|
Russian firm ElcomSoft on Thursday announced the release of Elcomsoft Forensic Disk Decryptor (EFDD), a new forensic tool that can reportedly access information stored in disks and volumes encrypted with desktop and portable versions of BitLocker, PGP, and TrueCrypt. EFDD will still set you back a solid $299. EFDD offers access to encrypted information either by completely decrypting everything or by doing so for individual files in real time. You can choose to either decrypt all files and folders stored in the cryptographic container (full, unrestricted forensic access to all stored information) or mount the encrypted volume as new drive letter for instant access (information is decrypted on-the-fly). This $299 tool makes your disk encryption obsolete.
|
|
|
|
|
All is not doom and gloom - the program still has to acquire Encryption Keys, as they say on their website, by one of 3 methods....
By analyzing the hibernation file (if the PC being analyzed is turned off);
By analyzing a memory dump file
By performing a FireWire attack (PC being analyzed must be running with encrypted volumes mounted).
'g'
|
|
|
|
|
Garth J Lancaster wrote: By analyzing a memory dump file [edit: if the PC being analyzed is turned off :S https://en.wikipedia.org/wiki/Cold_boot_attack[^]]
I guess following the best practices on TrueCrypt website (disable hibernation & sleep), and disabling the firewire in BIOS, combined with a panic button to purge RAM should be sufficient
|
|
|
|