SANS Digital Forensics and Incident Response Blog: Tag - Virtual

23 Jan 2009

PointSec Decryption - A Case for Decryption of the Original

1 comments Posted by jmbutler1
Filed under Computer Forensics, Digital Forensic Law, Drive Encryption, Evidence Acquisition, Evidence Analysis

By J. Michael Butler

A while back, I posted about EnCase and PointSec — "Encase and PointSec - I'm Not Feeling the Love". I wrote about my frustrations with the difficulties of decryption for a forensic exam. My main point was that EnCase and PointSec need to work together to provide forensic examiners a way to view the PointSec drive in EnCase simply by entering the PointSec password. I also detailed my process for decryption which involved the use of VMWare and a virtual image of the encrypted drive.


Tags: Chain of Custody, Decryption, EnCase, LiveView, metadata, PointSec, Raw Image, Virtual, VMDK, VMWare
Categories
Recent Posts
Archives
Links
Latest Blog Posts

Inhibiting Malicious Macros by Blocking Risky API Calls
April 15, 2018 - 4:21 PM

Top 11 Reasons Why You Should NOT Miss the SANS DFIR Summit and Training th [...]
April 13, 2018 - 4:51 PM

SANS Threat Hunting and Incident Response Summit 2018 Call for Speakers - D [...]
January 29, 2018 - 4:02 PM

Latest Tweets @sansforensics

Have you seen the #MalwareAnalysis #FOR610 coin yet? Become [...]
September 18, 2018 - 5:40 PM

Register for your FREE copy of the NEW #WindowsForensics Pos [...]
September 18, 2018 - 5:30 PM

Check out the full line up of @Night talks, bonus sessions & [...]
September 18, 2018 - 5:30 PM

Latest Papers

Evidence of Data Exfiltration via Containerised Applications on Virtual Private Servers
By Seth Enoka

Using Image Excerpts to Jumpstart Windows Forensic Analysis
By John Brown

Windows 10 as a Forensic Platform
By Ferenc Kovacs

"This is awesome! We're seeing details that most people don't even know exist."
- John Wright, Info Tech, Inc.

"Rob is great, just like all of the other SANS instructors I've had."
- Chris O'Keefe, The Community Preservation Corp

"This course is valuable to Law Enforcement professionals that conduct computer crime investigations."
- Reggie Harris, Federal Agent - DPE, OIG