Methods for Detecting and Analyzing Hidden FAT32 Volumes Created with the Use of Cryptographic Tools

Ireneusz Jozwiak; Michal Kedziora; Aleksandra Melinska

Methods for Detecting and Analyzing Hidden FAT32 Volumes Created with the Use of Cryptographic Tools

Ireneusz Jozwiak, Michal Kedziora, Aleksandra Melinska

Published: 01 Jan 2013, Last Modified: 03 Dec 2024DepCoS-RELCOMEX 2013EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: The article describes the theoretical and practical methods for detecting and analyzing hidden volumes created with the use of cryptographic tools. The presented method is based on an analysis of the differences that result from the use of a hidden volume in FAT32 file systems. The method is effective both when the password is known to the host container and in the situations when password is not known. Potential computer forensic application of this methodology varies from standard investigations to advanced analysis of network and in the cloud data storages.

Loading