Difference between pages "BitLocker Disk Encryption" and "Cyberspeak podcast"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(Full list of interviews)
 
Line 1: Line 1:
'''BitLocker Disk Encryption''' (BDE) is a [[Microsoft]] [[Full Volume Encryption]] solution first included with the Enterprise and Ultimate editions of [[Windows|Windows Vista]]. It is also present in [[Windows 7]] along with a system for encrypting removable storage media devices, like [[USB]], which is called [[BitLocker To Go]].
+
A semi-weekly podcast by [[Bret Padres]] and [[Ovie Carroll]], both former [[AFOSI]] agents. The show first aired on 4 Dec 2005.
  
Volumes encrypted with BitLocker will have a different signature than the standard [[NTFS]] header. Instead, they have in their volume header (first sector): <tt>2D 46 56 45 2D 46 53 2D</tt> or, in ASCII, <tt>-FVE-FS-</tt>.
+
== Interviews ==
  
Volumes encrypted with BitLocker To Go will have a hybrid encrypted volume, meaning that part of the volume is unencrypted and contains applications to unlock the volume and the other part of the volume is encypted. These volumes can be identified by the BitLocker GUID/UUID: 4967d63b-2e29-4ad8-8399-f6a339e3d00.
+
Each week the podcast usually features at least one interview.
  
The actual data on the encrypted volume is protected with either 128-bit or 256-bit [[AES]] and optionally diffused using an algorithm called Elephant. The key used to do the encryption, the Full Volume Encryption Key (FVEK) and/or TWEAK key, is stored in the BitLocker metadata on the protected volume. The FVEK and/or TWEAK keys are encrypted using another key, namely the Volume Master Key (VMK). Several copies of the VMK are also stored in the metadata. Each copy of the VMK is encrypted using another key, also know as key-protector key. Some of the key-protectors are:
+
=== 2005 ===
* TPM (Trusted Platform Module)
+
* recovery password
+
* start-up key
+
* clear key; this key-protector provides no protection
+
* user password
+
  
BitLocker has support for partial encrypted volumes.
+
* 18 Dec 2005: [[Nicholas Harbour]], author of [[Dcfldd]]
 +
* 31 Dec 2005: [[Jesse Kornblum]], author of [[foremost]] and [[md5deep]]
  
== See Also ==
+
=== 2006 ===  
* [[BitLocker To Go]]
+
* [[Defeating Whole Disk Encryption]]
+
  
== External Links ==
+
* 7 Jan 2006: [[Drew Fahey]], author of [[Helix]]
 +
* 18 Jan 2006: [[Simple Nomad]]
 +
* 21 Jan 2006: [[Johnny Long]]
 +
* 28 Jan 2006: [[Kevin Mandia]]
  
* [http://www.nvlabs.in/archives/1-NVbit-Accessing-Bitlocker-volumes-from-linux.html NVbit : Accessing Bitlocker volumes from linux], 2008
 
* Jesse D. Kornblum, [http://jessekornblum.com/publications/di09.html Implementing BitLocker for Forensic Analysis], ''Digital Investigation'', 2009
 
* [http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption Wikipedia entry on BitLocker]
 
* [http://technet2.microsoft.com/WindowsVista/en/library/c61f2a12-8ae6-4957-b031-97b4d762cf311033.mspx?mfr=true Microsoft's Step by Step Guide]
 
* [http://technet.microsoft.com/en-us/windowsvista/aa906017.aspx Microsoft Technical Overview]
 
* [http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFAQ.mspx Microsoft FAQ]
 
* [http://www.microsoft.com/downloads/details.aspx?FamilyID=131dae03-39ae-48be-a8d6-8b0034c92555&DisplayLang=en Microsoft Description of the Encryption Algorithm]
 
* [http://secude.com/htm/801/en/White_Paper%3A_Cold_Boot_Attacks.htm Cold Boot Attacks, Full Disk Encryption, and BitLocker]
 
* [http://code.google.com/p/libbde/ Project to read BitLocker encrypted volumes]
 
  
[[Category:Disk encryption]]
+
* 4 Feb 2006: [[Brian Carrier]]
[[Category:Windows]]
+
* 11 Feb 2006: [[Jesse Kornblum]]
 +
* 18 Feb 2006: [[Bruce Potter]] of the Shmoo Group
 +
* 25 Feb 2006: [[Kris Kendall]] speaks about malware analysis
 +
 
 +
 
 +
* 4 Mar 2006: [[Dave Merkel]]
 +
* 11 Mar 2006: [[James Wiebe]] of [[Wiebe Tech]]. Also [[Todd Bellows]] of [[LogiCube]] about [[CellDek]]
 +
* 18 Mar 2006: [[Kris Kendall]]
 +
* 25 Mar 2006: (No interview)
 +
 
 +
 
 +
* 1 Apr 2006: [[Harlan Carvey]], creator of the [[Forensic Server Project]]
 +
* 8 Apr 2006: (No interview)
 +
* 15 Apr 2006: (No interview), but first to mention the [[Main_Page|Forensics Wiki]]!
 +
* 22 Apr 2006: [[Jaime Florence]] about [[Mercury]], a text indexing product
 +
 
 +
 
 +
* 6 May 2006: [[Mark Rache]] and [[Dave Merkel]]
 +
* 13 May 2006: [[Steve Bunting]]
 +
* 21 May 2006: [[Mike Younger]]
 +
* 29 May 2006: [[Mike Younger]]
 +
 
 +
 
 +
* 3 Jun 2006: [[Jesse Kornblum]] about [[Windows Memory Analysis]]
 +
* 10 Jun 2006: (No interview)
 +
* 17 Jun 2006: [[Mike Younger]]
 +
* 24 Jun 2006: (No interview)
 +
 
 +
 
 +
* 1 Jul 2006: (No interview)
 +
* 9 Jul 2006: [[Johnny Long]]
 +
* 18 Jul 2006: [[Dark Tangent]]
 +
* 30 Jul 2006: [[Jesse Kornblum]] about [[Ssdeep|ssdeep]] and [[Context Triggered Piecewise Hashing|Fuzzy Hashing]]
 +
 
 +
 
 +
* 10 Aug 2006: [[Brian Contos]] discusses his book '''Insider Threat: Enemy at the Watercooler'''
 +
* 13 Aug 2006: [[Richard Bejtlich]] discusses his book '''Real Digital Forensics'''
 +
* 27 Aug 2006: [[David Farquhar]]
 +
 
 +
 
 +
* 3 Sep 2006: [[Keith Jones]]
 +
* 10 Sep 2006: (No Interview)
 +
* 17 Sep 2006: (No Interview)
 +
* 24 Sep 2006: (No Interview)
 +
 
 +
 
 +
* 1 Oct 2006: [[Brian Kaplan]], author of [[LiveView]]
 +
* 8 Oct 2006: [[Tom Gallagher]] discusses his book '''Hunting Security Bugs'''
 +
* 15 Oct 2006: (No Interview)
 +
* 29 Oct 2006: (No Interview)
 +
 
 +
 
 +
* 12 Nov 2006: [[Jesse Kornbum]] discusses his paper '''Exploiting the Rootkit Paradox with Windows Memory Analysis'''
 +
* 19 Nov 2006: [[Kris Kendall]] discusses unpacking binaries when conducting malware analysis
 +
* 26 Nov 2006: (No Interview)
 +
 
 +
 
 +
* 3 Dec 2006: [[Brian Dykstra]]
 +
* 10 Dec 2006: [[Mike Younger]]
 +
* 17 Dec 2006: [[Mike Younger]] and [[Geoff Michelli]]
 +
 
 +
=== 2007 ===
 +
 
 +
* 7 Jan 2007: [[Jamie Butler]]
 +
* 17 Jan 2007: [[Chad McMillan]]
 +
* 28 Jan 2007: [[Jesse Kornblum]]
 +
 
 +
 
 +
* 11 Feb 2007: [[Scott Moulton]]
 +
* 18 Fen 2007: [[Phil Zimmerman]], creator of [[PGP]] discussing his new [[Zfone]]
 +
* 25 Feb 2007: [[Mark Menz]] and [[Jeff Moss]]
 +
 
 +
 
 +
== External Links ==
 +
 
 +
[http://cyberspeak.libsyn.com/ Official website]

Revision as of 15:51, 27 February 2007

A semi-weekly podcast by Bret Padres and Ovie Carroll, both former AFOSI agents. The show first aired on 4 Dec 2005.

Interviews

Each week the podcast usually features at least one interview.

2005

2006









  • 3 Sep 2006: Keith Jones
  • 10 Sep 2006: (No Interview)
  • 17 Sep 2006: (No Interview)
  • 24 Sep 2006: (No Interview)


  • 1 Oct 2006: Brian Kaplan, author of LiveView
  • 8 Oct 2006: Tom Gallagher discusses his book Hunting Security Bugs
  • 15 Oct 2006: (No Interview)
  • 29 Oct 2006: (No Interview)


  • 12 Nov 2006: Jesse Kornbum discusses his paper Exploiting the Rootkit Paradox with Windows Memory Analysis
  • 19 Nov 2006: Kris Kendall discusses unpacking binaries when conducting malware analysis
  • 26 Nov 2006: (No Interview)


2007



External Links

Official website