Hello, I am wondering if anyone has come across Gemplus' (now Gemalto) GemSafe Toolbox before?
It appears to be a smart card authentication system. I was alerted to it's presence when looking at the raw physical images I took of a couple of desktop PCs. The file system is all present and visible but user created files seem to be encrypted separately. I can view the files and their metadata but I cannot view their contents. EnCase does not flag them as encrypted in the description column however they all fail the file signature analysis.
System files such as the $MFT, boot.ini etc. are not encrypted. This is a Windows XP Pro machine
I have attempted to make a Virtual Machine out of the image with both VFC and LiveView. The VFC one blue-screens for both normal and safe mode with an IRQL_NOT_LESS_OR_EQUAL error. The one created with LiveView simply will not run and says that there is not sufficient permission to open the .vmdk file even though I am a domain and local administrator user on the PC I created it on and am trying to run it from.
I fear both of these errors may be due to the Smart Card system.
So I am hoping if anyone else has any suggestions for me to try??? One of the machines I imaged was not booting correctly so it may not be possible to re-acquire that one in a live mode.