I would work on getting a dd-like solution in shell prompt - maybe even from an external media, like microSD card…
The advantages are limited impact, software and elevated rights gone once rebooted, but most importantly host OS takes care of decryption.
This of course presumes that the device is powered on, and is not locked.
That is not a bad idea
My ultimate aim is to have something like WinFE running on the RT.
I'm currently converting my WProtect.exe application from x86 assembly language to C++ (as VS2012 can compile to ARM).
The pre-installation environemnt (PE) which WinFE is based upon, exists within RT (runs from a UFD), however, code signing is still enforced which prevents my self-written, unsigned tools from being executed. The exploit developed by Netham45 on the XDA Forums does not work within the preinstallation environement, but as yet, I dont know why.
If someone can get the exploit working from within PE, I would be very interested and I would even share the 'quirk' that I have discovered with them!
Creating an image of the Surface RT from PE is probably the best solution to this problem.
Colin.
Just to try and keep info as together as possible
http//www.forensicfocus.com/Forums/viewtopic/t=10509/
jaclaz
Hello All,
I stumbled across this forum when I received a windows 8 tablet for analysis. While it is most definitely not the best solution we ended up powering on the device, and acquiring through a usb hub onto a separate drive using FTK lite.
Not the most sound method but the best one we could come up with at the office.
Hello All,
I stumbled across this forum when I received a windows 8 tablet for analysis. While it is most definitely not the best solution we ended up powering on the device, and acquiring through a usb hub onto a separate drive using FTK lite.
Not the most sound method but the best one we could come up with at the office.
"windows 8" or "windows 8 RT"?
jaclaz
Or Pro or Enterprise?
Hello all,
I realise I'm coming into this a bit late but… We have in a Windows surfarce tablet - Windows RT. It's password protected. Does anyone know of anything available that can recover/reset the password? I've read so many articles but most relate to Windows 8 surface pro which doesn't really help me.
Many thanks,
Louise
Hello all,
I realise I'm coming into this a bit late but… We have in a Windows surfarce tablet - Windows RT. It's password protected. Does anyone know of anything available that can recover/reset the password? I've read so many articles but most relate to Windows 8 surface pro which doesn't really help me.
Many thanks,
Louise
I don' think there is (yet) a method/tool to wrkaround the actual password. (
There is a good set of instructions/tool to acquire it, as mentioned earlier
http//www.forensicfocus.com/Forums/viewtopic/t=10509/
http//
but the password must be known.
jaclaz