How To Boot Scan A Microsoft Surface Pro

by

Hi, I’m Rich Frawley, and I’m the Digital Forensic Specialist with ADF Solutions. Today we’re going to conduct a boot scan of a Microsoft Surface Pro with BitLocker activated.

At this point you have decided on a search profile, or search profiles, to use and prepared your collection key.

When conducting a boot scan, Digital Evidence Investigator is forensically sound. This means that no changes are made to the target media.

Prior to conducting a boot scan, establish how many USB ports are available, and determine if the four-port USB hub is required.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Two ports are required in order to complete a scan: one for the collection key and one for the authentication key. Once the scan is started, the authentication key can be removed.

The Surface Pro only has one USB port, so I have a four-port hub, the collection key connected, and the authentication key.

With the Surface Pro, in order to boot to the USB device, we’ll hold the ‘volume down’ button while pushing and releasing the power button.

When booting to the collection key, Digital Evidence Investigator will automatically launch the application to scan the computer. No user input is normally required within the Windows boot manager.

Once DEI has launched, there are two options available: Scan Computer and Image Computer. To proceed with the boot scan, click on ‘Scan Computer.’

You can see here the physical device and the BitLocker volume; the search profiles that we have on our collection key; and our scan information.

To get started, we need to enter the credentials for the BitLocker encrypted volume.

Once the volume is decrypted, we can choose the search profile that we want to run; give it a scan name; adjust our date and time if necessary; enter in any custom fields that may be present; and then start our scan.

As you can see, I have my authentication key. In order to start the scan, I present my authentication key. The scan will start. I can now remove the authentication key and move on to another computer with another collection key.

That’s all for this video; thank you for your time.

Get a free trial at www.TryADF.com.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
Rich Frawley, Director of Training at ADF Solutions, presents on the main features of DEI PRO for investigating computer and mobile devices from collection to reporting within the forensic software tool.

Rich Frawley, Director of Training at ADF Solutions, presents on the main features of DEI PRO for investigating computer and mobile devices from collection to reporting within the forensic software tool.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_xVfiOJm_tCk

Intro To DEI PRO: Assessing All Devices In A Timely Manner

Forensic Focus 28th September 2023 11:00 am

Ryan joins Si and Desi to discuss his research into SS7 hacking and cell phone tracking. As someone passionate about radio technology, Ryan became interested in cell networking and eventually discovered he could intercept calls and texts by building fake cell towers. He learned that phone users have virtually no ability to opt out of their locations and identifiers being commercially available via simple API calls. Ryan hopes to put this knowledge to good use by developing a system to warn domestic abuse shelters if an offender's phone is near by tracking SS7 data. During the technical discussion, Ryan demonstrates querying an API with his own phone number to retrieve subscriber data and location. The hosts consider how individuals could possibly protect themselves from SS7 exploits, such as avoiding SMS authentication. They also discuss Ryan's other projects exploring radio hacking tools and a magazine shining light on digital counterculture topics. 00:00 - Introducing Ryan 01:30 - What is SS7? 05:00 - SS7 attacks 08:05 - Research pathway 14:50 - Ryan's talk at BSides 16:20 - Using data to combat domestic abuse 30:00 - Protection from tracking 36:30 - Ryan's projects 44:15 - HVCK Magazine

Ryan joins Si and Desi to discuss his research into SS7 hacking and cell phone tracking. As someone passionate about radio technology, Ryan became interested in cell networking and eventually discovered he could intercept calls and texts by building fake cell towers. He learned that phone users have virtually no ability to opt out of their locations and identifiers being commercially available via simple API calls. Ryan hopes to put this knowledge to good use by developing a system to warn domestic abuse shelters if an offender's phone is near by tracking SS7 data.

During the technical discussion, Ryan demonstrates querying an API with his own phone number to retrieve subscriber data and location. The hosts consider how individuals could possibly protect themselves from SS7 exploits, such as avoiding SMS authentication. They also discuss Ryan's other projects exploring radio hacking tools and a magazine shining light on digital counterculture topics.

00:00 - Introducing Ryan

01:30 - What is SS7?

05:00 - SS7 attacks

08:05 - Research pathway

14:50 - Ryan's talk at BSides

16:20 - Using data to combat domestic abuse

30:00 - Protection from tracking

36:30 - Ryan's projects

44:15 - HVCK Magazine

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_quPJpAjyDZA

Cell Phone Tracking And SS7 - Hacking Security Vulnerabilities To Save Lives

Forensic Focus 25th September 2023 10:29 am

Ryan from Oxygen Forensics discusses how to use Oxygen's Android agent to collect Google Chrome data as a third party app on Android devices.

Ryan from Oxygen Forensics discusses how to use Oxygen's Android agent to collect Google Chrome data as a third party app on Android devices.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_gNyq_7llqLA

Extracting Google Chrome Using Android Agent

Forensic Focus 22nd September 2023 3:07 pm

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Register For The Webinar: The Complete Workflow For Video Analysis In Amped FIVE
News

Register For The Webinar: The Complete Workflow For Video Analysis In Amped FIVE

ByAmpedSoftwareOct 3, 2023
Forensic Data Collections 2.0 – A Selection Of Trusted Digital Forensics Content
Reviews

Forensic Data Collections 2.0 – A Selection Of Trusted Digital Forensics Content

ByForensic FocusOct 2, 2023
Forensic Focus Digest, September 29 2023
News

Forensic Focus Digest, September 29 2023

ByForensic FocusSep 29, 2023
Digital Forensics Round-Up, September 28 2023
News

Digital Forensics Round-Up, September 28 2023

ByForensic FocusSep 28, 2023
Advance Your Investigations With ADF Solutions’ Enhanced Screen Recording And Streamlined Features
News

Advance Your Investigations With ADF Solutions’ Enhanced Screen Recording And Streamlined Features

ByadfsolutionsSep 28, 2023
Intro To DEI PRO: Assessing All Devices In A Timely Manner
Webinars

Intro To DEI PRO: Assessing All Devices In A Timely Manner

ByadfsolutionsSep 28, 2023