SANS Digital Forensics and Incident Response Blog: Tag - Virtual

23 Jan 2009

PointSec Decryption - A Case for Decryption of the Original

1 comments Posted by jmbutler1
Filed under Computer Forensics, Digital Forensic Law, Drive Encryption, Evidence Acquisition, Evidence Analysis

By J. Michael Butler

A while back, I posted about EnCase and PointSec — "Encase and PointSec - I'm Not Feeling the Love". I wrote about my frustrations with the difficulties of decryption for a forensic exam. My main point was that EnCase and PointSec need to work together to provide forensic examiners a way to view the PointSec drive in EnCase simply by entering the PointSec password. I also detailed my process for decryption which involved the use of VMWare and a virtual image of the encrypted drive.


Tags: Chain of Custody, Decryption, EnCase, LiveView, metadata, PointSec, Raw Image, Virtual, VMDK, VMWare
Share

Categories
Recent Posts
Archives
Links
Latest Blog Posts

iOS Location Mapping with APOLLO Part 2: Cellular and Wi-Fi Data (locationd)
September 11, 2019 - 8:53 AM

iOS Location Mapping with APOLLO Part 1: I Know Where You Were Today, Yeste [...]
September 10, 2019 - 4:42 PM

Countdown to DFIRCON 2019!
August 26, 2019 - 5:51 PM

Latest Tweets @sansforensics

Call for papers now open for the #ThreatHunting Summit 2020 [...]
September 16, 2019 - 11:46 PM

#FOR500 #WindowsForensicAnalysis and @maridegrazia will teac [...]
September 16, 2019 - 9:00 PM

[Webcast] October 29 at 3:30 PM ET: Join SANS #DFIR experts [...]
September 16, 2019 - 8:30 PM

Latest Papers

ATT&CKing Threat Management: A Structured Methodology for Cyber Threat Analysis
By Andy Piazza

Leveraging the PE Rich Header for Static M alware D etection and Linking
By Maksim Dubyk

Analysis of a Multi-Architecture SSH Linux Backdoor
By Angel Alonso-Parrizas

"This is awesome! We're seeing details that most people don't even know exist."
- John Wright, Info Tech, Inc.

"Forensics is a lot more than just imaging a drive."
- Joseph Fresch, Guaranty Bank

"I had taken several other forensic courses prior to this one, but none of them or their instructors made understanding forensic methodologies and techniques as clear and understandable as Rob Lee and this course has."
- Nathon Heck, Purdue