Detection and Identification of Software Encryption Solutions in NT-based Microsoft Windows Operating Systems

Author

Julian Breyer, West Virginia University

Semester

Spring

Date of Graduation

2013

Document Type

Thesis

Degree Type

MS

College

Statler College of Engineering and Mineral Resources

Department

Lane Department of Computer Science and Electrical Engineering

Committee Chair

Roy Nutter

Committee Co-Chair

Katerina Goseva-Popstojanova

Committee Member

James Mooney

Abstract

As encrypted information is very difficult or impossible to reconstruct, there are many situations in which it is critical to detect the presence of encryption software before a computer is shut down. Currently there is no solution that reliably identifies installed encryption software.;For this investigation, thirty encryption software products for Microsoft Windows based on the NT-kernel have been identified and investigated. Operating system dependent factors such as registry, file attributes, operating system attributes, process list analysis and independent factors such as file headers, keyword search, Master Boot Record analysis as well as hashing of software components were investigated and allow the identification of these programs. The most reliable detection rate is achieved through a combination of the aforementioned factors.

Recommended Citation

Breyer, Julian, "Detection and Identification of Software Encryption Solutions in NT-based Microsoft Windows Operating Systems" (2013). Graduate Theses, Dissertations, and Problem Reports. 337.
https://researchrepository.wvu.edu/etd/337