±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 35413
New Yesterday: 5 Visitors: 142

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

HELP! : How to image a Windows Surface RT (ARM)

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

mahoney
Newbie
 

Re: HELP! : How to image a Windows Surface RT (ARM)

Post Posted: Mar 21, 19 05:24

- UnallocatedClusters


My experience with Surfaces is that Surfaces come from the factory Bitlocker encrypted standard and Microsoft does NOT provide the Bitlocker keys!!!!!


Workaround for the factory BitLocker encryption:
1. Copy the DD image bit-for-bit onto a blank USB drive.
2. Attach the USB to a Windows machine via a USB write-blocker.
3. Windows will automatically decrypt the drive.
4. Use FTK Imager to re-image as a logical drive.

Workaround for user-encrypted BitLocker encryption:
1. After you get your physical DD image, boot the Surface normally and login (you'll need a local Admin account).
2. Launch CMD and run manage-bde -protectors C: -get -type RecoveryPassword
3. Make a note of the long numerical password.
4. You can use EnCase or Nuix to decrypt your physical DD image, or continue below:
5. Copy the DD image bit-for-bit onto a blank USB drive.
6. Attach the USB to a Windows machine via a USB write-blocker.
7. Windows will prompt for the recovery password - enter it here to decrypt the drive.
8. Use FTK Imager to re-image as a logical drive.  
 
  

Tic-Tac
Newbie
 

Re: HELP! : How to image a Windows Surface RT (ARM)

Post Posted: Apr 21, 19 12:15

You can't boot any other OS than Windows RT on those ARM devices. Microsoft have made sure that the secure boot will stay on at all times. There have been some successful attempts in the past at disabling the secure boot (e.g. this discussion - forum.xda-developers.c...t3360721), however all those security holes have been patched by Microsoft.

If it is a fully up to date Windows RT 8.1 device, your chances of booting any other OS are very, very slim. Even if you would suceed, you would need an OS that can run on an ARM CPU, and some custom drivers most likely Very Happy  
 

Page 2 of 2
Page Previous  1, 2