hh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Detektering av krypterade filer
Halmstad University, School of Information Science, Computer and Electrical Engineering (IDE).
2011 (Swedish)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

In contemporary encryption the vast amount of text subject to cracking has brought about the demand for methods distinguish files more likely to be encrypted. The encryption software Truecrypt can encrypt files that are not possible to identify with a file signature. To solve the detection problem, an algorithm sensitive to the absence of structure in the very code of files was developed. The program was written in the programming language EnScript which is built into the forensic software suite EnCase. The essential part of the algorithm therefore deployes the statistic of a chi-square test for deviance from a uniform distribution to distinguish files with contents that appear to be random. The program managed to detect encrypted files that were created with Truecrypt. Test results indicate that the newly developed program is nearly double as fast and has at least the same accuracy in the detection as other pro- grams. The software is licensed under open source standard GNU GPL. The procedure developed will drastically facilitate for computer forensic experts to detect if any existing encrypted file is located on the hard drive.

Place, publisher, year, edition, pages
2011. , 28 p.
Keyword [en]
Encrypted files, encrypted volumes, Computer forensic, EnCase, EnScript, Truecrypt, encrypted storage media
Keyword [sv]
Krypterade filer, krypterade volymer, IT-forensik, EnCase, EnScript, Truecrypt, krypterad lagringsmedia
National Category
Information Science Information Science
Identifiers
URN: urn:nbn:se:hh:diva-15723OAI: oai:DiVA.org:hh-15723DiVA: diva2:428544
Subject / course
Computer Systems Technology
Uppsok
Technology
Supervisors
Examiners
Available from: 2011-06-30 Created: 2011-06-30 Last updated: 2011-06-30Bibliographically approved

Open Access in DiVA

Detektering av krypterade filer - Linus Barkman(398 kB)1055 downloads
File information
File name FULLTEXT01.pdfFile size 398 kBChecksum SHA-512
a42e349938a6fdd80112c9af7b693f54a555813d7d5281889389a11642be840c99510a1c5498781f6b2385e857f51f0ea307d6a2c52d8f516348c968440510f8
Type fulltextMimetype application/pdf

By organisation
School of Information Science, Computer and Electrical Engineering (IDE)
Information ScienceInformation Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 1055 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 2790 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf