encryption tools for disk data storage from digital forensics point of view

  • Vitor Hugo Galhardo Moia UNICAMP
  • Marco Aurélio A. Henriques UNICAMP

Resumo


A closer look from a digital forensics point of view may help us to find and understand vulnerabilities in cryptographic tools to determine which ones are the safest and provide the best features. In this paper, we analyze different ways of using cryptography to protect data on hard drives, discuss some vulnerabilities and present particular features of disk encryption tools. Then we analyze the security of some tools according to a set of criteria and evaluate the level of expertise required to use them. We conclude that the encryption subject impacts the scope of tools' vulnerabilities and full disk encryption is the safest and easiest option. Moreover, we highlight some free and easy to use tools that can protect users data properly if basic precautions are taken.

Referências

Apple (2011). Use FileVault to encrypt the startup disk on your Mac. https://support.apple.com/en-us/HT204837. Accessed 2016 jun 07.

Aviram, N., Schinzel, et al. (2016). Drown: Breaking TLS using SSLv2. https://drownattack.com/drown-attack-paper.pdf. Accessed 2016 jun 07.

AxCrypt (2001). AxCrypt. http://www.axcrypt.net/. Accessed 2016 jun 07.

Balogh, ? S. and Pondelik, M. (2011). Capturing encryption keys for digital analysis. In IDAACS, 2011 IEEE 6th International Conf. on, volume 2, pages 759–763. IEEE.

C., S. (2010). Laptop/table encryption. https://answers.uchicago.edu/page.php?id=15736. Accessed 2016 May 09.

Canetti, R., Dwork, C., Naor, M., and Ostrovsky, R. (1997). Deniable encryption. In Advances in Cryptology-CRYPTO’97, pages 90–104. Springer.

Casey, E. and Stellatos, G. J. (2008). The impact of full disk encryption on digital forensics. ACM SIGOPS Operating Systems Review, 42(3):93–98.

Codenomicon (2014). Drown: Breaking tls using sslv2. http://heartbleed.com/. Accessed 2016 jun 07.

Dworkin, M. (2010). Recommendation for Block Cipher Modes of Operation: The XTSAES Mode for Confidentiality on Storage Devices. In NIST Special Publication.

Fruhwirth, C. (2005). New methods in hard disk encryption. http://clemens.endorphin.org/nmihde/nmihde-letter-os.pdf. Accessed 2016 Jun 07.

GNU, P. (1999). The GNU Privacy Guard. https://www.gnupg.org/. Accessed 2016 jun 07.

Guardian, P. (2014). Luks: Linux Unified key Setup. https://gitlab.com/cryptsetup/cryptsetup. Accessed 2016 jun 07.

Gupta, D. and Mehtre, B. M. (2013). Recent trends in collection of software forensics artifacts: Issues and challenges. In Security in Computing and Communications, pages 303–312. Springer.

Halderman, J. A., Schoen, S. D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J. A.,

Feldman, A. J., Appelbaum, J., and Felten, E.W. (2009). Lest we remember: cold-boot attacks on encryption keys. Communications of the ACM, 52(5):91–98.

Henry, A. (2015). Five best file encryption tools. http://lifehacker.com/five-best-file-encryption-tools-5677725. Accessed 2016 jun 08.

IDRIX (2014). Veracrypt. https://veracrypt.codeplex.com/. Accessed 2016 jun 07.

IDRIX (2015). Veracrypt user’s guide. http://cyberside.net.ee/veracrypt/VeraCrypt%20User%20Guide.pdf. Accessed 2016 Jun 01.

Kessler, G. C. (2007). Anti-forensics and the digital investigator. In Australian Digital Forensics Conference, page 7. Accessed 2016 Apr 22.

Kornblum, J. D. (2009). Implementing bitlocker drive encryption for forensic analysis. digital investigation, 5(3):75–84.

Lowman, S. (2010). The effect of file and disk encryption on computer forensics. Accessed 2016 Apr 22.

Manes, C. (2015). The top 24 free tools for data encryption. http://www.gfi.com/blog/the-top-24-free-tools-for-data-encryption/. Accessed 2016 jun 08.

Martin, L. (2010). Xts: A mode of aes for encrypting hard disks. IEEE Security & Privacy, (3):68–69.

Microsoft (2006). Bitlocker. https://technet.microsoft.com/en-us/windows/bitlocker-and-bitlocker-to-go. Accessed 2016 jun 07.

Mrdovic, S. and Huseinovic, A. (2011). Forensic analysis of encrypted volumes using hibernation file. In TELFOR, 2011 19th, pages 1277–1280. IEEE.

NTLDR (2007). Diskcryptor: Open source partition encryption solution. https://diskcryptor.net/wiki/Main_Page. Accessed 2016 jun 07.

OHR (2009). Proficiency scale. https://hr.od.nih.gov/workingatnih/competencies/proficiencyscale. Accessed 2016 Jun 01.

Pavlov, I. (1999). 7-zip. http://www.7-zip.org/. Accessed 2016 jun 07.

PCM, P. M. C. (2014). Ciphershed: Secure Encryption Software. https://www.ciphershed.org/. Accessed 2016 jun 07.

R-Tools, T. I. (2007). R-crypto: Data security for windows. http://www.r-tt.com/data_security_software/. Accessed 2016 jun 07.

Sharma, R. (2016). 7 Best Encryption Software for Windows. http://beebom.com/best-encryption-software-windows/. Accessed 2016 jun 08.

Zhang, L., Zhou, Y., and Fan, J. (2014). The forensic analysis of encrypted truecrypt volumes. In PIC, 2014 International Conference on, pages 405–409. IEEE.
Publicado
07/11/2016
MOIA, Vitor Hugo Galhardo; HENRIQUES, Marco Aurélio A.. A comparison of encryption tools for disk data storage from digital forensics point of view. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 16. , 2016, Niterói. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2016 . p. 72-85. DOI: https://doi.org/10.5753/sbseg.2016.19299.

Artigos mais lidos do(s) mesmo(s) autor(es)