±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35965
New Yesterday: 0 Visitors: 156

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Gemplus GemSafe Toolbox

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

kiashi
Senior Member
 

Gemplus GemSafe Toolbox

Post Posted: Jun 21, 10 15:59

Hello, I am wondering if anyone has come across Gemplus' (now Gemalto) GemSafe Toolbox before?

It appears to be a smart card authentication system. I was alerted to it's presence when looking at the raw physical images I took of a couple of desktop PCs. The file system is all present and visible but user created files seem to be encrypted separately. I can view the files and their metadata but I cannot view their contents. EnCase does not flag them as encrypted in the description column however they all fail the file signature analysis.

System files such as the $MFT, boot.ini etc. are not encrypted. This is a Windows XP Pro machine

I have attempted to make a Virtual Machine out of the image with both VFC and LiveView. The VFC one blue-screens for both normal and safe mode with an IRQL_NOT_LESS_OR_EQUAL error. The one created with LiveView simply will not run and says that there is not sufficient permission to open the .vmdk file even though I am a domain and local administrator user on the PC I created it on and am trying to run it from.

I fear both of these errors may be due to the Smart Card system.

So I am hoping if anyone else has any suggestions for me to try??? One of the machines I imaged was not booting correctly so it may not be possible to re-acquire that one in a live mode.
_________________
_________________________________________
The only people who find what they are looking for
in life are the fault finders. 
 

Page 1 of 1