Good afternoon, I have noticed several articles recently in various literature highlighting the usefulness of brute-forcing Microsoft EFS in situations where it is used on a disk that is undergoing examination. I am curious: why is the SOP to brute-force the EFS data (a laborous and time-consuming procedure) when mechanisms exist in most situations (75-90%) to go *around* EFS entirely to view the data (a 5 minute procedure)? I would think that this would reduce the effort associated with these investigations by a large proportion. Regards, -Ed ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 12 2002 - 10:01:16 PDT