As to scenario #1, if you are trying to run remote management software or do a forensic investigation on a machine that is powered down you have other, more serious problems that have nothing to do with technology.
As to scenario #2 I've been using ce-infosys which another hard drive encryptor with network management capabilities similar to bitlocker. Once a system has been authenticated and it is up and running, the crypto software runs at a very low level and other than taking a few cycles longer to serve up data, your admin software should do just fine. I tested specifically for this by running software both resident on the laptop and software remotely managing the laptop. I was even able to connect to a drive on the laptop across the LAN from a machine that did not use hard drive encryption and every thing worked quite well. I believe this is because the crypto software is intercepting all disk requests and doing its thing without interrupting service. The crypto software is there mainly to protect data at rest and make the data completely available the rest of the time once it has authenticated a user. -----Original Message----- From: Ken S [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 02, 2006 2:38 PM To: [email protected] Subject: Re: Laptop Encryption & Write Permissions How will bitlocker (or other full drive encryption products) impact forensics investigations AND normal administrative functions for machines that are 1) powered down and for those that are 2) on-line? Specifially, the main benefit I see for bitlocker is the confidence you would have when a laptop is lost or stolen. If the entire drive is encrypted, the chances of data compromise should be very low. This would solve a lot of heartburn.... Plus, I understand the admin capabilities of bitlocker will allow admins to access drives in the event a password is forgotten, or forensics needs to be done. However, what impact will the encryption have on tools commonly used by network admins today? I assume if the machine is on it's "home" network, that admins will be still be able to use tools like BindView (which authenticates to machines to pull information), pstools, etc., etc. as usual. But are there other tools that the encryption would negatively impact? Thanks in advance for your input. Ken ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
