F-Response and Passware, Bitlocker Access in Real-Time

Aug 19, 2010

Now this is truly remarkable.

For the last few years Passware (www.lostpassword.com) and specifically Dmitry Sumin has had a booth next to F-Response at multiple conferences, CEIC, HTCIA, etc. This year however Dmitry and I were able to finally sit down and compare notes on Passware and F-Response. Specifically we looked at Hard Drive encryption and Passware's advances with Microsoft's Bitlocker. Passware needed full physical disk access and full physical memory access to recover a Bitlocker key... Hmm, sounds like a job for F-Response!

So after giving Dmitry and team a quick demo of TACTICAL they headed back to the offices to see if it was possible to do it in real time against live F-Response disks.. Turns out it is, and it's amazingly easy!

Early this week we received a copy of Passware Forensic, we installed it, then fired up F-Response TACTICAL on a Windows 7 machine with a BitLocker-To-Go device connected. Once connected to Physical Memory and Disk it took Passware Forensic roughly 20 minutes to display the complete Bitlocker recovery key.

We've recorded the whole process and provided it as a video below.

Enjoy!

If you are interested in Passware Forensic please check out their site directly here, tell them F-Response sent you ;)

Warmest Regards,

M. Shannon, Founder

F-Response

August 19, 2010