[unisog] File protection in a Windows Environment
michael.holstein at csuohio.edu
Mon Dec 12 15:58:04 GMT 2005
> I went to a presentation by AccessData last year where they talked about how
> Forensic Toolkit (FTK) can break EFS so that evidence can be uncovered. It
> appears to work without the recovery keys on pre-SP1 W2K/XP systems and
> needing the recovery key on later system.
EnCase boasts this ability as well.
It seems Microsoft has designed "delibrately breakable" encryption --
for the convenience of the end user who "looses" their keys. They might
as well just have offered the (default) option of :
"store backup copy of data in unencrypted form for ease of recovery in
the event of lost encryption keys".
Microsoft's EFS is a convenient way to centralize management of
encrypted storage if all you need to do is say "we encrypt it" (eg:
HIPPA, et.al). If you *really* need to encrypt it so it can't be read if
stolen, etc. -- then I'd suggest selecting something else.
My $0.01851 (8% Ohio tax applied).
Michael Holstein CISSP GCIA
Cleveland State University
More information about the unisog