Once the system partition is encrypted, there is nothing one can do about it but break the encryption. It’s about an alternative forensic workflow for accessing evidence stored on computers protected with full-disk encryption. For non-system volumes, experts can quickly pull the system’s hibernation file to extract on-the-fly encryption keys later on with Elcomsoft Forensic Disk Decryptor. We are offering a faster and easier way to access information required to break full-disk system encryption by booting from a flash drive and obtaining encryption metadata required to brute-force the original plain-text passwords to encrypted volumes. Traditionally, experts would remove the hard drive(s), make disk images and work from there. When acquiring computers with encrypted system volumes, the investigation cannot go forward without breaking the encryption first. Full-disk encryption presents an immediate challenge to forensic experts.
0 Comments
Leave a Reply. |