Malware News
12.9K subscribers
1.63K photos
7 videos
130 files
7.78K links
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...

Partner channel: @cveNotify

For ads: https://telega.io/c/malwr
Download Telegram
HDD Password Toshiba
Hello,

i have a Toshiba Laptop which HDD i can't image with FTK. Only zeros with Software Writeblocker. With Hardware Writeblocker you don't See the drive. If you boot the system there ist the info: Input HDD password. I think it's a firmware password. Any suggestions? Is there a tool that shows If it is so?
πŸ—£Civil_Structure_1033

1\. It may be ATA security at work: simplified, hard disks can be assigned a password, and won't allow access unless that password is used to 'login' to the HDD.

Such HDD will, on request, say that security is enabled, so you can use tools such as hdparm (Linux) to identify. (See https://www.admin-magazine.com/Archive/2014/19/Using-the-ATA-security-features-of-modern-hard-disks-and-SSDs for an introduction.)

In this case, as long as you have the password, you can also 'login' to the HDD (pre-boot or post-boot) before you image the drive. The details will obviously depend on the platform you use.

2\. Write blocking may affect the issue. If the blocker prevents all requests that are not simple reads, it will also block login requests. Professional tools usually won't make that mistake, but I can't identify the tool you mention, so I can't say if that is the case here.

The password may be assigned by Toshiba, and be part of the hardware platform: that is, the HDD cannot be removed from the computer and work normally, unless you also extract the password. In these cases, it is easier to let the drive remain mounted, and make a image from a forensic boot environment.
πŸ‘€athulin12


πŸŽ–@malwr
πŸ‘1