RE: encryption question

From: Ansel, Kenny L. (Sytex Contractor) (kenny.ansel.sytex@arrtc-exch.mccoy.army.mil)
Date: Tue Jan 21 2003 - 06:14:14 PST

Next message: forensicsat_private: "Re: MD5 Exploit Database?"

Previous message: Andreas Schuster: "Re: MD5 Exploit Database?"
Maybe in reply to: Darren Welch: "encryption question"
Next in thread: Bob Radvanovsky: "Re: encryption question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 That doesn't sound like two factor authentication...anyway..

You should NEVER 'tamper' with the original image!!  Always make an exact
copy (with whatever you use that does the image bit for bit).  Then once you
get the image...'tamper with the image'....this way the original is always
'as is'.  This is very important for many reasons....one important reason is
for the courts of law.

Secondly, as far as getting key key to decrypt...yea, most OSs require you
to be the admin.  There are always ways to become the administrator if the
'real' admin is unavailable!!

Kenny Ansel

-----Original Message-----
From: Darren Welch
To: forensicsat_private
Sent: 1/16/03 3:27 PM
Subject: encryption question


As a CISSP I have a task to protect information by locking down the info
on 
the pc with encryption. Also as a forensic examiner I am tasked with
making 
forensic images and conducting examinations in support of corporate 
investigations, essentially getting into the information I am tasked
with 
protecting. There are many products that do hard disk encryption but I
have 
experienced major problems in making acquisitions without first
decrypting 
the drive thus tampering with evidence. As far as directory level
encryption 
the security requirement would be to use a hardware key to authenticate
to 
the encrypted directory (two factor authentication) but as an examiner,
the 
hardware key would need to contain administrator in addition to user 
accounts or policies which would enable me to conduct a sound
investigation. 
Has anyone been in the same situation or know of any company that offers

this? Thanks




_________________________________________________________________
MSN 8: advanced junk mail protection and 2 months FREE*. 
http://join.msn.com/?page=features/junkmail


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: forensicsat_private: "Re: MD5 Exploit Database?"
Previous message: Andreas Schuster: "Re: MD5 Exploit Database?"
Maybe in reply to: Darren Welch: "encryption question"
Next in thread: Bob Radvanovsky: "Re: encryption question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 03:27:13 PST