Hosting Provided By

RE: encryption question

From: Ansel, Kenny L. (Sytex Contractor) <kenny.ansel.sytex(at)arrtc-exch.mccoy.army.mil>
Date: Tue Jan 21 2003 - 09:14:14 EST

That doesn't sound like two factor authentication...anyway..

You should NEVER 'tamper' with the original image!! Always make an exact copy (with whatever you use that does the image bit for bit). Then once you get the image...'tamper with the image'....this way the original is always
'as is'. This is very important for many reasons....one important reason is
for the courts of law.

Secondly, as far as getting key key to decrypt...yea, most OSs require you to be the admin. There are always ways to become the administrator if the
'real' admin is unavailable!!

Kenny Ansel

-----Original Message-----
From: Darren Welch
To: forensics@securityfocus.com
Sent: 1/16/03 3:27 PM
Subject: encryption question

As a CISSP I have a task to protect information by locking down the info on
the pc with encryption. Also as a forensic examiner I am tasked with making
forensic images and conducting examinations in support of corporate investigations, essentially getting into the information I am tasked with
protecting. There are many products that do hard disk encryption but I have
experienced major problems in making acquisitions without first decrypting
the drive thus tampering with evidence. As far as directory level encryption
the security requirement would be to use a hardware key to authenticate to
the encrypted directory (two factor authentication) but as an examiner, the
hardware key would need to contain administrator in addition to user accounts or policies which would enable me to conduct a sound investigation.
Has anyone been in the same situation or know of any company that offers

this? Thanks

MSN 8: advanced junk mail protection and 2 months FREE*. http://join.msn.com/?page=features/junkmail

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Jan 23 06:27:08 2003

This message: [ Message body ]
Next message: forensics(at)auscert.org.au: "Re: MD5 Exploit Database?"
Previous message: Andreas Schuster: "Re: MD5 Exploit Database?"
Maybe in reply to: Darren Welch: "encryption question"
Reply: Bob Radvanovsky: "Re: encryption question"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:42 EDT

Do you need help?