本帖最后由 妖仙 于 2016-11-19 23:41 编辑
Bitlocker 加密磁盘, 忘记密码了,当时也没有保存密钥, 寻找解决办法.
Passware Kit Forensic
网上看到好像这个软件可以破解, 找回文件, 但是使用上有些问题...
- The image file of the encrypted volume.
- The physical memory image file or hiberfil.sys file from the target system (with the encrypted volume mounted)
Disk volume images can be created using third-party tools, such as Guidance EnCase, Free EASIS Drive Cloning, or DD. Physical memory images can be created using Passware FireWire Memory Imager or third-party tools, such as ManTech Physical Memory Dump Utility or win32dd. If the target computer with the BitLocker volume is powered off, encryption keys are not stored in its memory, but they could be possibly recovered from the hiberfil.sys file, which is automatically created when a system hibernates.
NOTE: If the target computer is turned off and the BitLocker volume was dismounted during the last hibernation, neither the memory image nor the hiberfil.sys file will contain the encryption keys. Therefore, instant decryption of the volume is impossible. In this case, Passware Kit assigns Brute-force attacks to recover the original password for the volume.
第一个已经弄到了,但是第二步的memory image file 弄不到 (没有hiberfil.sys).
Passware FireWire Memory Imager 需要iEEE1394的接口,
WinDD 导出physical memory报错,解决不了,
大家有办法在win7上弄到么?
我用的两个dump physical memory 的软件已附上, mdd1.3那个得用命令行.
|
发表于 2016-11-19 23:39:04
楼主
