With the correct forensic tools, you can recover all data on the disk, unless the disk is encrypted. It will cost you a few thousand dollars as it is not just as simple as connect the disk to another computer. You basically have to dismantle the disk and use specific equipment to recover the data. The HD protection will probably prevent a normal person from getting the data, but if you have "classified" information on the computer, someone may find it worth spending the money to get to the data.
I still like both bios and HD passwords. If everyone set it, the market for stolen laptops would be small(er)... Replied as a private person, not in the function of my job. Martin Forest ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Garrett M. Groff Sent: Friday, 1 June 2007 9:39 To: [email protected] Subject: [FDE] hard disk p/w protection - secure? My Dell Inspiron 1100 laptop has an option that is settable in the BIOS that allows me to set a password on the HDD (separate from the user and supervisor BIOS passwords). Cursory reading into this leads me to believe that the password is actually written to the HDD, so removing the CMOS battery or otherwise resetting the BIOS will not bypass this protection. Transferring the hard disk to another machine will similarly fail to thwart the password protection. I realize it's not encryption by any stretch (and therefore off-topic), but how secure is this password protection? Speculation aside, has anyone had experience using/bypassing/testing this feature? If so, can you tell me how secure or insecure this password protection is? I'm not necessarily looking for an airtight solution for this particular machine, but if it's completely useless from a security standpoint, I'd like to find out. Thanks, Garrett "The information contained in this document is intended only for the addressee and is not necessarily the views nor the official communication of the Department of Labour. All final/official papers which are sent from the Department will be sent by non-electronic means, on appropriate letterhead, signed by authorised personnel."
_______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
