Guidance Software’s Tableau Unit recently released Tableau™ Password Recovery, a hardware + software solution to accelerate password attacks on protected files, disks, and other containers.
It’s always fun to play with new toys, and when the new hotness is a purpose-built, linearly scalable, password-cracking behemoth, how can one not share? I did a bit of digging while running a two-server Tableau Password Recovery setup through its paces in our labs here in Pasadena, California, and while I found many good tools and tutorials for password cracking, I found it difficult to differentiate the theoretically possible from the actually practical. Here are some thoughts from that process.
We know that our customers are concerned about the “Shellshock” BASH vulnerability and whether it affects our EnCase software, our Tableau hardware products, or any of our corporate systems. This is a legitimate concern, and because we have the utmost concern for your organizational and data security, we want to give you all the information you need regarding it. Below we address one by one the key areas that you may be wondering about.
It’s fast, it's fourth-generation, and it’s a forensic investigator’s dream come true: We’re talking about the brand new Tableau TD2u forensic duplicator, which can image at speeds in excess of 15 gigabytes per minute while concurrently generating MD5 and SHA-1 hashes.
Self-encrypting drives represent a very specific problem for digital investigators. The direction of technology is clear: within the next few years, strong encryption will be baked into the silicon of every hard drive from every major manufacturer. Self-encrypting drives (SED) offer greater data security than traditional full-disk encryption in that the data stored is always encrypted at rest and the keys to decrypt the data never leave the device, which means they cannot be practically brute-forced through traditional means.
SEDs render “cold boot” and “evil maid” attacks useless and offer instant encryption and crypto-erase when a drive needs to be repurposed. SEDs are very attractive, but present significant obstacles to traditional disk-based forensics. In this post, we’ll walk through how EnCase 7.10 works with WinMagic SecureDoc to enable forensic investigation of self-encrypting drives.
When Guidance Software originally released the Tableau TD3 forensic imaging system back in 2012, it was revolutionary. Forensic investigators had asked for and eagerly awaited innovations like the color touchscreen user interface, modular architecture, network imaging, and remote triage capabilities. The TD3 also supported write-blocked imaging of SATA, IDE, SAS, FireWire, USB 3.0, and iSCSI (network) storage devices. In 2013, Forensic 4Cast voters named it the Forensic Hardware Tool of the Year. Since its launch, the TD3 development team has relentlessly focused on adding new features, capabilities and options that help investigators get more work done faster, with more options. So if the last time you looked at TD3 was back in 2012, it may be time to take another look.