HITBGSEC 2018: Cracking Full Disk Encryption 🔓

Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential theft of a computer system. However, when the system is compromised and requires careful forensic analysis, FDE can be quite painful to forensic analysts. Unless you deal with standard and widely supported encryption such as LUKS, Bitlocker, TrueCrypt or few others, it might really hard to get through the layers of crypto code in proprietary software.

This presentation will attempt to solve this by introducing a way to break into live running custom FDE setup remotely.

===

Vitaly has been involved in malware research at Kaspersky Lab since 2005. In 2008, he was appointed Senior Antivirus Expert, before going on to become Director of the EEMEA Research Center in 2009. He spent a year in Japan focusing on major local threats affecting the region. In 2014 he was seconded to the INTERPOL Global Complex for Innovation in Singapore, where he worked in the INTERPOL Digital Crime Center specializing in malware reverse engineering, digital forensics and cybercrime investigation.

Prior to joining Kaspersky Lab, Vitaly worked as a software developer and system administrator. He is a graduate of the Faculty of Applied Math and Computer Science at the Belarussian State University Vitaly has presented at many public international security conferences including Blackhat USA, Blackhat Asia, Defcon, Hitcon, BSides LasVegas, PHDays, ZeroNights, FIRST, Source Boston as well as multiple closed door invite-only security industry events.

---

Nicolas Collery has been in the security field for over 15 years, focusing on fighting cybercrime. Passionate about forensics, malware analysis, and now simulating attacks focusing on real-adversaries tactics, techniques and procedure to assess capability to prevent, detect and respond. He has worked on the implementation of some of the current security controls that helps providing security and peace of mind to its customers.