Does any one know of a forensic software that comes with a decryption module that supports Utimaco SafeGuard Enterprise (SGN) ; I know Encase supports SafeGuard Easy, but not SafeGuard Enterprise. I need to acquire SGN encrypted disks.
If you have access to the SGN server & machine name, then you can get it done.
You will need to know the original machine name.
Assign the machine's key to a security officer in the console.
Slave the encrypted drive to a machine where the security officer is an owner.
You should be able to get access to the drive after synch and receipt of the new policy on the security officer's machine.
Let me know if that worked. there are some other oddball ways to try.
Thanks for the insight. Can I connect the slave disk via a write blocker?
I do not see why not, but I have not had to do that yet.
I believe it is possible to connect the drive to slave the drive through a write-blocker to a non-encrypted machine and make a full copy.
Slaving the full copy thereafter to use as the data source, would then be a safer way to go.
I have asked Utimaco this question - if they answer, I will let you know their response.
According to Utimaco
"I believe it is possible but practical/advised no. You will have to have exactly the same sized disk and more than likely the same make model. As a general rule we would recommend decrypted the drive first coping the data and then re-encrypting it."
Greetings,
Which kinda modifies the original evidence….
-David
Yeah just a little bit…..
Tom