Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 3312 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unencrypt off of network

jontan8181

Guys,

Is there a way to unencrypt a drive without having it sync with the Safeguard server? We have 2 drives with boot volume viruses that need to be unencrypted so our Network Security department can examine the drives. Is there a way to unencrypt those two drives without exposing them to our network and risking the virus spreading?

Thanks,

Jontan8181

:1024


This thread was automatically locked due to age.
Parents
  • 0
    Just a suggestion: Of course the network department has SafeGuard Enterprise on their machines as well. Assign the key(s) belonging to the machine(s) where the drives came from to one or more of their users (or their whole OU), and make sure those keys end up in their key ring. Then disconnect a machine where those keys were already synced to from the network. Log on as one of the users with these keys, and slave the disk over a USB connection. The disk can be accessed transparantly (as if it weren't encrypted). Depending on how and where the contamination took place it might be totally unnecessary to access the drives this way, by the way. If the contamination was caused by booting with a contaminated boot medium they can inspect the MBR right away, no need to decrypt.
    :1026

    “First things first, but not necessarily in that order” – Doctor Who

Reply
  • 0
    Just a suggestion: Of course the network department has SafeGuard Enterprise on their machines as well. Assign the key(s) belonging to the machine(s) where the drives came from to one or more of their users (or their whole OU), and make sure those keys end up in their key ring. Then disconnect a machine where those keys were already synced to from the network. Log on as one of the users with these keys, and slave the disk over a USB connection. The disk can be accessed transparantly (as if it weren't encrypted). Depending on how and where the contamination took place it might be totally unnecessary to access the drives this way, by the way. If the contamination was caused by booting with a contaminated boot medium they can inspect the MBR right away, no need to decrypt.
    :1026

    “First things first, but not necessarily in that order” – Doctor Who

Children
No Data
Unfiltered HTML