PC-3000 Data Extractor. Windows Bitlocker, Apple FileVault, TrueCrypt

encryptlogo

As you know there are different software that allow to encrypt users area.

Our developers proceed to research a ways for decrypt drives encrypted by software methods.

PC-3000 version 6.2.x allow to work with such encrypted drives and decrypt by special option in Data Extractor tool.

How to do it? – Welcome to this article!

In this video you can see the process of unlocking encrypted drive by BitLocker, but procedure is the same for all other supported encryption methods:

Please note that we are not break an encryption by something brute-force methods and not hack the encryption. Utility simulate a decryption process like it performed in original utility.

That’s why need to know an original key or have a key-file that encryption utilities create when user switch on the encryption  option in the software.

At this time (PC-3000 version 6.2.x) we can work with partitions are encrypted by Windows Bitlocker, Apple FileVault and TrueCrypt.

When this option can be usefull?

For example drive can’t be recognized by OS because have damaged/problem head, then you can decrypt all available users data (via alive heads) without heads swap procedure.

Another example:

Drive have a problem with the files allocation tables and as result impossible to open the Root and files structure in OS, then you can use decrypt option in Data Extractor and analyse the partition – use a Scan INDX + MFT option or RAW recovery.

The procedure is following:

Create a new task in Data extractor software and build a map of encrypted partition.

encrypt01

Add a Virtual drive. Use “Add virtual drive (Encrypted)” option.

encrypt02

You will see the pop-up window that require to enter a password. Also you can use a Recovery key or load a password from file. These two option allow to decrypt a partition by special file that is also created when encryption option is launched in encryption tool.

encrypt03

As result in Data Extractor will be created new virtual partition with decrypted users area.

encrypt04

As you can see all data are decrypted and available.

If you have something problems with this procededure – please contact us!

 

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 5.00 out of 5)
Loading...

This entry was posted in Articles, Data Extractor, PC-3000 HDD, Video. Bookmark the permalink.

7 Responses to PC-3000 Data Extractor. Windows Bitlocker, Apple FileVault, TrueCrypt

  1. Osity says:

    Does this address core storage?

  2. vario4 says:

    Thank you very much!

  3. Popica says:

    if i don’t have any password? 🙁 the customers forgot all ID and password

    • ACELab team says:

      With out original password PC-3000 can’t expand a partition.
      As wrote in this article:

      “we are not break an encryption by something brute-force methods and not hack the encryption. Utility simulate a decryption process like it performed in original utility.
      That’s why need to know an original key or have a key-file that encryption utilities create when user switch on the encryption option in the software.”

  4. antonvn says:

    Hi, I have a case now with Bitlocker, the customer gave me keys to try and it may work out fine.

    How about in forensics, we need a tool that can retrieve data without keys. I understand and respect your take on hacking and ethics, but this is an important requirement.

    I was working in IT Security before and there is a subject called ‘ethical hacking’ that we were looking into. There were employees at a bank who encrypted disks and then left the company. They said that they did not remember the keys, but the bank was in real trouble. I believe that we should be able to help them – hacking or any other way that you can come up with.

    Do not forget that many of the disks that we recover for companies have very sensitive information on them and this is not regarded to be a problem; why is breaking encryption a problem?

    Think about it and see if you can come up with a win-win solution.

    • ACELab team says:

      Hello. Such questions better to ask directly to TS department. We are not providing full recovery steps for customer problems in article comments.

Leave a Reply

Your email address will not be published. Required fields are marked *