Jump to content

Archived

This topic is now archived and is closed to further replies.

Hatus

SyS rescue security concern

Recommended Posts

Is eset sysrescue able to scan password protected windows devices?

Share this post


Link to post
Share on other sites

In other words, it can scan password protected devices if they're not encripted? I'm using Windows 10.

Share this post


Link to post
Share on other sites

password protected windows devices

47 minutes ago, Hatus said:

In other words, it can scan password protected devices if they're not encripted? I'm using Windows 10.

Clarify what you mean by "password protected windows devices." If you are referring Win logon password, that is N/A.

The SysRescue boot-able media uses the Linux kernel. In other words, it is running Eset under the Linux OS to scan your device.

Share this post


Link to post
Share on other sites
On 1/20/2020 at 10:18 PM, Hatus said:

In other words, it can scan password protected devices if they're not encripted? I'm using Windows 10.

If you only protect your Windows by a password , then you can boot a live Linux and then access whatever files you were looking for, same as Sys Rescue which is Linux and should be able to access the files without the need for your password

You would need a password only if you have encrypted your computer using Bitlocker , if you don't know what I am talking about then it's probably you only have a Windows password which can be bypassed through a Linux live CD or the SysRescue image.

Share this post


Link to post
Share on other sites
59 minutes ago, Rami said:

You would need a password only if you have encrypted your computer using Bitlocker ,

You cannot decrypt files encrypted by either EFS or BitLocker outside of the Windows OS environment. The Windows OS in some form has to be used as noted here: https://jessehouwing.net/decrypt-bitlocker-os-drive-of-corrupted-windows-installation/

So I will say any encrypted files based on the above cannot be scanned by SysRescue bootable media.

Share this post


Link to post
Share on other sites
15 minutes ago, itman said:

You cannot decrypt files encrypted by either EFS or BitLocker outside of the Windows OS environment. The Windows OS in some form has to be used as noted here: https://jessehouwing.net/decrypt-bitlocker-os-drive-of-corrupted-windows-installation/

So I will say any encrypted files based on the above cannot be scanned by SysRescue bootable media.

Marcos provided something called Dislocker , it seems to be able to unlock the encryption.

But thank you I never knew that it's not possible to decrypt outside of Windows OS.

Share this post


Link to post
Share on other sites
17 minutes ago, Rami said:

Marcos provided something called Dislocker

This: https://github.com/Aorimn/dislocker , does appear to work under Linux. However, it has to be run from a Linux OS installation first. Also per the article @Marcos linked:

Quote

For that, you need the file on a USB key (the one with the .bek extension) or the recovery password.

 

Share this post


Link to post
Share on other sites
Just now, itman said:

This: https://github.com/Aorimn/dislocker , does appear to work under Linux. However, it has to be run from a Linux OS installation first. Also per the article @Marcos linked:

 

I never knew that it cannot be opened outside of Windows environment and I never knew about the Dislocker

Thanks :)

Share this post


Link to post
Share on other sites

@Rami , a comment about this Dislocker decrypter:

Quote

dislocker-file: binary decrypting a BitLocker encrypted partition into a flat file. This file has to be given through command line and, once dislocker-file is finished, will be an NTFS partition.

As such, it is questionable an Eset scan of this flat file or anything else for that matter is of much use. All that is contained in the file is for the most part just raw data whichout any structure to it. If Eset was to find anything in this flat file, I assume all it would do is quarantine the entire file.

Share this post


Link to post
Share on other sites
12 hours ago, itman said:

@Rami , a comment about this Dislocker decrypter:

As such, it is questionable an Eset scan of this flat file or anything else for that matter is of much use. All that is contained in the file is for the most part just raw data whichout any structure to it. If Eset was to find anything in this flat file, I assume all it would do is quarantine the entire file.

But it isn't possible to wait for the decryption to finish and then have an NTFS partition?

Share this post


Link to post
Share on other sites
6 hours ago, Rami said:

But it isn't possible to wait for the decryption to finish and then have an NTFS partition?

I assume that the directory structure in the Dislocker created NTFS partition will not be the same as in Windows; or missing entirely. Again, just one big flat file in that partition.

I might be wrong. You would have to test to verify what actually is created.

Share this post


Link to post
Share on other sites
3 minutes ago, itman said:

I assume that the directory structure in the Dislocker created NTFS partition will not be the same as in Windows; or missing entirely. Again, just one big flat file in that partition.

I might be wrong. You would have to test to verify what actually is created.

It was a general question , I'd rather not scratch my head with this , I will stay with my linux I don't want to touch Microsoft other than for gaming :D

Share this post


Link to post
Share on other sites

Thanks for all the replies, it was really just about windows logon that I was asking about. However knowing about all this sure was interesting.

Share this post


Link to post
Share on other sites
2 hours ago, Hatus said:

Thanks for all the replies, it was really just about windows logon that I was asking about. However knowing about all this sure was interesting.

Then a Live Linux CD/USB like Ubuntu , will be able to get you to Windows files without a password.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...