Hello,
We have a laptop that needs to be analyzed. The problem is that it is protected with PGP Desktop Whole Disk Encryption 10.0.1.
(Of course, this laptop is the most important piece of evidence in my case…)
I tried extracting the first 32 KB of the drive and processing it with AccessData's DNA program for a week now and the password still hasn't been found. However, DNA support PGP WDE 9.x (no mention about 10.x).
Has anyone ever encountered this type of situation? Do you know any tools/techniques that could help me get access to the data on the laptop?
Thanks!
Hitman, you may very well have tried this already, or perhaps it's outside the scope of what is available for your case…
From what I've read, PGP WDE is sometimes used by large companies/organizations that maintain recovery keys which would remove the encryption from the drive you're working with. I've encountered other full disk encryption programs where the admin of the company that owns the hard drive maintains a recovery key that can remove the encryption in cases like this. Does this help?
In this particular case, the encrypte laptop belongs to an individual, so it is not using the workgroup/enterprise version of PGP WDE. Therefore, no recovery key is available.
Thanks.