Detektering av krypterade filer
Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
In contemporary encryption the vast amount of text subject to cracking has brought about the demand for methods distinguish files more likely to be encrypted. The encryption software Truecrypt can encrypt files that are not possible to identify with a file signature. To solve the detection problem, an algorithm sensitive to the absence of structure in the very code of files was developed. The program was written in the programming language EnScript which is built into the forensic software suite EnCase. The essential part of the algorithm therefore deployes the statistic of a chi-square test for deviance from a uniform distribution to distinguish files with contents that appear to be random. The program managed to detect encrypted files that were created with Truecrypt. Test results indicate that the newly developed program is nearly double as fast and has at least the same accuracy in the detection as other pro- grams. The software is licensed under open source standard GNU GPL. The procedure developed will drastically facilitate for computer forensic experts to detect if any existing encrypted file is located on the hard drive.
Place, publisher, year, edition, pages
2011. , 28 p.
Encrypted files, encrypted volumes, Computer forensic, EnCase, EnScript, Truecrypt, encrypted storage media
Krypterade filer, krypterade volymer, IT-forensik, EnCase, EnScript, Truecrypt, krypterad lagringsmedia
Information Science Information Science
IdentifiersURN: urn:nbn:se:hh:diva-15723OAI: oai:DiVA.org:hh-15723DiVA: diva2:428544
Subject / course
Computer Systems Technology
Järpe, Eric, Ph.D.Martinsson, MattiasMalmsten, Bo
Bilstrup, Urban, M.Sc. C.E.