Hatus 1 Posted January 20, 2020 Share Posted January 20, 2020 Is eset sysrescue able to scan password protected windows devices? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted January 20, 2020 Administrators Share Posted January 20, 2020 It could be possible, e.g. if you have the drive encrypted with Bitlocker you could install Dislocker: https://superuser.com/questions/376533/how-to-access-a-bitlocker-encrypted-drive-in-linux Link to comment Share on other sites More sharing options...
Hatus 1 Posted January 20, 2020 Author Share Posted January 20, 2020 In other words, it can scan password protected devices if they're not encripted? I'm using Windows 10. Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 20, 2020 Share Posted January 20, 2020 password protected windows devices 47 minutes ago, Hatus said: In other words, it can scan password protected devices if they're not encripted? I'm using Windows 10. Clarify what you mean by "password protected windows devices." If you are referring Win logon password, that is N/A. The SysRescue boot-able media uses the Linux kernel. In other words, it is running Eset under the Linux OS to scan your device. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted January 22, 2020 Most Valued Members Share Posted January 22, 2020 On 1/20/2020 at 10:18 PM, Hatus said: In other words, it can scan password protected devices if they're not encripted? I'm using Windows 10. If you only protect your Windows by a password , then you can boot a live Linux and then access whatever files you were looking for, same as Sys Rescue which is Linux and should be able to access the files without the need for your password You would need a password only if you have encrypted your computer using Bitlocker , if you don't know what I am talking about then it's probably you only have a Windows password which can be bypassed through a Linux live CD or the SysRescue image. Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 22, 2020 Share Posted January 22, 2020 59 minutes ago, Rami said: You would need a password only if you have encrypted your computer using Bitlocker , You cannot decrypt files encrypted by either EFS or BitLocker outside of the Windows OS environment. The Windows OS in some form has to be used as noted here: https://jessehouwing.net/decrypt-bitlocker-os-drive-of-corrupted-windows-installation/ So I will say any encrypted files based on the above cannot be scanned by SysRescue bootable media. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted January 22, 2020 Most Valued Members Share Posted January 22, 2020 (edited) 15 minutes ago, itman said: You cannot decrypt files encrypted by either EFS or BitLocker outside of the Windows OS environment. The Windows OS in some form has to be used as noted here: https://jessehouwing.net/decrypt-bitlocker-os-drive-of-corrupted-windows-installation/ So I will say any encrypted files based on the above cannot be scanned by SysRescue bootable media. Marcos provided something called Dislocker , it seems to be able to unlock the encryption. But thank you I never knew that it's not possible to decrypt outside of Windows OS. Edited January 22, 2020 by Rami Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 22, 2020 Share Posted January 22, 2020 17 minutes ago, Rami said: Marcos provided something called Dislocker This: https://github.com/Aorimn/dislocker , does appear to work under Linux. However, it has to be run from a Linux OS installation first. Also per the article @Marcos linked: Quote For that, you need the file on a USB key (the one with the .bek extension) or the recovery password. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted January 22, 2020 Most Valued Members Share Posted January 22, 2020 Just now, itman said: This: https://github.com/Aorimn/dislocker , does appear to work under Linux. However, it has to be run from a Linux OS installation first. Also per the article @Marcos linked: I never knew that it cannot be opened outside of Windows environment and I never knew about the Dislocker Thanks Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 22, 2020 Share Posted January 22, 2020 (edited) @Rami , a comment about this Dislocker decrypter: Quote dislocker-file: binary decrypting a BitLocker encrypted partition into a flat file. This file has to be given through command line and, once dislocker-file is finished, will be an NTFS partition. As such, it is questionable an Eset scan of this flat file or anything else for that matter is of much use. All that is contained in the file is for the most part just raw data whichout any structure to it. If Eset was to find anything in this flat file, I assume all it would do is quarantine the entire file. Edited January 22, 2020 by itman Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted January 23, 2020 Most Valued Members Share Posted January 23, 2020 12 hours ago, itman said: @Rami , a comment about this Dislocker decrypter: As such, it is questionable an Eset scan of this flat file or anything else for that matter is of much use. All that is contained in the file is for the most part just raw data whichout any structure to it. If Eset was to find anything in this flat file, I assume all it would do is quarantine the entire file. But it isn't possible to wait for the decryption to finish and then have an NTFS partition? Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 23, 2020 Share Posted January 23, 2020 (edited) 6 hours ago, Rami said: But it isn't possible to wait for the decryption to finish and then have an NTFS partition? I assume that the directory structure in the Dislocker created NTFS partition will not be the same as in Windows; or missing entirely. Again, just one big flat file in that partition. I might be wrong. You would have to test to verify what actually is created. Edited January 23, 2020 by itman Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted January 23, 2020 Most Valued Members Share Posted January 23, 2020 3 minutes ago, itman said: I assume that the directory structure in the Dislocker created NTFS partition will not be the same as in Windows; or missing entirely. Again, just one big flat file in that partition. I might be wrong. You would have to test to verify what actually is created. It was a general question , I'd rather not scratch my head with this , I will stay with my linux I don't want to touch Microsoft other than for gaming Link to comment Share on other sites More sharing options...
Hatus 1 Posted January 26, 2020 Author Share Posted January 26, 2020 Thanks for all the replies, it was really just about windows logon that I was asking about. However knowing about all this sure was interesting. Nightowl 1 Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted January 26, 2020 Most Valued Members Share Posted January 26, 2020 2 hours ago, Hatus said: Thanks for all the replies, it was really just about windows logon that I was asking about. However knowing about all this sure was interesting. Then a Live Linux CD/USB like Ubuntu , will be able to get you to Windows files without a password. Link to comment Share on other sites More sharing options...
Recommended Posts