Western Digital Sma...
 
Notifications
Clear all

Western Digital SmartWare

12 Posts
7 Users
0 Likes
1,573 Views
(@beasleyjt)
Posts: 56
Trusted Member
Topic starter
 

So…has anyone encountered an external WD HD with the WD Smartware VCD on it? If so, how did you proceed to process it?

I encountered one in the past week and the only way I could get a working dd image of it is by connecting it directly to my forensic machine (yes I know….MAC times changing) and entering the password to unlock it.

I figure the way it works is an "on the fly hand-shake" where it has to modify the evidence drive in order to mount it. My machine would not see the drive properly via write-blocker or out of the original enclosure.

Has anyone encountered this yet?

If so, how did you proceed with it?

 
Posted : 06/11/2010 9:13 am
4Rensics
(@4rensics)
Posts: 255
Reputable Member
 

Anybody an joy on this?

Just got one in and its stuck on the password. Apparently it does not encrypt it unless it syncs it, but not sure what has been done to it. I thought a full DD might get everything, but don't think this will work either?

 
Posted : 26/11/2010 8:40 pm
(@beasleyjt)
Posts: 56
Trusted Member
Topic starter
 

Figured I would post what I ended up doing…

After a lot of research, we ended up having to install the SmartWare software from WD. Then I had to connected the evidence directly to my forensic machine and used EnCase to image it. I did of course have the agents approval to do sol and took very detailed notes of everything I did.

 
Posted : 23/12/2010 5:59 am
rexgray
(@rexgray)
Posts: 1
New Member
 

beasleyjt - possible to give me a call to discuss same problem you had with SmartWare? 757-462-2923

 
Posted : 13/01/2011 4:06 am
4Rensics
(@4rensics)
Posts: 255
Reputable Member
 

Did you get anything from it? I installed SmartWare, but because we did not have the password we could not get anything!

I subsequently found a "impressive" marketing YouTube video from WD saying how these drives with SmartWare use "Military" grade 256bit encryption! 😯

 
Posted : 13/01/2011 2:50 pm
(@beasleyjt)
Posts: 56
Trusted Member
Topic starter
 

One thing I left out

I was provided the password so I did not have to continue to troubleshoot it.

As 4Rensics stated, they are heavily encrypted and I dont think we would have been able to do anything with it without the password.

So once I had disabled the security in the WD Smartware, it was processed the same as an unencrypted HDD.

 
Posted : 14/01/2011 11:02 pm
(@chovhanz)
Posts: 1
New Member
 

I came across one last week. The way I proceeded is as follows
1. I removed the hard drive from the enclosure.
2. Using Image Masster Solo I created a clone (single capture) on another hard drive drive.
3. Using the sata usb adapter from the suspects hard drive enclosure I connected the clone to my forensic machine. If the suspects sata usb adapter is not used the clone will not be recognized. The forensic machine will also not recognise the clone if it a write blocker is used.
4. Once connected to the forensic machine the clone appears as a CD Drive labelled "WD Smartware"
5. Right click and open the Cd Drive which will display a number of folders.
6. Run "Unlock.exe" which will prompt you for the password.
7. It will only give you a number of attempts to put the right password failing which it will ask you if you want to erase the hard drive.
8. I was fortunate that the suspect provided the password when I asked for it.
9. Once the correct password is entered it mounts as a hard disk drive labelled "My Book"..
10. Open the drive and create a logical evidence of the folder "WD_Smartware"

In conclusion the sata usb adapter and the password are central to examine the backup files. It appears that the sata usb adapter has some form of software that interacts with the password and then mount the drive containing the backup files.

 
Posted : 22/07/2014 5:36 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

@chovanz
Interesting, thanks for sharing the details. )

For the record it seems like it is possible to "workaround" the password (though the method is not documented and it is seemingly NOT available, if not - maybe - to LE's)
http//forum.hddguru.com/viewtopic.php?f=1&t=21584

jaclaz

 
Posted : 22/07/2014 3:56 pm
(@kenobyte)
Posts: 36
Eminent Member
 

Resurrecting this thread did anyone ever find a workaround if there was no password found?

 
Posted : 16/03/2020 3:13 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Resurrecting this thread did anyone ever find a workaround if there was no password found?

Does this apply to your model/drive?

https://github.com/andlabs/reallymine/

jaclaz

 
Posted : 16/03/2020 3:45 pm
Page 1 / 2
Share: