Open tobraha opened 1 year ago
UPDATE:
I ran bdemount
again with debug+verbose output enabled. The bde metadata has a few references to 'SophosProtector', so that may be the cause of my issue.
Also, this may be related to #44
Thanks!
@tobraha can you attach or send me a sanitize version of the debug output. I'll have a look when time permits.
@joachimmetz - apologies for the delay. Here is the sanitized debug output:
Not that the output contains any revealing info (I think), but I've encrypted this using your key here: https://github.com/joachimmetz.gpg.
If you're not able to decrypt for any reason, let me know and I will email you a copy of the output. After all, who really uses PGP anymore :upside_down_face:
I am trying to mount a BitLocker partition after having mounted the disk image with ewfmount. When I enter the known recovery key to either
bdeinfo
orbdemount
with-r <recovery-key>
, I am prompted to enter the volume Password (which is not known).I am using current versions of ewftools and bdetools built from source:
Here is some of the image metadata:
Files & Mounts
Partition Layout
* curious, those Chinese characters... not sure I've ever seen that before from Sleuthkit
BitLocker Volume Info
I don't recall ever trying to use
bdemount
on a volume that has both of these protectors enabled.Am I missing something? Some compile option needed that I'm missing?
Thanks, -Tommy