Results 1 to 6 of 6
Hi People,
I am investigating full disk encryption and have made a DD copy of the hard drive which has been encrypted, this DD file is stored on my computer ...
- 02-12-2010 #1Just Joined!
- Join Date
- Feb 2010
- Posts
- 13
Tricky - Full Disk Encryption DD
Hi People,
I am investigating full disk encryption and have made a DD copy of the hard drive which has been encrypted, this DD file is stored on my computer for analysis.
First question is - Anyone know how i can access data in this DD file even though its been encrypted?
Second question - Is there a DD command where i can image the systems memory? I ask this because when a system is turned on, to get past the pre-boot authentication stage you need a password. From what i understand, this password will be passed in to ram when power is applied to the system. Making a copy of the memory will also copy the password? I might be wrong but would appriciate any help i can get!
Ed
- 02-13-2010 #2Linux Guru
- Join Date
- Apr 2009
- Location
- I can be found either 40 miles west of Chicago, or in a galaxy far, far away.
- Posts
- 8,974
Tricky is an understatement. First, decrypting the hard drive image depends entirely on the encryption algorithms used, key length, key strength, and a number of other factors. As for the password used to access the system, yes it will be in RAM and there are techniques for accessing that memory, though it may well be scrambled so that you need to know the algorithm used for that as well in order to recover it.
All in all, this is a job for a highly qualified computer security and forensics lab. I have almost 30 years experience in the computer software field, including the design and implementation of cryptographic tools and algorithms, and I wouldn't waste my time doing this. So the question is, why do you want to?Sometimes, real fast is almost as good as real time.
Just remember, Semper Gumbi - always be flexible!
- 02-13-2010 #3Just Joined!
- Join Date
- Feb 2010
- Posts
- 13
It is a University project, i need to be able to attack the DD image somehow in order to access the data.
- 02-13-2010 #4Linux Guru
- Join Date
- Jul 2004
- Location
- Franklin, Wisconsin
- Posts
- 4,577
You need to read and follow the Forum Rules.
2. No religious or political posts, and no homework questionsPaul
Please do not send Private Messages to me with requests for help. I will not reply.
- 02-13-2010 #5Linux Guru
- Join Date
- Apr 2009
- Location
- I can be found either 40 miles west of Chicago, or in a galaxy far, far away.
- Posts
- 8,974
What Waterhead said. No school work help here. That's why you are taking these classes, to learn how to do this, using your own resources and study. In any case, there have been a number of articles online over the past couple of years that go into this stuff in some detail. Your job is to do the research to find out about how to do it. In any case, this is obviously an advanced course. Theoretically you already have the prerequisites needed to work it out...
Sometimes, real fast is almost as good as real time.
Just remember, Semper Gumbi - always be flexible!
- 02-13-2010 #6Super Moderator
- Join Date
- Jun 2006
- Location
- Chandigarh, India
- Posts
- 24,316
I agree with waterhead and Rubberman. If you have any specific question, don't hesitate to start a new thread.
Thread Locked.It is amazing what you can accomplish if you do not care who gets the credit.
New Users: Read This First
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts