How will bitlocker (or other full drive encryption products) impact forensics investigations AND normal administrative functions for machines that are 1) powered down and for those that are 2) on-line?
Specifially, the main benefit I see for bitlocker is the confidence you would have when a laptop is lost or stolen. If the entire drive is encrypted, the chances of data compromise should be very low. This would solve a lot of heartburn.... Plus, I understand the admin capabilities of bitlocker will allow admins to access drives in the event a password is forgotten, or forensics needs to be done. However, what impact will the encryption have on tools commonly used by network admins today? I assume if the machine is on it's "home" network, that admins will be still be able to use tools like BindView (which authenticates to machines to pull information), pstools, etc., etc. as usual. But are there other tools that the encryption would negatively impact? Thanks in advance for your input. Ken --------------------------------------------------------------------------- ---------------------------------------------------------------------------
