SANS Digital Forensics and Incident Response Blog: Tag - Virtual

23 Jan 2009

PointSec Decryption - A Case for Decryption of the Original

1 comments Posted by jmbutler1
Filed under Computer Forensics, Digital Forensic Law, Drive Encryption, Evidence Acquisition, Evidence Analysis

By J. Michael Butler

A while back, I posted about EnCase and PointSec — "Encase and PointSec - I'm Not Feeling the Love". I wrote about my frustrations with the difficulties of decryption for a forensic exam. My main point was that EnCase and PointSec need to work together to provide forensic examiners a way to view the PointSec drive in EnCase simply by entering the PointSec password. I also detailed my process for decryption which involved the use of VMWare and a virtual image of the encrypted drive.


Tags: Chain of Custody, Decryption, EnCase, LiveView, metadata, PointSec, Raw Image, Virtual, VMDK, VMWare
Share

Categories
Recent Posts
Archives
Links
Latest Blog Posts

Kick off the new year with the industry’s top CTI experts at the SANS Cyber [...]
December 10, 2019 - 5:43 PM

Cloud Storage Acquisition from Endpoint Devices
October 30, 2019 - 8:56 PM

The State of Malware Analysis: Advice from the Trenches
September 26, 2019 - 2:02 PM

Latest Tweets @sansforensics

This Friday 12/13/19 at Noon CST The Forensic Lunch! Join R [...]
December 13, 2019 - 1:00 AM

Mari brings 20 years of experience in the IT industry, inclu [...]
December 13, 2019 - 12:00 AM

Join us for Forensic Lunch tomorrow at 10AM PST with Certifi [...]
December 12, 2019 - 11:05 PM

Latest Papers

Threat Hunting and Incident Response in a post-compromised environment
By Rukhsar Khan

Automated Detection and Disinfection of Ransomware Attacks using Roadblock Software
By Hemant Kumar

ATT&CKing Threat Management: A Structured Methodology for Cyber Threat Analysis
By Andy Piazza

"Rob has insight that few others have and that alone is worth the cost of the the course."
- Chris Spurrier, Xerox Corp

"For my line of work, basic & extensive understanding of the file system is extremely important. The literature and books on file systems for me are very critical & thanks you for them, great reference material"
- Vince Ramirez, Las Vegas Metro P.D.

"Rob Lee is a master of the subject matter. The material is presented in a way that is understandable. Rob is also charismatic enough to make the course enjoyable."
- Erik Ketlet, JP Morgan Chase