Shelby Hall Graduate Research Forum Posters
Files
Download Full Text (518 KB)
Description
Current forensic tools struggle to effectively detect encrypted storage media. In recent years, there have been significant advancements, but a noticeable gap remains when it comes to identifying encrypted volumes from metadata alone. The goal of this research is to develop a novel algorithm that will identify the presence of volumes on a disk image which have been encrypted with the Linux Unified Key Setup (LUKS) encryption algorithm, in an effort to aid digital forensics investigations. Bad actors often use encryption as an anti-forensics tool to pose significant challenges to forensic investigators, especially when it is done within sections of a drive. The research focuses on defining specific characteristics or patterns within the metadata associated with LUKS-encrypted volumes, then identifying their locations on the drive. This research contributes to the field of digital forensics by offering an analysis tool that helps investigators identify the presence of encryption before beginning a full forensic examination. By detecting encrypted volumes early, this tool can provide direction on whether decryption efforts should be prioritized or if other investigative methods would be more effective.
Publication Date
3-2025
Department
Information Systems & Technology
City
Mobile
Disciplines
Cybersecurity | Information Security | Other Computer Sciences | Systems Architecture
Recommended Citation
Flynn, Nicholas and Black, Michael, "Development of an Algorithm to Identify the Presence of LUKS-Encrypted Volumes on a Forensic Image of a Drive" (2025). Shelby Hall Graduate Research Forum Posters. 24.
https://jagworks.southalabama.edu/southalabama-shgrf-posters/24
Included in
Cybersecurity Commons, Information Security Commons, Other Computer Sciences Commons, Systems Architecture Commons