• 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏吧

Beware of the encrypted VM

开发技术 开发技术 2周前 (09-08) 24次浏览

A friend of mine Megan told me that she got an error message as below screenshot when trying to open a virtual machine on suspect’s laptop.

Beware of the encrypted VM

 

She tried to take a guess but in vain. What’s wrong with this virtual machine anyway???

Beware of the encrypted VM

 

Obviously it’s an encrypted and restricted VM. Let’s take a look at the default setting of “Access Control”. As you could see that it’s not encrypted.

Beware of the encrypted VM

 

We could set a password for encryption. Guess what?  All files in this VM including the vmdks and vmx are all encrypted. As far as I know that there is no way to decrypt this VM!!!

Beware of the encrypted VM

 

Furthermore we could restrict the user to modify any settings or set a expire date of this VM. 

Beware of the encrypted VM

 

Without password you could not open this encrypted VM. Let’s take a look at it’s vmx and you will know what’s going on.

Beware of the encrypted VM

 

Unfortunately forensic tools may not be able to decrypt those encrypted files. Forensic examiners won’t have any idea of what’s inside this VM unless they got the password.

 


程序员灯塔 , 版权所有
转载请注明原文链接:https://www.wangt.cc/2020/09/beware-of-the-encrypted-vm/
喜欢 (0)