Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: williamlucas
New Today: 0
New Yesterday: 0
Overall: 29661

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Software to search an FTK Lite Mounted drive with keyword
 How much can be found?
 Computer Forensic in responding to Data Breach issues
 A bunch of numbers about digital evidences collection
 Computer forensic issue

Computer Forensics World Forums


Pages Served
We received
59526792
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Safeguard Easy - Removal of encryption
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Safeguard Easy - Removal of encryption

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Legal Issues
View previous topic :: View next topic  
Author Message
chrisd
Newbie
Newbie


Joined: Jun 25, 2009
Posts: 1

PostPosted: Thu Jun 25, 2009 8:23 pm    Post subject: Safeguard Easy - Removal of encryption Reply with quote

Hello,
I want to image a hard disk that has Safeguard Easy.
I dont want to boot into the machine, but have the safeguard credentials.
I have a bootable cd from utimaco (safeguard provider).
I will do a /no reboot from the command line.
I want to then boot off my forensic cd and image the drive etc, or maybe do a dd etc.
Will the removal of the encryption affect mean it will no longer be admissable? or is it still OK etc.
Anyone else have experiences of Safeguard Easy and Forensics?
Regards5293
Back to top
View user's profile
4n6art
Newbie
Newbie


Joined: Jun 28, 2008
Posts: 67

PostPosted: Thu Jun 25, 2009 11:24 pm    Post subject: Reply with quote

Never used Safeguard, but COULD you try this:

- Forensically wipe a hard drive that is the same size or greater than the evidence drive.
- Create a forensic clone from the evidence drive to the new drive (this will now give you forensic copy of the evidence drive).
- Decrypt the NEW drive using the credentials you have - i.e. remove the Safeguard encryption from it
- Image that decrypted NEW drive.

- DOCUMENT
- DOCUMENT
- DOCUMENT
- DOCUMENT whatever you have done IN DETAIL

Save both drives as evidence. You have the original (encrypted) and the decrypted one in case someone wants to see it.

Just a thought - others in the forum may have other ideas for you to kick around.

Good luck!
-=ART=-
Back to top
View user's profile
Complete
Newbie
Newbie


Joined: Aug 20, 2006
Posts: 287

PostPosted: Fri Jun 26, 2009 1:46 am    Post subject: Reply with quote

I believe EnCase supports Utimaco. Take a forensic image of the encrypted drive, import it into EnCase, it will ask for a password, enter the credentials and you're good to go.

Otherwise, I agree with Art's method.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Legal Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.