5 Responsesso far.

  1. […] This post was mentioned on Twitter by sansforensics, Forensic 4cast. Forensic 4cast said: New Forensic 4cast now available with show notes. Episode 25 – The Little iPhone Worm That Could. http://bit.ly/8u9Eiq […]

  2. Disklabs says:

    I heard that at the MTEB conference…

    Someone was incredibly political…

    At one point, I was told it was like sharks circling a drowning swimmer….

    Very interesting dont you think?

    Simon

  3. […] This post was Twitted by sansforensics […]

  4. Jon Evans says:

    Regarding bitlocker.

    Yes it is possible to use bitlocker without TPM. To setup bitlocker without TPM requires some additional steps on the part of the user. TPM provides added protection during the boot process, several layers of protection are added to prevent tampering during the boot process. Even without TPM you can still setup bitlocker, for example in a vmware machine. Note, setting up bitlocker in vmware is discouraged by Microsoft’s licensing terms, mainly because the additional layers of protection offered by TPM are absent.

    Although bitlocker is not commonly encountered, please do not become complacent regarding it or any other Full Disk Encryption. We are likely to encounter more and more of FDE, especially on laptops/netbooks and embedded devices such as mobile phones, IMHO.

    I would encourage people to become familiar with Bitlocker and other FDE methods, use vmware to research techniques on how best to deal with these etc. All the more reason to consider an appropriate live forensic response with suitable tools and techniques.

    Jon Evans.

  5. Ron from Forensource says:

    Another great podcast, most definitely worth $3. The new guy did a great job, but his accent is hard to understand. Is he from Merseyside?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.