- DSpace Home
- →
- E-Theses
- →
- MCS
- →
- Information Security
- →
- MSIS
- →
- View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Jiwan Mall, Kunwar Sharoon | |
| dc.contributor.author | Supervised by Dr. Imran Rashid. | |
| dc.date.accessioned | 2020-10-27T06:13:02Z | |
| dc.date.available | 2020-10-27T06:13:02Z | |
| dc.date.issued | 2017-10 | |
| dc.identifier.other | TIS-236 | |
| dc.identifier.other | MSIS-14 | |
| dc.identifier.uri | http://10.250.8.41:8080/xmlui/handle/123456789/5681 | |
| dc.description.abstract | In the past few years, computing gadgets have become available to a huge population of users. Personal computers, laptops and mobile phones etc. are few obvious examples of the types of devices that store personal and sensitive information of users and enterprises. Such devices always remain vulnerable to be stolen, thus endangering the data contained therein. Therefore, a need was felt to harden the security of data stored on such devices, especially the laptops. In this wake, Microsoft Windows introduced the feature of whole drive encryption through Windows BitLocker, which is a logical volume encryption system. This utility first appeared Windows Vista (Ultimate & Enterprise) and later editions. BitLocker protects a system‟s / user‟s data against accidental exposure in cases of theft or loss of the system. However, under certain circumstances, it may be necessary to recover the data by tracing the BitLocker key, which is known to be stored somewhere on the BitLocked system. This research involves forensic analysis of disk drives encrypted with Windows BitLocker, with the purpose of tracing forensic artefacts in the encrypted volumes. Considering the wide use of removable storage media (USBs and external hard disks) and virtual machines, this research also includes analyses of such devices. Working on both offline and online states of the target disks, the focus has remained on identification of data structures in which the key material is stored; high probability portions of physical disk to hold these data structures and the method followed for the frequency of occurrence of those structures in different types of disks. It also includes identification and analysis of changes made to the registry and an endeavour has been made to establish the sequence in which various system libraries and files are called during the process of BitLocker encryption. Further work in this area may be carried out on newer versions of Microsoft Windows building upon the findings of this research. Few recommendations in this regard have also been included at the end of this thesis. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | MCS | en_US |
| dc.title | Forensic analysis of drives encrypted with windows bitlocker | en_US |
| dc.type | Thesis | en_US |
Files in this item
This item appears in the following Collection(s)
-
MSIS [287]