1 Reply Latest reply on Apr 11, 2011 10:50 AM by SafeBoot

    Generating a "raw image" of an encrypted device

      Hello, the question was posed to me about how to go about generating an image of an encrypted laptop that would even contain files marked as deleted by the OS. This would be done primarily for litigation purposes. From what I've been reading I would need to create a "raw image" of a hard drive. Has anyone ever tried this with a drive that has EEPC? I figured I could boot the laptop with the BartPE USB recovery tool, authorize and authenticate to it, then run some kind of image generator and dump it to the network. Would this be sufficient to capture data that has been marked as deleted? Thanks for any guidance!