Hi Chris; While several have answered already, and a couple touched on this area, I would caution that there are (such as here at Cisco) issues with the poweroff on a running windows box. Specifically, we have Pointsec - a harddrive encryption software - running. This encrypts the *entire* drive, from the boot sector, not just pieces like PGPDisk. You powercycle the box, what you have is a prompt from Pointsec. Failing that, you have garbage. The upside to Pointsec is that it's a key escrow and some of our admins have the 'god mode' keys to decrypt. Lacking that, you end up with nada. Just one example of what you need to be aware of when cycling systems. :-0 Not that it helps with your particular case, I suppose. /john At 1/29/2003 12:23 -0500, Christopher Howell wrote: >Does anyone know a slick way to find encrypted files on a running Win2K/XP >machine? If I am tasked with seizing one, and find it on and logged in, >it would be nice to be able to identify files encrypted with Windows >before I pull the plug. It seems to me the only way to do it is to view >the attributes in Windows Explorer - but short of clicking down through >the whole tree, I don't see how to find encrypted files that are in >non-encrypted folders or a level or two down... > >Anyone with ideas on this? John L. Clarke, III Cisco Systems, Inc. joclarkeat_private Information Security Team Lead: SecOps, Incidents, Investigations PGP: 28FE 9973 9A75 6408 59DB 5D82 73B4 FB04 ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 05:31:53 PST