Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption
12345678
Use Dell Encryption with EnCase
Get Encryption Keys
Use the EnCase Enterprise user interface to get encryption keys from the Dell Remote Management Console and decrypt all Dell-
encrypted data for this computer or evidence file.
1. Select the Online check box.
2. Type the Username of the forensic administrator.
3. Type the Password of the forensic administrator.
4. Type the URL to the Dell Server with the EnCase API enabled. For example:
https://cred01.somedomain.com:8443/xapi/ (if your Security Management Server is v7.7 or later)
https://cred01.somedomain.com:8081/xapi (if your Security Management Server is pre-v7.7)
Locate the Dell Server URI at HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CMGShield\Servlet
NOTE: The Dell Server must have the EnCase API enabled to export keys. You may optionally deploy an alternate Security Server
exclusively for EnCase integration.
5. Enter the Machine ID (also known as MCID and Unique ID) for the target computer or evidence file.
Locate the MCID at either:
The registry of the target computer at:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CMGShield
Or
Management Console
a. In the left pane, click Populations > Endpoints.
b. Click the Details icon of the appropriate device.
c. From the top menu, click Details & Actions.
d. Locate the Unique ID in the Endpoint Detail area.
6. Enter the Shield ID (also known as Device ID, DCID, Recovery ID, or SCID) for the target computer or evidence file.
Locate the DCID at either:
The registry of the target computer at:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CMGShield
Or
Management Console
a. In the left pane, click Populations > Endpoints.
b. Click the Details icon of the appropriate device.
c. From the top menu, click Details & Actions.
d. Locate the Recovery ID in the Shield area.
NOTE: Specify the MCID, DCID, or both IDs. The imported case contains all key material for the specified Machine ID, Shield ID, or
both IDs.
7. Click OK.
Decryption is now in-progress.
Once decryption is complete, the files are accessible for forensic examination. Decrypted files are only viewable through the EnCase
module, the original source files remain unaltered and encrypted.
3
6 Use Dell Encryption with EnCase