We have performed an extensive analysis of FileVault 2 and we have been able to find all the algorithms and parameters needed to successfully read an encrypted volume. This allows us to perform forensic investigations on encrypted volumes using our own tools.
In this paper we present the architecture of FileVault 2, giving details of the key derivation, encryption process and metadata structures needed to perform the volume decryption. Besides the analysis of the system, we have also built a library that can mount a volume encrypted with FileVault 2. As a contribution to the research and forensic communities we have made this library open source.
Additionally, we present an informal security evaluation of the system and comment on some of the design and implementation features. Among others we analyze the random number generator used to create the recovery password. We have also analyzed the entropy of each 512-byte block in the encrypted volume and discovered that part of the user data was left unencrypted.Category / Keywords: applications / full disk encryption, tweakable encryption, key derivation Date: received 3 Jul 2012, last revised 21 Jul 2012 Contact author: omar choudary at cl cam ac uk Available format(s): PDF | BibTeX Citation Version: 20120721:214700 (All versions of this report) Short URL: ia.cr/2012/374 Discussion forum: Show discussion | Start new discussion