Forensics Acquisition — Analysis and Circumvention of Samsung Secure Boot enforced Common Criteria Mode

Forensics Acquisition — Analysis and Circumvention of Samsung Secure Boot enforced Common Criteria ModepublishedVersio

got HW crypto? On the (in)security of a Self-Encrypting Drive series

Self encrypting devices (SEDs) doing full disk encryption are getting more and more widespread. Hardware implemented AES encryption provides fast and transparent encryption of all user data on the storage medium, at all times. In this paper we will look into some models in a self encrypting external hard drive series; the Western Digital My Passport series. We will describe the security model of these devices and show several security weaknesses like RAM leakage, weak key attacks and even backdoors on some of these devices, resulting in decrypted user data, without the knowledge of any user credentials

Digital Forensic Acquisition of mobile phones in the Era of Mandatory Security: Offensive Techniques, Security Vulnerabilities and Exploitation

The increased use of consumer electronics like computers, mobile phones, smart watches, external hard drives, etc. has made digital forensics more important for law enforcement. Consumer products now contain more information about a person’s life than ever before, useful in any criminal investigation. Gaining access to forensically valuable data is often crucial for a successful law enforcement investigation. At the same time, the mandatory security and complexity of these devices have increased, making successful acquisition of forensically valuable data more difficult. Successful acquisition now requires law enforcement to understand the underlying technology and possibly bypass security schemes protecting the user data. This thesis contributes with knowledge in this setting, by looking at different security challenges law enforcement meet when trying to acquire data from digital devices, and especially mobile phones. This thesis aims at increasing the knowledge on how law enforcement can use security vulnerabilities in digital forensic acquisition of modern mobile phones, improve the effectiveness of such use and gain knowledge on new attack surfaces

Digital forensic acquisition kill chain – analysis and demonstration

Part 1: Themes and IssuesInternational audienceThe increasing complexity and security of consumer products pose major challenges to digital forensics. Gaining access to encrypted user data without user credentials is a very difficult task. Such situations may require law enforcement to leverage offensive techniques – such as vulnerability exploitation – to bypass security measures in order to retrieve data in digital forensic investigations.This chapter proposes a digital forensic acquisition kill chain to assist law enforcement in acquiring forensic data using offensive techniques. The concept is discussed and examples are provided to illustrate the various kill chain phases. The anticipated results of applying the kill chain include improvements in performance and success rates in short-term, case-motivated, digital forensic acquisition scenarios as well as in long-term, case-independent planning and research scenarios focused on identifying vulnerabilities and leveraging them in digital forensic acquisition methods and tools

Exploiting Vendor-Defined Messages in the USB Power Delivery Protocol

The USB Power Delivery protocol enables USB-connected devices to negotiate power delivery and exchange data over a single connection such as a USB Type-C cable. The protocol incorporates standard commands;however, it also enables vendors to add non-standard commands called vendor-defined messages. These messages are similar to the vendorspecific commands in the SCSI protocol, which enable vendors to specify undocumented commands to implement functionality that meets their needs. Such commands can be employed to enable firmware updates, memory dumps and even backdoors. This chapter analyzes vendor-defined message support in devices that employ the USB Power Delivery protocol, the ultimate goal being to identify messages that could be leveraged in digital forensic investigations to acquire data stored in the devices