Advanced search
Publication Cover
Australian Journal of Forensic Sciences Volume 56, 2024 - Issue sup1: Extended Abstracts of the 23rd IAFS, incorporating the 26th ANZFSS, Conference
Submit an article Journal homepage
24
Views
0
CrossRef citations to date
0
Altmetric
Abstract

Windows 11 and the dawn of the TPM - a forensically sound way to beat it

Sriyal MendisCybercrime & Forensic Services, HM Revenue & Customs, London, UKCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0009-0007-8771-2770
ORCID Icon
Pages 123-126 | Received 30 Jan 2024, Accepted 04 Feb 2024, Published online: 28 Apr 2024
 
Sample our Bioscience journals, sign in here to start your access, Latest two full volumes FREE to you for 14 days
1

ABSTRACT

As technology evolves so do challenges faced by the digital forensic examiner. An increasingly frequent obstacle appearing now is the BitLocker encryption in conjunction with the Trusted Platform Module (TPM). The roll out of Windows 11 made having an initialised TPM (2.0) a mandatory prerequisite before being able to install Windows 11. Tackling the TPM is going to be one of the major issues encountered by the digital forensic computer examiner in the future as Windows 10 support ends in 2025 (Microsoft, 2024). This paper describes a method for accessing the BitLocker protected partition of a windows computer in a short time using minimal equipment in a forensically sound manner. As a result BitLocker encrypted partitions of physical images can be decrypted using recovery keys obtained via compliance or brute force of the users password or pin.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.