Jump to content

Recommended Posts

Posted

Is eset sysrescue able to scan password protected windows devices?

Posted

In other words, it can scan password protected devices if they're not encripted? I'm using Windows 10.

Posted

password protected windows devices

47 minutes ago, Hatus said:

In other words, it can scan password protected devices if they're not encripted? I'm using Windows 10.

Clarify what you mean by "password protected windows devices." If you are referring Win logon password, that is N/A.

The SysRescue boot-able media uses the Linux kernel. In other words, it is running Eset under the Linux OS to scan your device.

  • Most Valued Members
Posted
On 1/20/2020 at 10:18 PM, Hatus said:

In other words, it can scan password protected devices if they're not encripted? I'm using Windows 10.

If you only protect your Windows by a password , then you can boot a live Linux and then access whatever files you were looking for, same as Sys Rescue which is Linux and should be able to access the files without the need for your password

You would need a password only if you have encrypted your computer using Bitlocker , if you don't know what I am talking about then it's probably you only have a Windows password which can be bypassed through a Linux live CD or the SysRescue image.

Posted
59 minutes ago, Rami said:

You would need a password only if you have encrypted your computer using Bitlocker ,

You cannot decrypt files encrypted by either EFS or BitLocker outside of the Windows OS environment. The Windows OS in some form has to be used as noted here: https://jessehouwing.net/decrypt-bitlocker-os-drive-of-corrupted-windows-installation/

So I will say any encrypted files based on the above cannot be scanned by SysRescue bootable media.

  • Most Valued Members
Posted (edited)
15 minutes ago, itman said:

You cannot decrypt files encrypted by either EFS or BitLocker outside of the Windows OS environment. The Windows OS in some form has to be used as noted here: https://jessehouwing.net/decrypt-bitlocker-os-drive-of-corrupted-windows-installation/

So I will say any encrypted files based on the above cannot be scanned by SysRescue bootable media.

Marcos provided something called Dislocker , it seems to be able to unlock the encryption.

But thank you I never knew that it's not possible to decrypt outside of Windows OS.

Edited by Rami
Posted
17 minutes ago, Rami said:

Marcos provided something called Dislocker

This: https://github.com/Aorimn/dislocker , does appear to work under Linux. However, it has to be run from a Linux OS installation first. Also per the article @Marcos linked:

Quote

For that, you need the file on a USB key (the one with the .bek extension) or the recovery password.

 

  • Most Valued Members
Posted
Just now, itman said:

This: https://github.com/Aorimn/dislocker , does appear to work under Linux. However, it has to be run from a Linux OS installation first. Also per the article @Marcos linked:

 

I never knew that it cannot be opened outside of Windows environment and I never knew about the Dislocker

Thanks :)

Posted (edited)

@Rami , a comment about this Dislocker decrypter:

Quote

dislocker-file: binary decrypting a BitLocker encrypted partition into a flat file. This file has to be given through command line and, once dislocker-file is finished, will be an NTFS partition.

As such, it is questionable an Eset scan of this flat file or anything else for that matter is of much use. All that is contained in the file is for the most part just raw data whichout any structure to it. If Eset was to find anything in this flat file, I assume all it would do is quarantine the entire file.

Edited by itman
  • Most Valued Members
Posted
12 hours ago, itman said:

@Rami , a comment about this Dislocker decrypter:

As such, it is questionable an Eset scan of this flat file or anything else for that matter is of much use. All that is contained in the file is for the most part just raw data whichout any structure to it. If Eset was to find anything in this flat file, I assume all it would do is quarantine the entire file.

But it isn't possible to wait for the decryption to finish and then have an NTFS partition?

Posted (edited)
6 hours ago, Rami said:

But it isn't possible to wait for the decryption to finish and then have an NTFS partition?

I assume that the directory structure in the Dislocker created NTFS partition will not be the same as in Windows; or missing entirely. Again, just one big flat file in that partition.

I might be wrong. You would have to test to verify what actually is created.

Edited by itman
  • Most Valued Members
Posted
3 minutes ago, itman said:

I assume that the directory structure in the Dislocker created NTFS partition will not be the same as in Windows; or missing entirely. Again, just one big flat file in that partition.

I might be wrong. You would have to test to verify what actually is created.

It was a general question , I'd rather not scratch my head with this , I will stay with my linux I don't want to touch Microsoft other than for gaming :D

Posted

Thanks for all the replies, it was really just about windows logon that I was asking about. However knowing about all this sure was interesting.

  • Most Valued Members
Posted
2 hours ago, Hatus said:

Thanks for all the replies, it was really just about windows logon that I was asking about. However knowing about all this sure was interesting.

Then a Live Linux CD/USB like Ubuntu , will be able to get you to Windows files without a password.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...