SANS Digital Forensics and Incident Response Blog: Tag - Encryption Plus

Dealing with PC Guardian's Encryption Plus Hard Drive (EPHD)

Dealing with EPHD, or PC Guardian's Encryption Plus is not too bad provided it has been setup correctly. By being setup correctly, I mean that the PC administrators have created an account that anyone can use to get past the hard drive encryption. This account and password needs to be treated just like the admin account. Only those people who need to know it, should have the userid and password.

On a side note: If your corporation has not implemented for your laptops and mobile devices, I have to ask why not? Hard drive encryption is much cheaper to implement then letting your corporate secrets and customer data out into the public.

Before We Begin

Before doing anything talk with your management and legal with regard to how they want you to proceed with imaging the encrypted devices. They may feel that this methodology is not right for them. The other aspect to be aware of is do you image the drive in its encrypted state and then use the

... Continue reading Dealing with PC Guardian's Encryption Plus Hard Drive (EPHD)