Difference between pages "Blogs" and "Hard Drive Passwords"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Forensic Blogs)
 
(more info)
 
Line 1: Line 1:
[[Computer forensics]] related '''blogs'''.
+
Some hard drives support passwords. These passwords can be implemented in computer's operating system, its BIOS, or even in the hard drive's firmware.  Passwords implemented in the OS are the easiest to remove, those in the firmware are the hardest.  
  
= English-Language Blogs =
+
Sometimes people use the term "password" but the hard drive is really [[Full Disk Encryption|encrypted]], and the password is used to unlock a decryption key. These passwords cannot be removed — the encryption key must be cracked or discovered through another means.
  
== Forensic Blogs ==
+
=Vendors=
 +
* Disklabs (www.disklabs.com) is able to remove some forms of hard drive passwords.
  
* [http://computer.forensikblog.de/en/ Andreas Schuster - Computer Forensics Blog]
+
* Dell will assist law enforcement in removing the passwords from password-protected hard drives. You need to provide Dell with a copy of the search warrant and the computer's service tag #. Reportedly this can be done over the phone, once you have a good relationship with Dell.
* [http://www.niiconsulting.com/checkmate/ Checkmate - e-zine on Digital Forensics and Incident Response]
+
* [http://www.infosecinstitute.com/blog/ethical_hacking_computer_forensics.html Jack Koziol - Ethical Hacking and Computer Forensics]
+
* [http://windowsir.blogspot.com/ Windows Incident Response Blog] by [[Harlan Carvey]]
+
* [http://geschonneck.com/ Alexander Geschonneck - Computer Forensics Blog]
+
* [http://forensicblog.org/ Michael Murr - Computer Forensics Blog]
+
* [http://forenshick.blogspot.com/ Jordan Farr - Forensic news, Technology, TV, and more]
+
* [http://unixsadm.blogspot.com/ Criveti Mihai - UNIX, OpenVMS and Windows System Administration, Digital Forensics, High Performance Computing, Clustering and Distributed Systems]
+
* [http://intrusions.blogspot.com/ Various Authors - Intrusions and Malware Analysis]
+
* [http://chicago-ediscovery.com/education/computer-forensics-glossary/ Andrew Hoog - Computer Forensic Glossary Blog, HOWTOs and other resources]
+
* [http://secureartisan.wordpress.com/ Paul Bobby - Digital Forensics with a Focus on EnCase]
+
* [http://www.crimemuseum.org/blog/ National Museum of Crime and Punishment-CSI/Forensics Blog]
+
* [http://forensicsfromthesausagefactory.blogspot.com/ Forensics from the sausage factory]
+
* [http://integriography.wordpress.com Computer Forensics Blog by David Kovar]
+
* [[Jesse Kornblum]] - [http://jessekornblum.livejournal.com/ A Geek Raised by Wolves]
+
* [http://computer-forensics.sans.org/blog SANS Computer Forensics and Incident Response Blog by SANS Institute]
+
  
== Related Blogs ==
+
* [http://www.hdd.profesjonalnie.pl/to.php Seagate HDD Service Device for 2,5" drives BASIC Kit]: The tool works with 2,5" drives of Seagate. Main functionality - ATA PASSWORD removal from 2,5" drives.
  
* [http://www.c64allstars.de C64Allstars Blog]
+
* [http://www.acelaboratory.com/pc3000.htm PC-3000 for Windows] has "An opportunity to unlock USER and MASTER passwords used in a HDD".
* [http://www.emergentchaos.com/ Adam Shostack - Emergent Chaos]
+
* [http://jeffjonas.typepad.com/ Jeff Jonas - Inventor of NORA discusses privacy and all things digital]
+
* [http://www.cs.uno.edu/~golden/weblog Digital Forensics, Coffee, Benevolent Hacking] - Written by [[Golden G. Richard III]]
+
  
= Non-English Language =
+
* [http://www.hdd-tools.com/products/rrs/ With Repair Station you can remove an unknown ATA-password; both security levels are supported: High and Maximum]
  
=== Dutch ===
+
* [http://www.vogon-investigation.com/password-cracker-solution.htm Using the Vogon Password Cracker POD, the protection from the drive can be removed]
 
+
* [http://stam.blogs.com/8bits/ 8 bits] by Mark Stam ([http://translate.google.com/translate?u=http%3A%2F%2Fstam.blogs.com%2F8bits%2Fforensisch%2Findex.html&langpair=nl%7Cen&hl=en&ie=UTF-8 Google translation])
+
 
+
=== French ===
+
 
+
* [http://forensics-dev.blogspot.com Forensics-dev] ([http://translate.google.com/translate?u=http%3A%2F%2Fforensics-dev.blogspot.com%2F&langpair=fr%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
 
+
=== German ===
+
 
+
* [http://computer.forensikblog.de/ Andreas Schuster - Computer Forensik Blog Gesamtausgabe] ([http://computer.forensikblog.de/en/ English version])
+
* [http://computer-forensik.org Alexander Geschonneck - computer-forensik.org] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.computer-forensik.org&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [http://henrikbecker.blogspot.com Henrik Becker - Digitale Beweisführung] ([http://translate.google.com/translate?u=http%3A%2F%2Fhenrikbecker.blogspot.com&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
 
+
=== Spanish ===
+
 
+
* [http://www.forensic-es.org/blog forensic-es.org] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.forensic-es.org%2Fblog&langpair=es%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [http://www.inforenses.com Javier Pages - InForenseS] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.inforenses.com&langpair=es%7Cen&hl=es&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [http://windowstips.wordpress.com El diario de Juanito]
+
* [http://conexioninversa.blogspot.com Conexión inversa]
+
 
+
=== Russian ===
+
 
+
* Group-IB: [http://notheft.ru/blogs/group-ib blog at notheft.ru], [http://www.securitylab.ru/blog/company/group-ib/ blog at securitylab.ru]
+

Revision as of 08:26, 14 December 2008

Some hard drives support passwords. These passwords can be implemented in computer's operating system, its BIOS, or even in the hard drive's firmware. Passwords implemented in the OS are the easiest to remove, those in the firmware are the hardest.

Sometimes people use the term "password" but the hard drive is really encrypted, and the password is used to unlock a decryption key. These passwords cannot be removed — the encryption key must be cracked or discovered through another means.

Vendors

  • Disklabs (www.disklabs.com) is able to remove some forms of hard drive passwords.
  • Dell will assist law enforcement in removing the passwords from password-protected hard drives. You need to provide Dell with a copy of the search warrant and the computer's service tag #. Reportedly this can be done over the phone, once you have a good relationship with Dell.