if you present the correct XML file to EETech, it will mount the host drive for you automatically? Have you checked using the workspace that your XML export is correct?
To be honest I've never used the workspace. It says i have authenticated and the only way i could get the disk to appear unencrypted is to start a crypt sector and cancel it. (obviously this is my test machine, so i can do what i wish with it but wouldn't do that on a production machine)
And i was told that there was hardly anything on EETech on the encrytion course and can't face talking to gold support.....
It would be really handy to have some sort of idea of what to use what for and how to use it, so that us starting out using EEPC can play about with test systems to find out what we can do in EETech. A guide on how to use the components in EETech (obviously with a big disclaimer included) would be very useful. Either that or a nice mount button. :-)
I saw this post: https://community.mcafee.com/message/149954#149954 and wonder if they mean the EETech from v6.1?
(yes... flailing in at the deep end here....)
1 of 1 people found this helpful
One thing I've noticed is that you have to "refresh" the file management utility after you authenticate (authorization is not necessary for mounting the disk). So maybe you just need to hit F5 or click around in the file manager GUI. As Simon said, the "mount disk" button is gone in EE Tech. Now it just happens automatically after you authenticate. So if that isn't working, then you may be using the wrong key. Here's how to test your key with the workspace functions. Forgive me if the menu names are different, I'm not looking at it right now ... but my memory is pretty good.
- Authenticate in EE Tech, using an XML file from ePO
- Open workspace
- Choose "load sector from disk"
- Enter 63 in the start sector, and 1 in the sector count.
- The screen will then read that sector of the disk and display it. You will be looking at encrypted data. Only pay attention to the far-right column - this is the actual data on the disk.
- To decrypt this sector, you have to go back to the Workspace menu and hit "decrypt"
- Look in the far-right column and see if you now see cleartext data. If it is cleartext, then you are using the right XML file.
I say to use sector 63 since that is typically the first sector of the first partition and has predictable text in it - usually "NTFS" is seen. If you load sector 63 and it is blank, then you'll have to go fishing for sectors. I just increase by a factor of 10 while I'm looking ... so 63, then 630, then 6300 and so on. Eventually you'll find a sector with some data that looks like clear text after you decrypt it. If you don't, then you're using the wrong XML file.
Thanks for that Dan- thats very helpful.
I'm off for a week, so will try that when i get back.
Ok- so i loaded and decrypted the workspace.
At the top of the right hand colum there was R.NTFS and lower down it said: "a disk read error occurred. NTLDR is missing...." so it did show cleartext so i'm assuming its the correct file.
So, leaving EETech open (authenticated but not authorised), I open A43 and see the c:\ drive in the list, but no matter where I click, refresh or restart A43, I still can't read the disk.
1 of 1 people found this helpful
It could be that you don't have the SATA drivers for your hard disk installed in your PE environment. That's what usually causes this symptom. You can try getting the SATA drivers from Intel, or whomever makes your hard disk(s). Another trick is to go into the BIOS and switch the disk operation to ATA or something that resembles "legacy mode".
the one i was testing on is in ide mode - but i think its a solid state drive. I'll try and find and add the drivers tothe winpe image for it.
Just to let you know (or anyone else) that i eventually managed to get this working.
I had tried injecting AHCI drivers into the winPE wim but still had no joy...... until this week.
We had a requirement to try and extract data on the fly so I created a new BartPE with EETech v 6.1.1 (one with no drivers for my ata disks, and one with AHCI drivers). When booting from this i am able to read the encrypted disk on the fly fine.
I'm unsure whether it is something to do with the WinPE v's Bart or EETech 6.0.2 v's 6.1.1, but anyway, thanks for all your help on this matter. This makes life MUCH easier!