Case Study: Overcoming EFS Encryption Without Original Hardware
Originally published by Police Technical magazine, this technical case study outlines how the Alaska Bureau of Investigation successfully bypassed Microsoft Encrypted File System (EFS) protection during a felony investigation into the exploitation of a minor. When standard forensic tools like FTK and PRTK failed to decrypt evidence located on a loose "suspect drive" separate from the original operating system, the investigators...