SANS Digital Forensics and Incident Response Blog: Tag - Virtual

23 Jan 2009

PointSec Decryption - A Case for Decryption of the Original

1 comments Posted by jmbutler1
Filed under Computer Forensics, Digital Forensic Law, Drive Encryption, Evidence Acquisition, Evidence Analysis

By J. Michael Butler

A while back, I posted about EnCase and PointSec — "Encase and PointSec - I'm Not Feeling the Love". I wrote about my frustrations with the difficulties of decryption for a forensic exam. My main point was that EnCase and PointSec need to work together to provide forensic examiners a way to view the PointSec drive in EnCase simply by entering the PointSec password. I also detailed my process for decryption which involved the use of VMWare and a virtual image of the encrypted drive.


Tags: Chain of Custody, Decryption, EnCase, LiveView, metadata, PointSec, Raw Image, Virtual, VMDK, VMWare
Share

Categories
Recent Posts
Archives
Links
Latest Blog Posts

A few Ghidra tips for IDA users, part 4 - function call graphs
June 14, 2019 - 7:57 PM

Six Reasons You Don’t Want to Miss SANS DFIR Summit & Training 2019
June 07, 2019 - 7:51 PM

Design it. DFIR it. Win it. Wear it!
May 22, 2019 - 5:29 PM

Latest Tweets @sansforensics

Yes! It is that time of year again for #SANSNetworkSecurity [...]
July 21, 2019 - 5:50 PM

#FOR508 teaches tactics elite responders and hunters are suc [...]
July 21, 2019 - 4:01 PM

Chris Cochram explores how he executes hunting via the red a [...]
July 21, 2019 - 1:30 PM

Latest Papers

Leveraging the PE Rich Header for Static M alware D etection and Linking
By Maksim Dubyk

Analysis of a Multi-Architecture SSH Linux Backdoor
By Angel Alonso-Parrizas

Hunting for Ghosts in Fileless Attacks
By Buddy Tancio

"This course ROCKS! You can not call yourself a Forensics expert without taking the course from Rob Lee!."
- Ernie Hernandez, Prosoft

"For my line of work, basic & extensive understanding of the file system is extremely important. The literature and books on file systems for me are very critical & thanks you for them, great reference material"
- Vince Ramirez, Las Vegas Metro P.D.

"Rob Lee is a master of the subject matter. The material is presented in a way that is understandable. Rob is also charismatic enough to make the course enjoyable."
- Erik Ketlet, JP Morgan Chase