HX Secure – Encrypted Mobile Drive User Manual
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Security Analysis and Decryption of Lion Full Disk Encryption
Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption Omar Choudary Felix Grobert¨ ∗ Joachim Metz ∗ University of Cambridge [email protected] [email protected] [email protected] Abstract 1 Introduction Since the launch of Mac OS X 10.7, also known as Lion, With the launch of Mac OS X 10.7 (Lion), Apple has Apple includes a volume encryption software named introduced a volume encryption mechanism known as FileVault 2 [8] in their operating system. While the pre- FileVault 2. Apple only disclosed marketing aspects of vious version of FileVault (introduced with Mac OS X the closed-source software, e.g. its use of the AES-XTS 10.3) only encrypted the home folder, FileVault 2 can en- tweakable encryption, but a publicly available security crypt the entire volume containing the operating system evaluation and detailed description was unavailable until (this is commonly referred to as full disk encryption). now. This has two major implications: first, there is now a new functional layer between the encrypted volume and We have performed an extensive analysis of the original file system (typically a version of HFS Plus). FileVault 2 and we have been able to find all the This new functional layer is actually a full volume man- algorithms and parameters needed to successfully read ager which Apple called CoreStorage [10] Although this an encrypted volume. This allows us to perform forensic full volume manager could be used for more than volume investigations on encrypted volumes using our own encryption (e.g. mirroring, snapshots or online storage tools. -
Blacklight 10.2
BlackLight 10.2 Release Notes October 30, 2020 Thank you for using BlackBag Technologies products. The Release Notes for this version include important information about new features and improvements made to BlackLight. In addition, this document contains known limitations, supported versions, and updated system requirements. While this information is complete at time of release, it is subject to change without notice and is provided for informational purposes only. Summary To enhance our forensic analysis tool, BlackLight 10.2 includes these new or improved features. • Timeline • Optical character recognition • Tagging improvements • Ingest additional Cellebrite mobile extractions • A first look at Activity Correlation for Windows Features Timeline The new Timeline view lets you access more information from one place. It responds quickly, even with many items in a case file, and it is cleaner and easier to navigate than the previous version. Timeline view allows you to easily focus on all activity during a time period you specify. You can see and sort by all timestamps for each artifact in the Timeline view. You can also see the file path, so you can easily view the file in the File Browser view and investigate further. You can tag items in the Timeline view just as you would in other views within BlackLight. Optical Character Recognition This release introduces the ability to process image (picture) based files for text. Optical character recognition (OCR) converts text detected in the image into plain text which can be indexed and then searched. This process is limited to these image types. .pdf, .tiff, .bmp, .png, .jpg, and .gif You can run OCR processing in three ways. -
Windows in Concurrent PC
Using Concurrent PC DOS OTHER BOOKS BY THE AUTHOR Microcomputer Operating Systems (1982) The Byte Guide to CP/M-86 (1984) Using Concurrent PC DOS Mark Dahmke McGraw-Hili Book Company New York St. Louis San Francisco Auckland Bogota Hamburg Johannesburg London Madrid Mexico Montreal New Delhi Panama Paris Sao Paulo Singapore Sydney Tokyo Toronto Library of Congress Cataloging-in-Publication Data Dahmke, Mark. U sing Concurrent PC DOS. Bibliography: p. Includes index. 1. Concurrent PC DOS (Computer operation system) 1. Title. QA76.76.063D34 1986 005.4' 469 85-15473 ISBN 0-07-015073-7 Copyright © 1986 by McGraw-Hili, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a data base or retrieval system, without the prior written permission of the publisher. 1234567890 DOC/DOC 893210876 ISBN 0-07-015073-7 The editors for this book were Steven Guty and Vivian Koenig, the designer was Naomi Auerbach, and the production supervisor was Teresa F. Leaden. It was set in Century Schoolbook by Byrd Data Imaging. Printed and bound by R. R. Donnelley & Sons Company. To my sister Patricia Contents Chapter 1. Introduction 1 What Is Concurrent PC DOS? 1 What Is an Operating System? 1 The DOS Family Tree 3 The Scope of This Book 5 Chapter 2. Concurrent PC DOS Compatibility 6 Concurrent PC DOS Compatibility 6 PC·DOS, TopView, and the IBM PC AT 7 Concurrent CP/M·86 9 Chapter 3. -
Read Before You Install Mac OS X
Read Before You Install Mac OS X This document provides important information about installing Mac OS X that isn’t in the Welcome to Mac OS X book. Read this document before you install Mac OS X to learn about supported computers, system requirements, and known issues. For more information about Mac OS X, visit this Apple Web site: m www.apple.com/macos/ For the latest information about this release of Mac OS X, open Mac Help and click the More link under News. For information about the support available for this product, see the AppleCare Software Services and Support Guide included with Mac OS X. Supported computers You can install this version of Mac OS X on any of the following computers: m Power Mac G4 m Power Macintosh G3 m PowerBook G4 m PowerBook G3 (except the original PowerBook G3) m iMac m iBook System requirements Your computer must have m at least 128 MB of RAM m a built-in display or a display connected to an Apple-supplied video card m at least 1.5 GB of disk space available 1 Starting installation To start installing Mac OS X, double-click the Install Mac OS X icon. In Mac OS 9 In Mac OS X If the Installer does not open, insert the CD and restart your computer while holding down the C key. If the Installer still does not open, try selecting the Install Mac OS X CD as your startup disk by using Startup Disk preferences (if you are using Mac OS X) or the Startup Disk control panel (if you are using Mac OS 9). -
Apple File System Reference
Apple File System Reference Developer Contents About Apple File System 7 General-Purpose Types 9 paddr_t .................................................. 9 prange_t ................................................. 9 uuid_t ................................................... 9 Objects 10 obj_phys_t ................................................ 10 Supporting Data Types ........................................... 11 Object Identifier Constants ......................................... 12 Object Type Masks ............................................. 13 Object Types ................................................ 14 Object Type Flags .............................................. 20 EFI Jumpstart 22 Booting from an Apple File System Partition ................................. 22 nx_efi_jumpstart_t ........................................... 24 Partition UUIDs ............................................... 25 Container 26 Mounting an Apple File System Partition ................................... 26 nx_superblock_t ............................................. 27 Container Flags ............................................... 36 Optional Container Feature Flags ...................................... 37 Read-Only Compatible Container Feature Flags ............................... 38 Incompatible Container Feature Flags .................................... 38 Block and Container Sizes .......................................... 39 nx_counter_id_t ............................................. 39 checkpoint_mapping_t ........................................ -
Dell Encryption Enterprise for Mac Administrator Guide V10.9
Dell Encryption Enterprise for Mac Administrator Guide v10.9 March 2021 Rev. A02 Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2012-2021 Dell Inc. All rights reserved. Registered trademarks and trademarks used in the Dell Encryption and Endpoint Security Suite Enterprise suite of documents: Dell™ and the Dell logo, Dell Precision™, OptiPlex™, ControlVault™, Latitude™, XPS®, and KACE™ are trademarks of Dell Inc. Cylance®, CylancePROTECT, and the Cylance logo are registered trademarks of Cylance, Inc. in the U.S. and other countries. McAfee® and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. in the US and other countries. Intel®, Pentium®, Intel Core Inside Duo®, Itanium®, and Xeon® are registered trademarks of Intel Corporation in the U.S. and other countries. Adobe®, Acrobat®, and Flash® are registered trademarks of Adobe Systems Incorporated. Authen tec® and Eikon® are registered trademarks of Authen tec. AMD® is a registered trademark of Advanced Micro Devices, Inc. Microsoft®, Windows®, and Windows Server®, Windows Vista®, Windows 7®, Windows 10®, Active Directory®, Access®, BitLocker®, BitLocker To Go®, Excel®, Hyper-V®, Outlook®, PowerPoint®, Word®, OneDrive®, SQL Server®, and Visual C++® are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. VMware® is a registered trademark or trademark of VMware, Inc. in the United States or other countries. -
Operating Systems Disk Management
Operating Systems Disk Management Disks, SSDs, RAID, Caching Peter R. Pietzuch [email protected] Disks have come a long way... • IBM 305 RAMAC (1956) – First commercial hard disk: 4.4MB – Footprint: 1.5 m2 – Price: $160,000 • Toshiba 0.85” disk (2005) – Capacity: 4GB – Price: <$300 1 Disk Evolution • Capacity increases exponentially – Access speeds not so much... (why?) 2 Disk Evolution http://www.anandtech.com/show/9866/hard-disk-drives-with-hamr-technology-set-to-arrive-in-2018 3 What is driving demand? Eric Brewer. https://www.usenix.org/sites/default/files/conference/protected-files/fast16_slides_brewer.pdf 4 Disk Storage Devices 5 Tracks and Cylinders Track Track Cylinder Track Track 6 Sample Disk Specification Parameter IBM 360KB Seagate floppy disk Barracuda ST3400832AS No. of cylinders 40 16,383 Tracks / cylinder 2 16 Sectors / track 9 63 Bytes / sector 512 512 Sectors / disk 720 781,422,768 Disk capacity 360KB 400GB 7 Sector Layout • Surface divided into 20 or more zones – Outer zones have more sectors per track – Ensures that sectors have same physical length – Zones hidden using virtual geometry 8 Disk Addressing • Physical hardware address: (cylinder, surface, sector) – But actual geometry complicated è hide from OS • Modern disks use logical sector addressing (or logical block addresses LBA) – Sectors numbered consecutively from 0..n – Makes disk management much easier – Helps work around BIOS limitations • Original IBM PC BIOS 8GB max • 6 bits for sector, 4 bits for head, 14 bits for cylinder 9 Disk Capacity • Disk capacity -
Paragon Ntfs for Mac Os X™
PARAGON Technologie GmbH, Systemprogrammierung Heinrich-von-Stephan-Str. 5c 79100 Freiburg, Germany Tel. +49 (0) 761 59018201 Fax +49 (0) 761 59018130 Internet www.paragon-software.com E-mail [email protected] PARAGON NTFS FOR MAC OS X™ USER MANUAL 2 CONTENTS Introduction .......................................................................................................................... 3 Features Overview ................................................................................................................. 3 Key Features ............................................................................................................................................... 3 Supported Media ........................................................................................................................................ 3 Getting Started ...................................................................................................................... 4 Distribution ................................................................................................................................................ 4 Registration ................................................................................................................................................ 4 To Register as a New User ...................................................................................................................................................... 4 To Register a New Product .................................................................................................................................................... -
Chapter 13 MAC OS X FORENSICS
Chapter 13 MAC OS X FORENSICS Philip Craiger and Paul Burke Abstract This paper describes procedures for conducting forensic examinations of Apple Maca running Mac OS X. The target disk mode is used to create a forensic duplicate of a Mac hard drive and preview it. Procedures are discussed for recovering evidence from allocated space, unallocated space, slack space and virtual memory. Furthermore, procedures are described for recovering trace evidence from Mac OS X default email, web browser and instant messaging applications, as well as evidence pertaining to commands executed from a terminal. Keywords: Macintosh computers, Mac OS X forensics 1. Introduction Since its introduction in 1984, the Apple Macintosh has an enjoyed a small, albeit vocal, user base. Nevertheless, it is surprising that very little has been published regarding forensic examinations of Macintosh computers. This paper describes procedures for conducting forensic examinations of Apple Macs running Mac OS X. Due to space limitations, certain as- sumptions are made to limit the scope of our coverage. These assump- tions are: (i) The forensic computer and the suspect's computer run version 10.4.3 of Mac OS X, the latest version as of November 2005; (ii) the suspect has not set the Open Firmware password (Open Firmware is a processor and system-independent boot firmware used by PowerPC- based Macs, analogous to the x86 PC BIOS); (iii) the suspect has not used encryption via the Mac OS X FileVault, a virtual volume encrypted with 128-bit AESj and (iv) the suspect's hard drive is formatted with the Hierarchical File System Plus , commonly referred to as HFS+, the default file system since Mac OS X's release in 2000. -
Security Analysis and Decryption of Filevault 2
Chapter 23 SECURITY ANALYSIS AND DECRYPTION OF FILEVAULT 2 Omar Choudary, Felix Grobert and Joachim Metz Abstract This paper describes the first security evaluation of FileVault 2, a vol- ume encryption mechanism that was introduced in Mac OS X 10.7 (Lion). The evaluation results include the identification of the algo- rithms and data structures needed to successfully read an encrypted volume. Based on the analysis, an open-source tool named libfvde was developed to decrypt and mount volumes encrypted with FileVault 2. The tool can be used to perform forensic investigations on FileVault 2 encrypted volumes. Additionally, the evaluation discovered that part of the user data was left unencrypted; this was subsequently fixed in the CVE-2011-3212 operating system update. Keywords: Volume encryption, full disk encryption, FileVault 2 1. Introduction The FileVault 2 volume encryption software was first included in Mac OS X version 10.7 (Lion). While the earlier version of FileVault (intro- duced in Mac OS X 10.3) only encrypts the home folder, FileVault 2 can encrypt the entire volume containing the operating system – referred to as “full disk encryption.” This has two major implications. The first is that there is a new functional layer between the encrypted volume and the original filesystem (typically a version of HFS Plus). This new functional layer is actually a full volume manager, which Apple calls CoreStorage. Although the full volume manager could be used for more than volume encryption (e.g., mirroring, snapshots and online storage migration), we do not know of any other applications. Therefore, in the rest of this paper we use the term CoreStorage to refer to the com- bination of the encrypted volume and the functional layer that links the volume to the HFS Plus filesystem. -
Acronis Diskeditor User's Guide
Acronis DiskEditor User’s Guide Acronis DiskEditor Copyright © SWsoft 2001-2002. All rights reserved. Linux is a registered trademark owned by Linus Torvalds. OS/2 is a registered trademark owned by IBM Corporation. Unix is a registered trademark owned by The Open Group. Windows is a registered trademark owned by Microsoft Corporation. All other mentioned trademarks may be registered trademarks of their respective owners. Distribution of materials from this Guide, both in original and/or edited form, is forbidden unless a special written permission is obtained directly from it’s au- thor. THIS DOCUMENTATION IS PROVIDED «AS IS». THERE ARE NO EXPLICIT OR IMPLIED OBLIGATIONS, CONFIRMATIONS OR WARRANTIES, INCLUDING THOSE RELATED TO SOFTWARE MARKETABILITY AND SUITABILITY FOR ANY SPECIFIC PURPOSES, TO THE DEGREE OF SUCH LIMITED LIABILITY APPLICA- BLE BY LAW. 2 Table of Contents INTRODUCTION........................................................................................................ 5 1. GENERAL INFORMATION ................................................................................. 8 1.1 FILES. PARTITIONS. CONNECTING A HARD DISK. BIOS SETTINGS.................. 8 1.1.1 FILES, FOLDERS, FILE SYSTEMS .................................................................... 8 1.1.2 HARD DISK PARTITIONS AND SECTORS......................................................... 9 1.2 CONNECTING A HARD DISK TO THE COMPUTER............................................. 10 1.3 SETTING BIOS .............................................................................................. -
Vector CPM 2 Introductory Manual
c;rm r: INTRODUCTORY MANUAL VECIOR GRAPHIC CP1M 2.2 SYSTEM DISKETrE Release 5 INTRODUCTORY MANUAL Revision C JULy 10, 1980 Copyright 1980 Vector Graphic Inc. *CP/M is a registered trademark of Digital Research. Copyright 1980 by Vector Graphic Inc. All rights reserved. Disclaimer Vector Graphic makes no representations or warranties with respect to the contents of this manual itself, whether or not the product it describes is covered by a warranty or repair agreement. Further, Vector Graphic reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Vector Graphic to notify any person of such revision or charges, except when an agreement to the contrary exists. Revisions The date and reV1S1on of each page herein appears at the bottom of each page. The revision letter such as A or B changes if the MANUAL has been improved but the PRODUCT itself has not been significantly rnc:dified. The date and revision on the Title Page corresponds to that of the page most recently revised. When the product itself is rrodified significantly, the product will get a new revision number, as shown on the manual's title page, and the manual will revert to revision A, as if it were treating a brand new product. EACH MANUAL SHOULD CNLY BE USED WITH THE PRODucr IDENTIFIED CN THE TITLE PAGE. Rev. 2.2-C 7/10/80 Vector Graphic CP/M 2.2 Introductory Manual FOREWORD Audience 'Ibis manual is intended for canputer suppliers, or others with at least a rroderate technical knowledge of small canputers, and familiarity with the basic operation of the Vector Graphic system.