On Wed, 20 Jun 2018 23:02:43 -0400, Paul
wrote:
Peter Jason wrote:
On Wed, 20 Jun 2018 02:52:16 -0400, Paul
wrote:
Peter Jason wrote:
My bitlockered HDDs used to be anonymous until
mounted in File Explorer, but now they have the
Volume name even when encrypted. This is a great
help. MSoft must be reading my posts!
http://jessekornblum.com/publications/di09.pdf
Page 6 shows VolumeName is a value in the header
sector of the filesystem. The signature at
the beginning of the sector is "-FVE-FS-",
8 bytes. Whereas for a regular partition,
you'd expect to find "NTFS" somewhere
in the sector.
So there's room for a VolumeName, with no guarantee
it's equal to some label assigned inside the
decrypted part.
Well, you're our BitLocker expert, and you've
probably already looked at the volume to make
sure you "can't read it", right ? Using
HxD, you could have a look at it for fun.
While it was locked.
https://mh-nexus.de/en/hxd/
I don't think I've bitlockered anything here.
Not even a floppy.
Paul
The HxD shows "decoded text" on the RHS. I can't
find passwords here; are they somewhere else?
They'd better be.
You wouldn't want the password sitting there,
even salted and hashed or whatever else they do
with 'em. It's got to be something more complicated
than that.
Paul
Heavens, is nothing safe? I'm going to have to
bury my sensitive drives under the back-yard briar
bush!