McAfee Endpoint Encryption
Mike McC (GM)
Mike McCauley
Certified Data Recovery Expert
UltraTech Resources
16401
Swingley Ridge Road, Suite 250
Chesterfield, MO
63017
Phone: 636-594-2004 ext 102
Adrian
On Mar 2, 7:52 am, "Mike McC \(GM\)" <stew...@gmail.com> wrote:
> Does anyone know of any software that can recover data on a drive that has McAfee Endpoint Encryption?
>
> Mike McCauley
>
> Certified Data Recovery Expert
>
> UltraTech Resources
>
> 16401 Swingley Ridge Road, Suite 250
> Chesterfield, MO 63017
>
> Phone: 636-594-2004 636-594-2004ext 102www.datarecoverystl.com
Tim Farren
Tim Farren
Farren Technology Group, Inc.
(904) 233-1982 Cell
(904) 233-5876 Office
> --
> You received this message because you are subscribed to the Google
> Groups "DataRecoveryCertification" group.
> To post to this group, send email to datarecovery...@googlegroups.com
> .
> To unsubscribe from this group, send email to datarecoverycertif...@googlegroups.com
> .
> For more options, visit this group at http://groups.google.com/group/datarecoverycertification?hl=en
> .
>
Madmex
In the idea of physical data recovery, we really don't care if the data is encrypted, decrypted, HFS, XFS, ZFS, or XYZ. Bits are bits, and recovery of the data to another disk or image file is considered successful when the transfer completes, well, successfully.
In terms of products like PointSec, McAfee Endpoint, Credant, even Microsoft EFS etc.. All of these products encrypt the data on the disk, either in whole or in part, which brings us to phase two, reading "legible" data and extracting files for the customer. Well, that's when you get into the "software translation" bit.. since you now need a utility that can read that file system, and in some cases the specific kinds of files right?
Disk encryption is the same thing.. once you recover the drive (the one's and zero's so to speak), it will be time to decrypt the data and get the files that were the end goal of the data recovery, and that person might not be you... Your goal was to just get them back a disk image they could take back to their decryption key admin.
So, based on my definitions above, I will have to respectfully disagree. DATA recovery in terms of bits is possible on an encrypted disk. FILE recovery is not, unless you have the appropriate decryption mechanism and password.
Karlo Arozqueta
Vicious Data Recovery Services
Tim Farren
Casper Madsen
--
Med venlig hilsen
Casper Madsen
Bud
disks with encryption through for recovery. As a general rule if it is
full disk encryption with preboot authentication, if you attempt to
boot to the disk and do not get a prompted to enter the user and
password for the decryption, then it is pretty much game over. This
indicates the kernel code for the Encryption software is corrupt. If
the customer created a kernel recovery disk, most of the encyption
vendors offer an emergency recovery or emergency unencrypt disk.
These all count on the encyption portion of the disk being intact, or
replacing that code with teh backup specific for that disk.
> >>>> <http://102www.datarecoverystl.com>102www.datarecoverystl.com
>
> >>> --
> >>> You received this message because you are subscribed to the Google Groups
> >>> "DataRecoveryCertification" group.
> >>> To post to this group, send email to
> >>> <datarecovery...@googlegroups.com>
> >>> datarecovery...@googlegroups.com.
> >>> To unsubscribe from this group, send email to
> >>> <datarecoverycertification%2Bunsu...@googlegroups.com>
> >>> datarecoverycertif...@googlegroups.com.
> >>> For more options, visit this group at
> >>> <http://groups.google.com/group/datarecoverycertification?hl=en>
> >>>http://groups.google.com/group/datarecoverycertification?hl=en.
>
> >> --
> >> You received this message because you are subscribed to the Google Groups
> >> "DataRecoveryCertification" group.
> >> To post to this group, send email to
> >> <datarecovery...@googlegroups.com>
> >> datarecovery...@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> <datarecoverycertification%2Bunsu...@googlegroups.com>
> >> datarecoverycertif...@googlegroups.com.
> >> For more options, visit this group at
> >> <http://groups.google.com/group/datarecoverycertification?hl=en>
> >>http://groups.google.com/group/datarecoverycertification?hl=en.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "DataRecoveryCertification" group.
> > To post to this group, send email to
> > datarecovery...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > datarecoverycertif...@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/datarecoverycertification?hl=en.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "DataRecoveryCertification" group.
> > To post to this group, send email to
> > datarecovery...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > datarecoverycertif...@googlegroups.com<datarecoverycertification%2Bunsu...@googlegroups.com>
Mike McC (GM)
That explained a lot. Good stuff to know.
mike
--------------------------------------------------
From: "Bud" <b...@reclamere.com>
Sent: Thursday, March 04, 2010 8:37 AM
To: "DataRecoveryCertification" <datarecovery...@googlegroups.com>
Subject: Re: McAfee Endpoint Encryption
Jim Murray
Kidd - The Fool's Run - John Sandford
Bud
is not supported. http://www.encaseenterprise.com/products/ef_modules.asp
We have used it on Utimaco/Sophos and PCGuardian/GuardianEdge but
never on McAfee.
The module manual does list McAfee safeboot as supported - which isn't
mentioned in the Matrix or the page above... good marketing!
I have a McAfee Endpoint encrypted drive in for a customer right now,
so I may have to try it again to test it once more. Normally for this
curomer we just recover the encrypted drive and return to them for
decryption.
> > > >>> <datarecoverycertification%2Bunsu...@googlegroups.com<datarecoverycertification%252Buns...@googlegroups.com>
>
> > > >>> datarecoverycertif...@googlegroups.com<datarecoverycertification%2Bunsu...@googlegroups.com>
> > .
> > > >>> For more options, visit this group at
> > > >>> <http://groups.google.com/group/datarecoverycertification?hl=en>
> > > >>>http://groups.google.com/group/datarecoverycertification?hl=en.
>
> > > >> --
> > > >> You received this message because you are subscribed to the Google
> > Groups
> > > >> "DataRecoveryCertification" group.
> > > >> To post to this group, send email to
> > > >> <datarecovery...@googlegroups.com>
> > > >> datarecovery...@googlegroups.com.
> > > >> To unsubscribe from this group, send email to
> > > >> <datarecoverycertification%2Bunsu...@googlegroups.com<datarecoverycertification%252Buns...@googlegroups.com>
>
> > > >> datarecoverycertif...@googlegroups.com<datarecoverycertification%2Bunsu...@googlegroups.com>
> > .
> > > >> For more options, visit this group at
> > > >> <http://groups.google.com/group/datarecoverycertification?hl=en>
> > > >>http://groups.google.com/group/datarecoverycertification?hl=en.
>
> > > > --
> > > > You received this message because you are subscribed to the Google
> > Groups
> > > > "DataRecoveryCertification" group.
> > > > To post to this group, send email to
> > > > datarecovery...@googlegroups.com.
> > > > To unsubscribe from this group, send email to
> > > > datarecoverycertif...@googlegroups.com<datarecoverycertification%2Bunsu...@googlegroups.com>
> > .
> > > > For more options, visit this group at
> > > >http://groups.google.com/group/datarecoverycertification?hl=en.
>
> > > > --
> > > > You received this message because you are subscribed to the Google
> > Groups
> > > > "DataRecoveryCertification" group.
> > > > To post to this group, send email to
> > > > datarecovery...@googlegroups.com.
> > > > To unsubscribe from this group, send email to
> > > > datarecoverycertif...@googlegroups.com<datarecoverycertification%2Bunsu...@googlegroups.com>
> > <datarecoverycertification%2Bunsu...@googlegroups.com<datarecoverycertification%252Buns...@googlegroups.com>
>
> > > > .
> > > > For more options, visit this group at
> > > >http://groups.google.com/group/datarecoverycertification?hl=en.
>
> > > --
> > > Med venlig hilsen
> > > Casper Madsen
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "DataRecoveryCertification" group.
> > To post to this group, send email to
> > datarecovery...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > datarecoverycertif...@googlegroups.com<datarecoverycertification%2Bunsu...@googlegroups.com>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/datarecoverycertification?hl=en.
>
> --
Jim Murray
To unsubscribe from this group, send email to datarecoverycertif...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/datarecoverycertification?hl=en.