Award Information
Award #
2007-DN-BX-K188
Funding Category
Competitive
Location
Congressional District
Status
Closed
Funding First Awarded
2007
Total funding (to date)
$364,400
Original Solicitation
Description of original award (Fiscal Year 2007, $364,400)
This project will give computer forensic examiners the capability to defeat encrypted file systems using memory analysis. Because the encryption keys are stored in memory, it is possible to recover them from a properly obtained memory image. This proposal explains how these encryption programs work, how memory analysis can be used to recover their keys, and provides a demonstration of the method. The method allows examiners to defeat a number of commercially available products and can easily be expanded to support new programs as they are released. ca/ncf
Date Created: September 12, 2007