That doesn't sound like two factor authentication...anyway.. You should NEVER 'tamper' with the original image!! Always make an exact copy (with whatever you use that does the image bit for bit). Then once you get the image...'tamper with the image'....this way the original is always 'as is'. This is very important for many reasons....one important reason is for the courts of law. Secondly, as far as getting key key to decrypt...yea, most OSs require you to be the admin. There are always ways to become the administrator if the 'real' admin is unavailable!! Kenny Ansel -----Original Message----- From: Darren Welch To: forensicsat_private Sent: 1/16/03 3:27 PM Subject: encryption question As a CISSP I have a task to protect information by locking down the info on the pc with encryption. Also as a forensic examiner I am tasked with making forensic images and conducting examinations in support of corporate investigations, essentially getting into the information I am tasked with protecting. There are many products that do hard disk encryption but I have experienced major problems in making acquisitions without first decrypting the drive thus tampering with evidence. As far as directory level encryption the security requirement would be to use a hardware key to authenticate to the encrypted directory (two factor authentication) but as an examiner, the hardware key would need to contain administrator in addition to user accounts or policies which would enable me to conduct a sound investigation. Has anyone been in the same situation or know of any company that offers this? Thanks _________________________________________________________________ MSN 8: advanced junk mail protection and 2 months FREE*. http://join.msn.com/?page=features/junkmail ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 03:27:13 PST