Ed, If you do not have the user's passphrase or a recovery agent, how do you do you get around EFS? Eoghan On Thu, 12 Sep 2002, Ed Moyle wrote: > Good afternoon, > > I have noticed several articles recently in various literature highlighting the usefulness of brute-forcing Microsoft EFS in situations where it is used on a disk that is undergoing examination. I am curious: why is the SOP to brute-force the EFS data (a laborous and time-consuming procedure) when mechanisms exist in most situations (75-90%) to go *around* EFS entirely to view the data (a 5 minute procedure)? I would think that this would reduce the effort associated with these investigations by a large proportion. > > Regards, > -Ed > > > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 09:06:14 PDT