Home page logo

basics logo Security Basics mailing list archives

RE: Encryption on Laptops?
From: "Simon and Sara Zuckerbraun" <szucker () rcn com>
Date: Thu, 18 Mar 2004 19:52:43 -0600

EFS is not broken. (It's not a panacea either.)

I took a look at the info on FTK
(http://www.frontiersolutions.biz/accessdataftk.htm). What this seems to be
is a tool for scanning a hard drive for clues to a user's password, etc.
This could be useful towards the end goal of decrypting files, but it can't
just "break through" EFS encryption.

I googled on EFS and accessdata FTK and found a very nicely written paper,
"Practical Approaches to Recovering Encrypted Digital Evidence"
http://www.ijde.org/docs/02_fall_art4.pdf. It describes the techniques that
an investigator might use when attempting to obtain evidence from encrypted
files. The author is clearly aware of FTK, since he mentions it in the
paper; what he says about FTK is that it can be used to seek out keywords
present on a user's disks that may be useful in guessing a password or
passphrase. Nevertheless the author considers EFS to be a formidable
obstacle to accessing data, even if the investigator tries using FTK.


-----Original Message-----
From: Aaron [mailto:aaron () eldrelore com] 
Sent: Thursday, March 18, 2004 11:10 AM
To: security-basics () securityfocus com
Subject: RE: Encryption on Laptops?

EFS has been broken.  Accessdata's FTK can decrypt it.

And no, I'm not an accessdata employee.

On Wed, 2004-03-17 at 23:48, Simon and Sara Zuckerbraun wrote:
Honestly, protecting data on a laptop is very, very hard to accomplish. 

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]