Techniques and methods for obtaining access to data protected by linux-based encryption – A reference guide for practitioners

Research output: Contribution to journalArticlepeer-review

20 Downloads (Pure)

Abstract

This research presents an overview of the typical disc and folder-level encryption that a digital forensic investigator may encounter when investigating a Linux operating system. Based on prior first-hand experience and significant follow-up testing and research, this work examines the operation of such encryption from the user's perspective, discusses how the encryption operates “under the hood”; and explores methods and techniques that can be used to access and retrieve data from such encrypted devices, both during at-scene/live forensic investigation and also post-scene. Worked examples are presented, to aid the reader's understanding. This research also presents considerations, approaches and steps that can be used by an investigator, in order to maximise the potential for data acquisition, and most crucially discusses lessons learnt to facilitate getting the best evidence in such cases. A breakdown of the binary structure of the key files associated with fscrypt is also presented, for reference. Current limitations and gaps in knowledge are also discussed.
Original languageEnglish
Article number301662
JournalForensic Science International: Digital Investigation
Volume48
Issue numberC
Early online date8 Dec 2023
DOIs
Publication statusE-pub ahead of print - 8 Dec 2023

Bibliographical note

Publisher Copyright:
© 2023 The Author

Fingerprint

Dive into the research topics of 'Techniques and methods for obtaining access to data protected by linux-based encryption – A reference guide for practitioners'. Together they form a unique fingerprint.

Cite this