One thought on “PointSec Decryption – A Case for Decryption of the Original”

  1. If you have proper credentials for a Pointsec encrypted drive then you can use a generic boot CD to read the contents and image the drive. I wrote up some instructions here: http://www.blackfistsecurity.com/2008/07/pointsec-for-pc-creating-boot-disk.html

    Essentially the process consists of creating a Bart or WinPE disk that has the necessary driver to read the disk. You still have to boot to the disk and authenticate, but then you pass control of the device to your CD. Since you’re booting to the CD, I don’t think this process will make a large number of changes to the contents of the disk. I haven’t tested using a tool like DD to image the disk from the PE environment, but it is worth a try. If you’re going to be performing forensic work on a lot of machines running Pointsec then this process will save you time over the full decryption process that you described above.

Comments are closed.