Skip to main content
Conference ProceedingsOPEN ACCESS

Security Analysis and Decryption of Filevault 2

IFIP Advances in Information and Communication Technology (2013) 410 349-363
DOI: 10.1007/978-3-642-41148-9_23
1Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

This paper describes the first security evaluation of FileVault 2, a volume encryption mechanism that was introduced in Mac OS X 10.7 (Lion). The evaluation results include the identification of the algorithms and data structures needed to successfully read an encrypted volume. Based on the analysis, an open-source tool named libfvde was developed to decrypt and mount volumes encrypted with FileVault 2. The tool can be used to perform forensic investigations on FileVault 2 encrypted volumes. Additionally, the evaluation discovered that part of the user data was left unencrypted; this was subsequently fixed in the CVE-2011-3212 operating system update. © IFIP International Federation for Information Processing 2013.

Author supplied keywords

Cite

CITATION STYLE

APA

Choudary, O., Grobert, F., & Metz, J. (2013). Security Analysis and Decryption of Filevault 2. In IFIP Advances in Information and Communication Technology (Vol. 410, pp. 349–363). https://doi.org/10.1007/978-3-642-41148-9_23

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free