[unisog] File protection in a Windows Environment
rwhalen at stmarys-ca.edu
Tue Dec 13 22:53:12 GMT 2005
Michael Holstein wrote:
>>I went to a presentation by AccessData last year where they talked about how
>>Forensic Toolkit (FTK) can break EFS so that evidence can be uncovered. It
>>appears to work without the recovery keys on pre-SP1 W2K/XP systems and
>>needing the recovery key on later system.
>EnCase boasts this ability as well.
>It seems Microsoft has designed "delibrately breakable" encryption --
>for the convenience of the end user who "looses" their keys. They might
>as well just have offered the (default) option of :
>"store backup copy of data in unencrypted form for ease of recovery in
>the event of lost encryption keys".
>Microsoft's EFS is a convenient way to centralize management of
>encrypted storage if all you need to do is say "we encrypt it" (eg:
>HIPPA, et.al). If you *really* need to encrypt it so it can't be read if
>stolen, etc. -- then I'd suggest selecting something else.
>My $0.01851 (8% Ohio tax applied).
>Michael Holstein CISSP GCIA
>Cleveland State University
>unisog mailing list
>unisog at lists.sans.org
There can be gotchas with third party products. I used Cryptainer to set
up an encrypted share for use by multiple users and when the cryptainer
is shut down it deletes the share- very secure, but not practical.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the unisog