Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Dataloss] (article) "We recovered the laptop!" ... so what?
From: Bob Dehnhardt (bob.dehnhardttrinet.com)
Date: Thu Feb 15 2007 - 18:32:16 CST
>From what I understand, BitLocker requires special hardware - either a
Trusted Platform Module on the motherboard, or a special USB device
plugged in to the system. It also requires a compliant BIOS. None of
these are particularly widespread at the moment, so I don't think
BitLocker will be in common use any time soon.
I think encryption is the second best method of protecting sensitive
info on laptops (the best is to not put it there in the first place, but
that battle was lost before it began). But if I've got your system, odds
are I also have the key (EFS stores it on the system drive, BitLocker
uses the on-board TPM or USB dongle, which would most likely be kept
with the laptop). In that case, any encryption will fail given
And encryption does not prevent the taking of a bit-level backup or
image of the drive. That's a key tool for the attacker. Once that's been
done, that can freely attack the system with whatever tools they like,
knowing that they can always restore it to a pristine condition if
things get too heavily munged. And running "strings" on a drive image is
a great way of generating a system-specific word list for dictionary
[mailto:dataloss-bouncesattrition.org] On Behalf Of Herve Roggero
Sent: Monday, February 12, 2007 5:54 AM
To: Max Hozven; sawaba; blitz
Subject: Re: [Dataloss] (article) "We recovered the laptop!" ... so
This thead is very interesting. All techniques so far deal with reading
data at a low level. Will Windows Vista prevent techniques such as
Symantec Ghost? I understand that Vista performs bit-level encryption
with its BitLocker technology.
Pyn Logic LLC
Dataloss Mailing List (datalossattrition.org)
Tracking more than 148 million compromised records in 576 incidents over 7 years.