Getting Around SafeBoot

[Erick]

Customer brought in an ancient XP laptop. It's from an old company that she used to own and has data on it pertinent to an upcoming legal case.

Problem is that she doesn't remember the password.

OK. No problem. This happens. We can just pop the drive out and pull the data off of it or for fun crack the password.

After some initial once over and checking I manage to figure out that it's running McAfee SafeBoot; the drive is encrypted. It will boot, go into XP, Safe Mode....runs like a champ...but none of the XP cracking tools I know of will work because of SafeBoot nor can I access the files from a boot CD/USB.

Does anyone know of a good way around this?

 

[Diggs]

This is why disk encryption software is created. So a disk can't be read. There is no way to recover that I'm aware of.

 

[Mr. Ingram's Computer Repair & Shoppe]

This is why disk encryption software is created. So a disk can't be read. There is no way to recover that I'm aware of.

this

 

[fencepost]

I'd recommend creating an exact image of the drive just in case there's a lockout/autowipe (unlikely), then encourage her to build a list of any possible passwords and variations of them that might have been used, then start trying.

 

[Slaters Kustum Machines]

There is a tool called WinTech, which is bootable that is used to work on SafeBoot encrypted machines, but it still requires the code of the day, which I don't have access to anymore.

There is also a SafeTech disk which is just for the encryption: https://wikis.uit.tufts.edu/conflue...Using+the+Safetech+Boot+CD+to+Decrypt+a+Drive

The WinTech was basically a Win PE disk with the encryption tools. Without those there isn't much you can do.

 

[Slaters Kustum Machines]

I'd recommend creating an exact image of the drive just in case there's a lockout/autowipe (unlikely)

If you enter the incorrect password too many times you will get a timeout (I believe 2 minutes) which doubles every time you enter a password after the configured threshold, but I don't recall it actually locking you out or and wipe after so many tries.

 

[HFultzjr]

No backups of course...............................LOL

 

[Slaters Kustum Machines]

No backups of course...............................LOL

The problem with that is if you have your computer encrypted, your backup should be encrypted as well.

 

[Larry Sabo]

XP, Safe Mode....runs like a champ

Any chance you can see browser passwords for hints?

 

[frase]

For fun ..and upcoming legal case, they should not be used in same paragraph or sentence, poem, haiku etc.

 

[lcoughey]

There is a tool called WinTech, which is bootable that is used to work on SafeBoot encrypted machines, but it still requires the code of the day, which I don't have access to anymore.

There is also a SafeTech disk which is just for the encryption: https://wikis.uit.tufts.edu/conflue...Using+the+Safetech+Boot+CD+to+Decrypt+a+Drive

The WinTech was basically a Win PE disk with the encryption tools. Without those there isn't much you can do.

This method needs the code of the day and the saved encryption key. If the user doesn't have the password, I suspect they don't have the key either.