Well with only a few days to go before the first UK Microsoft Certified Trainer Summit in York www.mctsummit.eu I am putting the finishing touches to my presentations. The summer for me is a great time to develop new sessions, demos and presentations for the upcoming Months. As I am speaking at not one but two Microsoft TechEd events. The first in Durban in October and the second in Berlin in November.
One of my favourite applications is Passware Forensic 10.1 www.lostpassword.com For Law enforcement professionals. Passware offer a complete set of tools that will not only recover lost passwords for documents including Office 2010 but also help reveal passwords for email and internet accounts. As a Microsoft guy I am particularly keen on Windows 7s Bitlocker to Go feature. Bitlocker like True Crypt provides users with the ability to secure personal data with high level encryption.
Now for a bad guy who thinks that all his dirty secrets are safe. He can just simply encrypt hard disks and thumb drives right? Wrong!! Passware have managed to include the tools to perform a live memory capture and thus reveal the encryption key stored in RAM. Yesterday I spent the day running through a number of scenarios and can confirm I can crack Bitlocker!
Now although this reveals a weakness in disk encryption there are a number of things users can do to increase security. Firstly ensure you physically shut down the computer after use. Don’t use Windows power saving features like Hibernation. In this mode Windows copies the contents of RAM into a file called Hiberfill.sys which is stored on your hard drive.
Now one of my other presentations I am working on is Windows Power Management and I have made an alarming discovery. According to Paul Thurrott’s Supersite on Windows one of the big plans for Windows 8 is to possibly remove the Shutdown feature altogether. This would make way for a new generation of “Instant On” devices. Now while this all sounds grand, what about that Hiberfill.sys file is this the key? If so it could be a security nightmare. What do you think?
