-
March 2nd, 2008, 09:52 PM
#1
Is EFS/BitLocker secure?
Well, we had that report about the possibility of recovering the password from the RAM of a machine that had recently shut down or was in standby, by cooling the strips with a can of compressed air.
OK, M$ said that it was a highly improbable scenario, and I am inclined to agree with that.
Then I read that:
ElcomSoft has released the Professional version 4.0 of Advanced EFS Data Recovery
http://www.snpx.com/cgi-bin/news55.c...09967it?-18610
So what is the real story?
-
March 3rd, 2008, 03:39 AM
#2
Junior Member
As demonstrated by the team that used liquid nitrogen to freeze the ram and than scan and recover the encryption keys it is possible.
-
March 3rd, 2008, 09:51 PM
#3
Anything has ot be better than the pre-vista Windows EFS.
-
March 3rd, 2008, 11:44 PM
#4
If this works:
http://www.elcomsoft.com/aefsdr.html
It wouldn't make a blind bit of difference.
-
March 5th, 2008, 04:44 AM
#5
One thing I did not see mentioned was whether it can recover when the entire drive is EFS...
Recovering specific files wouldn't be a problem, given that keys can be retrieved without too much difficulty by anybody who knows what to look for, given that they have direct access to the hard drive. Would the key recovery still be possible under full drive encryption... thereby encrypting the pagefile and other key retrieval locations as well, IIRC?
Real security doesn't come with an installer.
-
March 5th, 2008, 05:38 PM
#6
One thing I did not see mentioned was whether it can recover when the entire drive is EFS...
I think that it would (at least the expensive one )
Advanced EFS Data Recovery decrypts files protected with EFS quickly and efficiently. Scanning the hard disk directly sector by sector
That sounds as if it works like roadkil's "Unstoppable Copier" which will read all the drive and copy everything:
http://www.roadkil.net/unstopcp.html
The claim that it will work with "damaged disks" also suggests that it would handle an entire EFS drive.
Anyway, you could always copy the entire drive to a partition on a bigger drive and run it against that?
-
March 7th, 2008, 04:42 AM
#7
Originally Posted by nihil
I think that it would (at least the expensive one )
That sounds as if it works like roadkil's "Unstoppable Copier" which will read all the drive and copy everything:
http://www.roadkil.net/unstopcp.html
The claim that it will work with "damaged disks" also suggests that it would handle an entire EFS drive.
Anyway, you could always copy the entire drive to a partition on a bigger drive and run it against that?
Except that if the entire drive is encrypted, wouldn't the keys that needed to be retireved also be encrypted themselves? Unless of course it's some sort of MBR resident key?
Real security doesn't come with an installer.
-
March 7th, 2008, 10:52 AM
#8
Hi Doppy,
Except that if the entire drive is encrypted, wouldn't the keys that needed to be retireved also be encrypted themselves? Unless of course it's some sort of MBR resident key?
I have no idea, but the software claims to work with EFS. It might well be my imagination, but the description on their website gave the impression that it knew how to decrypt the keys "on the fly" as in cracking, rather than finding something unencrypted somewhere and using that as a point of entry.
On a very simplistic level, when you attempt to access an encrypted drive, it asks you for credentials which it must authenticate against something, somewhere, somehow. So you can get in (or it would be useless )
Obviously, these guys don't say how their software works.................
The reason I raised the whole issue is that I know people who think that EFS protects them big time..............errrr.................... not if I can go on the internet and for a few hundred dollars buy a tool that will open it up like a can of Coke ???????????
-
March 7th, 2008, 01:05 PM
#9
Don't need fancy software to defeat EFS...just need the local admin password by default....or domain admin if on a domain.
Who ever wrote the orignal article is either misleading folks to make the sodtware sound better, or does not understand EFS totally.
Last edited by Nokia; March 7th, 2008 at 01:07 PM.
Similar Threads
-
By ThePreacher in forum Miscellaneous Security Discussions
Replies: 17
Last Post: December 14th, 2006, 09:37 PM
-
By XTC46 in forum Site Feedback/Questions/Suggestions
Replies: 15
Last Post: August 24th, 2005, 07:52 PM
-
By nightcat in forum The Security Tutorials Forum
Replies: 9
Last Post: May 28th, 2005, 02:47 AM
-
By Tiger Shark in forum The Security Tutorials Forum
Replies: 0
Last Post: October 7th, 2004, 07:18 PM
-
By hatebreed2000 in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: March 14th, 2003, 06:36 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|