SANS Digital Forensics and Incident Response Blog: Tag - Virtual

23 Jan 2009

PointSec Decryption - A Case for Decryption of the Original

1 comments Posted by jmbutler1
Filed under Computer Forensics, Digital Forensic Law, Drive Encryption, Evidence Acquisition, Evidence Analysis

By J. Michael Butler

A while back, I posted about EnCase and PointSec — "Encase and PointSec - I'm Not Feeling the Love". I wrote about my frustrations with the difficulties of decryption for a forensic exam. My main point was that EnCase and PointSec need to work together to provide forensic examiners a way to view the PointSec drive in EnCase simply by entering the PointSec password. I also detailed my process for decryption which involved the use of VMWare and a virtual image of the encrypted drive.


Tags: Chain of Custody, Decryption, EnCase, LiveView, metadata, PointSec, Raw Image, Virtual, VMDK, VMWare
Share

Categories
Recent Posts
Archives
Links
Latest Blog Posts

The new version of SOF-ELK is here. Download, turn on, and get going on for [...]
December 04, 2018 - 5:12 PM

Shortcuts for Understanding Malicious Scripts
November 14, 2018 - 4:41 PM

How to build an Android application testing toolbox
November 13, 2018 - 3:16 PM

Latest Tweets @sansforensics

Blog by @iamevltwin: On the Second Day of APOLLO, My True L [...]
December 15, 2018 - 1:01 PM

. @hexacorn Blog: Sysmon and an accidental anti-disassemblin [...]
December 15, 2018 - 1:10 AM

. @hecfblog post: Daily Blog #567: Forensic Lunch 12/14/18 [...]
December 14, 2018 - 8:26 PM

Latest Papers

Evidence of Data Exfiltration via Containerised Applications on Virtual Private Servers
By Seth Enoka

Using Image Excerpts to Jumpstart Windows Forensic Analysis
By John Brown

Windows 10 as a Forensic Platform
By Ferenc Kovacs

"This course is valuable to Law Enforcement professionals that conduct computer crime investigations."
- Reggie Harris, Federal Agent - DPE, OIG

"Rob Lee's enthusiasm method of delivery made the class excellent and a great environment to learn. He knows his stuff, without a doubt."
- Tim Moniot, Las Vegas Metro P.D.

"I had taken several other forensic courses prior to this one, but none of them or their instructors made understanding forensic methodologies and techniques as clear and understandable as Rob Lee and this course has."
- Nathon Heck, Purdue