How to scan for rootkit on disk with PGP whole disk encryption
I've never had to scan for a rootkit on an encrypted disk before. I'd like to boot to a Linux CD to do the scans. I have the encryption password. Can I unlock the disk then boot to a CD?
Last Comment
David Johnson, CD
no you can't as it requires the boot sector to load the unencryptor.. so your choices are either to use rootkit revealer (sysintenals) from within the operating system or unencrypt the disk first.
ASKER
ah, ok. Unencrypting is running a process that totally reverses the encryption and puts it back in a "normal" state, eh? yeow.
I know it is not fun.. better to not get the problem in the first place, user education, using anti-malware tools, keep systems up to date with patches.. unfortunately we have no control between the keyboard and the chair.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
One thing to take note of: Russel's solution does decrypt (and implies you will have to encrypt again), which really does not make any sense here as you are still able to decrypt it from within windows. So his solution would be more for the case that the system is not bootable anymore.
If you want your scan, you don't have to decrypt, just "unlock" it using the method I provided.
If you want your scan, you don't have to decrypt, just "unlock" it using the method I provided.
@mcknife you should have got all the points as russells solution is basically what I suggested (decryption).. Although we do frown upon offline scanning or scanning in safe mode for modern virus's/malware I have a few test programs that will pass every anti-virus scanner out there, yet it will not show in the tasklist/taskmanager, all it does is move a few pointers to hide itself .. an active scanner find's it most of the time. they detect the changing of the pointers
At least in my mind you get full points, partner.
At least in my mind you get full points, partner.
Thanks. Points are not really important, I am trying to save him time. The de-/encryption process can be very lengthy.
@ve3ofa, you do no such thing. All you mention is using a unencryptor with no verification.
Special note: To anyone else reading this. Ve3ofa's comment is unwelome and is not part of the cyber security specialists. He also missed the fact the OP wanted to do it from outside the system with a live cd. It's there decision not his. This being said anything being "frowned upon" is because of people like this bash other people and others that post the same content to take credit. Trolls are not welcome.
Special note: To anyone else reading this. Ve3ofa's comment is unwelome and is not part of the cyber security specialists. He also missed the fact the OP wanted to do it from outside the system with a live cd. It's there decision not his. This being said anything being "frowned upon" is because of people like this bash other people and others that post the same content to take credit. Trolls are not welcome.
Windows 7
Windows 7 is an operating system from Microsoft. Features include multi-touch support, a redesigned Windows Shell with a new taskbar, referred to as the Superbar, a home networking system called HomeGroup, and performance improvements.
48K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
