This paper describes the first security evaluation of FileVault 2, a volume encryption mechanism that was introduced in Mac OS X 10.7 (Lion). The evaluation results include the identification of the algorithms and data structures needed to successfully read an encrypted volume. Based on the analysis, an open-source tool named libfvde was developed to decrypt and mount volumes encrypted with FileVault 2. The tool can be used to perform forensic investigations on FileVault 2 encrypted volumes. Additionally, the evaluation discovered that part of the user data was left unencrypted; this was subsequently fixed in the CVE-2011-3212 operating system update. © IFIP International Federation for Information Processing 2013.
CITATION STYLE
Choudary, O., Grobert, F., & Metz, J. (2013). Security Analysis and Decryption of Filevault 2. In IFIP Advances in Information and Communication Technology (Vol. 410, pp. 349–363). https://doi.org/10.1007/978-3-642-41148-9_23
Mendeley helps you to discover research relevant for your work.