Forensics
Pointsec forensic disk imaging time Jul 04 2007 11:05PM
Erin Carroll (amoeba amoebazone com) (1 replies)
RE: Pointsec forensic disk imaging time Jul 05 2007 12:19AM
Bill Dean (bill dean999 comcast net)
Do you have the username and signon to decrypt? I am assuming so and this is
how you plan to access the data after imaging it. I deal with Pointsec in
one of my environments and image it live with FTK Imager (with very strong
documentation as to why the hashes don't match). Many circles feel that this
is acceptable with supporting documentation for whole disk encryption.

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Erin Carroll
Sent: Wednesday, July 04, 2007 7:05 PM
To: forensics (at) securityfocus (dot) com [email concealed]
Subject: Pointsec forensic disk imaging time

All,

I pinged the archives but didn't see a relevant thread on this...

Does anyone have any advice on decreasing the forensic imaging time for
Pointsec encrypted drives using the DOS boot disk? Currently a colleague is
getting an average of 16-hour turnarounds and I thought I'd see if there
were any hidden tips or tricks to work around the problem. It can be
painfully slow when pulling images from older hardware since AFAIK there is
no feasible way to offload the disk to a beefier machine without borking
things.

--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.476 / Virus Database: 269.9.14/884 - Release Date: 7/2/2007
3:35 PM

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus