Abstract
This paper covers problem of detecting encrypted files in evidence data during digital forensics investigations. We present comparison of popular detection methods like file signature and extension analysis, metadata analysis and searching operation system artifacts. We present research on theoretical and practical use of some indicators that can suggest encryption used like entropy, chi-square test, Arithmetic Mean and Monte Carlo Value for Pi.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Hamming, R.W.: Coding and Information Theory. Prentice-Hall, Englewood Cliffs (1980)
Knuth, D.E.: The Art of Computer Programming, Seminumerical Algorithms, vol. 2. Addison-Wesley, Reading (1969)
Ziv, J., Lempel, A.: A Universal Algorithm for Sequential Data Compression. IEEE Transactions on Information Theory 23(3), 337–343
Park, S.K., Miller, K.W.: Random Number Generators: Good Ones Are Hard to Find. Communications of the ACM, 1192 (October 1988)
Steve, B.: The Official EnCase Certified Examiner Study Guide. Wiley Publishing, Chichester (2008), ISBN: 978-0-470-18145-4
Liu, V., Brown, F.: Bleeding-Edge Anti-Forensics, InfoSec World (April 3, 2006)
Rogers, D. M.: Anti-Forensic Presentation, Lockheed Martin. San Diego (2005)
Regulation of Investigatory Powers Act 2000, ch.23, UK legislation (July 28, 2000)
Schneier, B.: Rubber-Hose Cryptanalysis. Schneier on Security (October 27, 2008)
Soghoian, C.: Turkish police may have beaten encryption key out of TJ Maxx suspect. Surveillance State, CNET Networks (October 24, 2008)
Huebnera, E., Bema, D., Wee, C.K.: Data hiding in the NTFS file system. Digital Investigation 3(4), 211–226 (2006)
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Eoghan, C., Stellatos, G.J.: The impact of full disk encryption on digital forensics. ACM SIGOPS Operating Systems Review 42(3) (April 2008)
Hamming, R.W.: Coding and Information Theory, 2nd edn. Prentice-Hall, Englewood Cliffs (1986)
Haahr, M.: An Introduction to Randomness and Random NumbersRandom (June 1999); Random.org
Walker, J.: Introduction to Probability and Statistics. A Pseudorandom Number Sequence Test Program, Fourmilab (January 28, 2008)
Marco, S.G.: Corresponding The birth of a new industry: entry by start-ups and the drivers of firm growth: The case of encryption software. Research Policy 33(5), 787–806 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jozwiak, I., Kedziora, M., Melinska, A. (2011). Theoretical and Practical Aspects of Encrypted Containers Detection - Digital Forensics Approach. In: Zamojski, W., Kacprzyk, J., Mazurkiewicz, J., Sugier, J., Walkowiak, T. (eds) Dependable Computer Systems. Advances in Intelligent and Soft Computing, vol 97. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21393-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-21393-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21392-2
Online ISBN: 978-3-642-21393-9
eBook Packages: EngineeringEngineering (R0)