Damir Palavra is an independent forensic investigator and court-appointed expert in the field of computer science, electronics and telecommunications. He graduated from the Faculty of Electrical Engineering and Computing in Zagreb in 2002 and obtained a Master's degree. He was appointed as a permanent court expert in the field of Informatics in 2013. In the last 15 years, Damir is working intensively in the field of digital security, computer forensics and consulting in IT technologies.
Encrypted Content Forensics
The inflation of cryptographic solutions, especially full disk encryption (FDE), greatly complicates (if not completely undermines) the daily work of digital forensics experts. One of the paradigms of digital evidence examination is that digital evidence must be preserved unchanged and thus remain viable for further expert analysis and examination. Unfortunately, in cases where FDE solutions are applied to systems, such limitation represents an insurmountable barrier to analysis and examination in the majority of cases. If we draw a parallel with cases from “classic forensics” where, for example, in order to exclude a DNA sample or a fingerprint from the crime scene one cannot avoid affecting the evidence and the crime scene themselves, the question arises as to why this would be different in digital forensics.
The most common obstacle in the examination of encrypted digital evidence is that, in order for an examination to be possible at all, certain procedures must be carried out the very moment the police or other law enforcement officers seize hardware.
New cloud technologies and solutions show a lot of promise in this area, especially for brute-force attacks.