Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Laptop Encryption & Write Permissions

from [Shaffer, Bruce] Network Security [Permanent Link]
Subject: RE: Laptop Encryption & Write Permissions
Date: Wed, 3 May 2006 08:23:22 -0400 
As to scenario #1, if you are trying to run remote management software
or do a forensic investigation on a machine that is powered down you
have other, more serious problems that have nothing to do with
technology.

As to scenario #2 I've been using ce-infosys which another hard drive
encryptor with network management capabilities similar to bitlocker.
Once a system has been authenticated and it is up and running, the
crypto software runs at a very low level and other than taking a few
cycles longer to serve up data, your admin software should do just fine.
I tested specifically for this by running software both resident on the
laptop and software remotely managing the laptop.  I was even able to
connect to a drive on the laptop across the LAN from a machine that did
not use hard drive encryption and every thing worked quite well.  I
believe this is because the crypto software is intercepting all disk
requests and doing its thing without interrupting service.  

The crypto software is there mainly to protect data at rest and make the
data completely available the rest of the time once it has authenticated
a user.

-----Original Message-----
From: Ken S [mailto:ken.securitylist@gmail.com] 
Sent: Tuesday, May 02, 2006 2:38 PM
To: focus-ms@securityfocus.com
Subject: Re: Laptop Encryption & Write Permissions

How will bitlocker (or other full drive encryption products)  impact
forensics investigations AND normal administrative functions for
machines that are 1) powered down and for those that are 2) on-line?

Specifially, the main benefit I see for bitlocker is the confidence
you would have when a laptop is lost or stolen.  If the entire drive
is encrypted, the chances of data compromise should be very low.  This
would solve a lot of heartburn....  Plus, I understand the admin
capabilities of bitlocker will allow admins to access drives in the
event a password is forgotten, or forensics needs to be done.

However, what impact will the encryption have on tools commonly used
by network admins today?  I assume if the machine is on it's "home"
network, that admins will be still be able to use tools like BindView
(which authenticates to machines to pull information), pstools, etc.,
etc. as usual.   But are there other tools that the encryption would
negatively impact?

Thanks in advance for your input.

Ken

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Laptop Encryption & Write Permissions, Saqib Ali
Next by Date:  SecurityFocus Microsoft Newsletter #289, Marc Fossi
Previous by Thread:  Re: Laptop Encryption & Write Permissions, Saqib Ali
Next by Thread:  RE: Laptop Encryption & Write Permissions, Casey DeBerry
Indexes:  [Date] [Thread] [Top] [All Lists]