TYPES OF OPERATIONS
Logicube Forensic Falcon™ User’s Manual 98
can be checked by going to System
Settings and looking at the User
Profiles/Configurations tab. INITIAL.DB
should have an asterisk next to it (as
seen below).
6.0.11.3 Encryption Settings
The Falcon allows imaging drives onto a Destination where the
data on the Destination drive is encrypted. Destination drives
that are encrypted by the Falcon can be decrypted by using the
Falcon or third party software (TrueCrypt or FreeOTFE).
For in-depth information on encrypting and
decrypting a drive using the Falcon, or decrypting
a drive using TrueCrypt or FreeOTFE, please see
Chapter 8: Drive Encryption and Decryption.
There are 4 parameters that must be configured before
encryption can be used. These 4 parameters are necessary to
decrypt and read the Destination drive properly:
Cipher Mode – Users can choose between TC-XTS, CBC
(cbc-plain64.) or ECB (cbc-essiv:sha256) cipher modes.
Cipher – At this time, only the AES-256 cipher is
supported.
IV Generation – Unavailable when TC-XTS cipher mode
is selected. If CBC or ECB cipher mode is selected, users
can choose between PLAIN64 and ESSIV:SHA256.
Encryption (Password or Key) – Users must choose their
own encryption password/key.
There are 2 imaging modes in which encryption can be used:
Drive to File – Images the Source to any of the following
image output formats: DD, E01, and EX01. This will have
a partition level encryption where only the partition (on
the Destination or Repository) where the images are
created will be encrypted.
File to File – Image specific files (by filename, extension,
etc.). The files will be sorted by path (based on where
the file is located on the Source and each file will be
To Next Page
Loading...
Need help?
General
