Hello,
I have got a pointsec encrypted image. Can anyone provide me with a step-by-step guide of taking a decrypted copy using encase please??
Thanks in advance
A
Hello,
I have got a pointsec encrypted image. Can anyone provide me with a step-by-step guide of taking a decrypted copy using encase please??
Thanks in advance
A
There is no need to cross-post this in multiple forum topics. See General Discussion for a response to your question.
Guidance has a step by step guide. They will not support Pointsec, but they can guide you where to find this info. It's also on their forum website. You will need Pointsec software to install on your forensic machine. You can also search on-line and find a Pointsec Administrator Guide.
I just did one recently and I was able to view the contents of the hardrive, but could not figure out how to write block it. It was not an east task. Pointsec will not be of any assistance if you call them.
I have got a pointsec encrypted image. Can anyone provide me with a step-by-step guide of taking a decrypted copy using encase please??
You won't be able to use any recent version of EnCase or LinEn – you need to use something that runs comfortably under DOS. That probably means Encase 4.xx – and it also means device drivers for the equipment you are using. If you haven't done this before … expect about a week of eating pain.
Your best chance is to talk to the PointSec administrator of the installation. PointSec is known to be a problematical product when things go wrong, and many PointSec installations have developed various data recovery solutions. There's even one on the PointSec installation CD that lets you create a BartPE boot CD, that you can start using PointSec alternate boot. You will need to get the right PointSec .dll for this though – so you are going to need some kind of support from the right people.
You can do without the boot-CD, if you use the old Encase Boot CD, but you will still need help to get through a one-time login. And this one is messy as I have already noted – you will need DOS device drivers for everything you are going to use.
If you already know that you won't be able to call on a company PointSec admin or helpdesk, you might as well stop now, and look for likely accounts and password for the login guessing attack you will have to mount.
I had to do one of these a few years ago, in one of the methods athulin is describing, and it worked fine
Boot using a one-time login provided by the Pointsec admin, telling it to boot from an alternate device (EnCase DOS boot CD - as it doesnt like linux).
Not quick, but it did the job.