Safeguard Easy - Removal of encryption


Electronic Contemporaneous Notes for Digital Investigations

chrisd

New Member
Jun 24, 2009
3
0
#1
Hello,
I want to image a hard disk that has Safeguard Easy.
I dont want to boot into the machine, but have the safeguard credentials.
I have a bootable cd from utimaco (safeguard provider).
I will do a /no reboot from the command line.
I want to then boot off my forensic cd and image the drive etc, or maybe do a dd etc.
Will the removal of the encryption affect mean it will no longer be admissable? or is it still OK etc.
Anyone else have experiences of Safeguard Easy and Forensics?
Regards5293
 

4n6art

New Member
Jun 27, 2008
201
0
#2
Never used Safeguard, but COULD you try this:

- Forensically wipe a hard drive that is the same size or greater than the evidence drive.
- Create a forensic clone from the evidence drive to the new drive (this will now give you forensic copy of the evidence drive).
- Decrypt the NEW drive using the credentials you have - i.e. remove the Safeguard encryption from it
- Image that decrypted NEW drive.

- DOCUMENT
- DOCUMENT
- DOCUMENT
- DOCUMENT whatever you have done IN DETAIL

Save both drives as evidence. You have the original (encrypted) and the decrypted one in case someone wants to see it.

Just a thought - others in the forum may have other ideas for you to kick around.

Good luck!
-=ART=-
 

Complete

Administrator
Aug 19, 2006
861
0
#3
I believe EnCase supports Utimaco. Take a forensic image of the encrypted drive, import it into EnCase, it will ask for a password, enter the credentials and you're good to go.

Otherwise, I agree with Art's method.
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu