±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35390
New Yesterday: 0 Visitors: 125

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

HELP! : How to image a Windows Surface RT (ARM)

Basic listing free. Premium listing includes listing on Forensic Focus homepage and RSS newsfeed, notification sent to Forensic Focus Twitter followers, a post to the Forensic Focus Facebook page, a post to the Forensic Focus LinkedIn Group and guaranteed inclusion of a link in the Forensic Focus newsletter. Learn more.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

mahoney
Newbie
 

Re: HELP! : How to image a Windows Surface RT (ARM)

Post Posted: Mar 21, 19 05:24

- UnallocatedClusters


My experience with Surfaces is that Surfaces come from the factory Bitlocker encrypted standard and Microsoft does NOT provide the Bitlocker keys!!!!!


Workaround for the factory BitLocker encryption:
1. Copy the DD image bit-for-bit onto a blank USB drive.
2. Attach the USB to a Windows machine via a USB write-blocker.
3. Windows will automatically decrypt the drive.
4. Use FTK Imager to re-image as a logical drive.

Workaround for user-encrypted BitLocker encryption:
1. After you get your physical DD image, boot the Surface normally and login (you'll need a local Admin account).
2. Launch CMD and run manage-bde -protectors C: -get -type RecoveryPassword
3. Make a note of the long numerical password.
4. You can use EnCase or Nuix to decrypt your physical DD image, or continue below:
5. Copy the DD image bit-for-bit onto a blank USB drive.
6. Attach the USB to a Windows machine via a USB write-blocker.
7. Windows will prompt for the recovery password - enter it here to decrypt the drive.
8. Use FTK Imager to re-image as a logical drive.  
 

Page 2 of 2
Page Previous  1, 2