3.3.5 Encryption unlock
TX1 can unlock drives/volumes that have been encrypted with APFS, BitLocker, and
Opal. APFS encryption support is limited to source drives, but BitLocker and Opal
encrypted media can be unlocked regardless of which port they are connected to.
Note that this section is specific to non-Tableau encryption, mainly because none of
these encryption types can be formatted directly on TX1. See the “Tableau
encryption management” on page 55 media utility for details on usage of that
method of encryption.
Whether dealing with APFS, BitLocker, or Opal encryption on a given drive/volume,
the same Encryption Unlock media utility is used to unlock it. A pulldown field at
the top of the Encryption Unlock screen lists all the detected encrypted types on a
given drive, whether they be at the whole disk or volume level. Simply select the
encrypted entity you want to unlock, enter the password (or BitLocker recovery
key), and then tap the Unlock button to begin the encryption unlocking process. If
successful, the progress bar will turn green. Close the Encryption Unlock screen to
access the other TX1 functions with the now unlocked drive/volume. Once unlocked,
each drive/volume can be used with any supported operations including browsing,
imaging (physical or logical), and any applicable media utilities.
While unlocking APFS, BitLocker, and Opal encryption is simple and done using the
same Encryption Unlock media utility, there are some notable differences in how
TX1 handles these types of encryption that warrant special consideration, as covered
in the sub-sections below.
3.3.5.1 Opal encryption
Opal Self Encrypting Drives (SEDs) that have had their encryption enabled in a
Linux environment can be unlocked by TX1, as described in the beginning of
Encryption unlock above. The presence of Opal encryption is noted in any area of
the user interface that shows information about the attached drive, including drive
tiles (which show in numerous locations), the Drive Details screen, and the Content
Breakdown screen.
A locked Opal drive exposes no useful forensic information to TX1. The only options
available for such media are ejection and unlocking. An unlocked Opal drive will
appear as an unencrypted drive to the system and be usable for all supported
forensic functions.
Note: The Opal standard does not specify an algorithm for generating a lock
key from a plain text password. TX1 uses the Linux SEDUTIL function to
report information about Opal drives and unlock them. This function uses an
Opal-specific key generation algorithm as defined by the Trusted Computing
Group. Other systems exist for enabling encryption on Opal drives (for
example, BitLocker) which may employ a key derivation algorithm other than
what the SEDUTIL function uses. Attempting to use a known password for
such drives using TX1 will result in failed unlock attempts. Please contact
OpenText Customer Support if you suspect you have run into such a situation.
Chapter 3 Configuring TX1
56
OpenText™ Tableau™ Forensic TX1 Imager
ISTX240300-UGD-EN-1
To Next Page
Loading...
