Andy to Demo Bitlocker Hack at the MCT Summit 2010


Well with only a few days to go before the first UK Microsoft Certified Trainer Summit in York  I am putting the finishing touches to my presentations. The summer for me is a great time to develop new sessions, demos and presentations for the upcoming Months. As I am speaking at not one but two Microsoft TechEd events. The first in Durban in October and the second in Berlin in November.

One of my favourite applications is Passware Forensic 10.1 For Law enforcement professionals. Passware offer a complete set of tools that will not only recover lost passwords for documents including Office 2010 but also help reveal passwords for email and internet accounts. As a Microsoft guy I am particularly keen on Windows 7s Bitlocker to Go feature. Bitlocker like True Crypt provides users with the ability to secure personal data with high level encryption.

Now for a bad guy who thinks that all his dirty secrets are safe. He can just simply encrypt hard disks and thumb drives right? Wrong!! Passware have managed to include the tools to perform a live memory capture and thus reveal the encryption key stored in RAM. Yesterday I spent the day running through a number of scenarios and can confirm I can crack Bitlocker!

Now although this reveals a weakness in disk encryption there are a number of things users can do to increase security. Firstly ensure you physically shut down the computer after use. Don’t use Windows power saving features like Hibernation. In this mode Windows copies the contents of RAM into a file called Hiberfill.sys which is stored on your hard drive.

 Now one of my other presentations I am working on is Windows Power Management and I have made an alarming discovery. According to Paul Thurrott’s Supersite on Windows one of the big plans for Windows 8 is to possibly remove the Shutdown feature altogether. This would make way for a new generation of “Instant On” devices. Now while this all sounds grand, what about that Hiberfill.sys file is this the key? If so it could be a security nightmare. What do you think?

About Andy Malone

Andy Malone Microsoft MVP, MCT Andy Malone is the CEO of Quality Training Ltd and founder of both the Dive Deeper Technology and Cybercrime Security events. Based in Scotland, Andy is a popular international event speaker and technology evangelist with over 15 years experience. Andy was also the 2006 winner of the Microsoft TechEd Speaker Idol contest. Andy has delivered technical and security content to thousands of delegates worldwide at various technical conferences, such as Microsoft TechEd, IT Pro-Connections and Tech-days. His passionate style of delivery, combined with a sense of fun has become his trademark. Although his primary focus is for security. Andy loves to talk about the Windows platform, Exchange and Office technologies. And with knowledge dating back to the MS-DOS 2 and Windows 2.0 era there is often an interesting story to be told. But technology never sleeps and Andy continues to work with the Microsoft product teams to create and deliver ground breaking material on Windows 7, Server 2008 R2 and beyond. For 2011/12 Andy is scheduled to deliver content in Europe, the Middle East, Russia and the US to name but a few. Andy’s blog:
This entry was posted in Cybercrime, microsoft, Security and tagged . Bookmark the permalink.