SANS Digital Forensics and Incident Response Blog: Tag - Virtual

23 Jan 2009

PointSec Decryption - A Case for Decryption of the Original

1 comments Posted by jmbutler1
Filed under Computer Forensics, Digital Forensic Law, Drive Encryption, Evidence Acquisition, Evidence Analysis

By J. Michael Butler

A while back, I posted about EnCase and PointSec — "Encase and PointSec - I'm Not Feeling the Love". I wrote about my frustrations with the difficulties of decryption for a forensic exam. My main point was that EnCase and PointSec need to work together to provide forensic examiners a way to view the PointSec drive in EnCase simply by entering the PointSec password. I also detailed my process for decryption which involved the use of VMWare and a virtual image of the encrypted drive.


Tags: Chain of Custody, Decryption, EnCase, LiveView, metadata, PointSec, Raw Image, Virtual, VMDK, VMWare
Categories
Recent Posts
Archives
Links
Latest Blog Posts

Inhibiting Malicious Macros by Blocking Risky API Calls
April 15, 2018 - 4:21 PM

Top 11 Reasons Why You Should NOT Miss the SANS DFIR Summit and Training th [...]
April 13, 2018 - 4:51 PM

SANS Threat Hunting and Incident Response Summit 2018 Call for Speakers - D [...]
January 29, 2018 - 4:02 PM

Latest Tweets @sansforensics

Learn about all of our FREE tools before class. Get the HFS+ [...]
April 24, 2018 - 8:25 PM

Learn what data can be obtained from the Google Home app, th [...]
April 24, 2018 - 7:50 PM

Forensicators, don't miss out on the bundle savings! SAVE 50 [...]
April 24, 2018 - 4:01 PM

Latest Papers

Pick a Tool, the Right Tool: Developing a Practical Typology for Selecting Digital Forensics Tools
By Rick Kiper

Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity
By Michael Long II

Automating Static File Analysis and Metadata Collection Using Laika BOSS
By Charles DiRaimondi IV

"This course ROCKS! You can not call yourself a Forensics expert without taking the course from Rob Lee!."
- Ernie Hernandez, Prosoft

"This course is valuable to Law Enforcement professionals that conduct computer crime investigations."
- Reggie Harris, Federal Agent - DPE, OIG

"Rob Lee's enthusiasm method of delivery made the class excellent and a great environment to learn. He knows his stuff, without a doubt."
- Tim Moniot, Las Vegas Metro P.D.