Re: [sleuthkit-users] HD Passwords
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] HD Passwords
|
From: LERTI - D. B. <Dav...@le...> - 2006-05-18 19:43:35
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear JB, There is a long thread on the forensic focus forum (http://www.forens= icfocus.com/ got to forum Hardware->Forensic Recovery and ATA-3 'Secu= re Mode', possible?). Some people stated that you can use a particular manufacturer interfa= ce to recover the ATA password. I'm not entirely convinced but one ne= ver knows with undocumented features. I suggested a way of bypassing the password, using a second similar d= rive and hotswapping the data/command cable, but this solution has be= en rejected by people with more knowledge than myself. I wish you good luck, David. J B a =E9crit : > This is off topic, though it does pertain to forensic recovery...so= rry... > =20 > I was about to post a question about the best reference on cracking= ata > hd passwords; The best reference is google pointing to caches of > experts-exchange threads mentioning loads of possibilities, but onl= y a > couple certainties. A company called vogon has a product; rumour h= as it > it's 30.000 pounds, $50,000?=20 > =20 > http://www.vogon-forensic-hardware.co.uk/forensic-hardware/data-cap= ture/password-cracker-pod.htm > =20 > And the spec for ata3. > =20 > http://www.seagate.com/support/disc/manuals/ata/d1153r17.pdf > =20 > Some suggested swapping the pcb from the disk with another similar.= =20 > Since the drive security info is stored on a certain "track descrip= tion > area" cylinder rather than on the board (only), the board would jus= t > read that cylinder and continue securing the drive, no?. Instead, = I > would propose using a pre-ata3 board. I would guess that the probl= em is > that it may not understand the new language of the track descriptio= n > area. Consequently, the solution to the problem lies in replacing = the > pcb with a custom pcb which can control the heads and understands t= he > track description language of the (even proprietary) drive. I don't > pretend this is an original idea, but I would be interested in know= ing > what I'm missing - In short, going back to programatic control of t= he > heads. Even if it's not fast, it would be faster and cheaper than = the > electron microscope method and less invasive than any kind of custo= m > spindle/heads rig. From what I've seen, there are no chips 'after'= the > ribon cable entering the housing. If you control the heads (and sp= indle > motor), do you not control the drive? > =20 > BTW, any idea how these guys operate?=20 > http://a-ff.com/products/rrs/ > =20 > thanks. > -JB - -- LERTI - Laboratoire d'Expertise et de Recherche de Traces Informatiques http://www.lerti.fr | mobile : +41 79 746 7305 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEbM5Dv6mUNUu+e+URAtn2AJ9dBUXQiLAs8913TW1YwzZD+IeXzgCeMoaP tsi11p00JIaIInWFCmOB7yA=3D =3D1fg6 -----END PGP SIGNATURE----- |
