I have a Crucial MX200 SSD
Using the official crucial disk utility drive shows up as healthy.
All partitions can be seen in Windows but come up as "unformatted"
I looked at the largest partition and it seems to have a signature of "NDX5" - is this disk encrypted?
All partitions can be seen in Windows but come up as "unformatted"
So, contents that Windows doesn't recognize as mountable file systems.
I looked at the largest partition and it seems to have a signature of "NDX5" - is this disk encrypted?
What is a 'signature' in this case?
To me, it's something in a particular sector, but as you don't say that you have identified that type of sector as present, I'm unsure. What sector in the partition, what offset in the sector?
Do you have a boot block? (disk boot or volume boot) Is it a standard Microsoft boot block or not? (That is, does it contain the same code that Microsoft tools write?) Or other identifiable volume structure? What partition types are present – Microsoft partitions or something else? MBR partitions or GPT partitions?
I mean, a volume with thrashed master sector would be unrecognized by Windows, but there would still be identifiable structures at the end of the volume, and inside it.
If there's absolutely nothing you recognize on the disk, it might be encrypted – but it could just as well be something you've never seen before.
Where was this SSD used before ?
If it was used in a surveillance system, you could have on the SSD a closed format raw recording.
Thanks for the useful info guys.
I've run another HexEditor here and at LBA 0
SYMGUARD
is showing?
What is this? A Symantec product but I've Googled and nothing shows up?
Thanks for the useful info guys.
I've run another HexEditor here and at LBA 0
SYMGUARD
is showing?
What is this? A Symantec product but I've Googled and nothing shows up?
Make a copy of this LBA0 sector.
Upload it on any free hosting site.
Post a link to it.
This way we will be able to see if it is actually a MBR, and if it is which type of partitions it shows.
Windows will of course find any partition but if their ID's are not within the "range" of "known ones" it will see them as unformatted because the filesystem recognizer won't be used at all.
jaclaz
Breakthrough!
SYMGUARD is Symantec Endpoint
Can't believe no where on Google mentioned this.
Now anyone know how to decrypt this ( I have p/w)?
SYMGUARD is Symantec Endpoint
Can't believe no where on Google mentioned this.
Now anyone know how to decrypt this ( I have p/w)?
You mean Endpoint Encryption, right?
You can try the Trial version
https://
And - maybe - create a WinPE with the needed files for decryption
https://
https://
It has to be seen if current version is backwards compatible (or if the SSD was encrypted with a recent enough version).
Symantec previously had something called PGP Encryption that uses PGPGUARD @offset 3 of LBA0, see here
http//
It is possible that there is something for Encase also for the new thingy. ?
jaclaz
thanks jaclaz
Are Symantec Endpoint
and
Symantec Desktop encryption different products?
thanks jaclaz
Are Symantec Endpoint
and
Symantec Desktop encryption different products?
Yes and no.
"Symantec Endpoint"" is an "umbrella name" for various Symantec products.
"Endpoint Protection" is a "security suite" (more common than "Endpoint Encryption")
https://
And Protection is another "umbrella" name for several different versions.
I am pretty sure that even Symantec people doesn't actually know all the products they make.
Endpoint Encryption is the actual encryption tool, that replace PGP Encryption.
BUT they do have something called Desktop Email Encryption
https://
Compare with the italian site (you can check another few regional sites, the SAME tools are called differently and arranged differently)
https://
and of course we haven't even touched the version numbers … 😯
jaclaz
thanks jaclaz.
Symantec seem have removed the very tool I need from their site!
https://