Award Information
Description of original award (Fiscal Year 2007, $364,400)
This project will give computer forensic examiners the capability to defeat encrypted file systems using memory analysis. Because the encryption keys are stored in memory, it is possible to recover them from a properly obtained memory image. This proposal explains how these encryption programs work, how memory analysis can be used to recover their keys, and provides a demonstration of the method. The method allows examiners to defeat a number of commercially available products and can easily be expanded to support new programs as they are released. ca/ncf
Similar Awards
- On the reliability of the forensic examination of electrical tapes and the influence of alteration sources encountered in casework
- The Development of a Peer Advocacy Intervention for Survivors whose Partners are in Relationship Violence Intervention Programs.
- More than a 'McJob': Criminal records, education, and access to middle-skill jobs