GuardianEdge decryption support has been added to FTK2. GuardianEdge-encrypted drives/images may be decrypted with either the user name and password of a user or with the GuardianEdge server's client admin password.

The way the decryption works from the FTK user's perspective is the user will add an encrypted drive or image. FTK2 will identify the image as being encrypted and display a dialog for decryption credentials. The dialog will supply a list of users for the drive including the client administrator. Select the user name and type in the associated password.



What versions do we support?GuardianEdge decryption was developed using 8.1.1. The same decryption code that shipped with FTK 2.0 and 3.0 successfully decrypted a hard drive encrypted with GuardianEdge 9.1 (10/21/2009)

Did GuardianEdge supply us with libraries? Yes. We are using EAECC.dll and EPCL32.dll from Guardian Edge.

How do we recognize a drive is GuardianEdge encrypted? We look for "PCGM" at offset 6 of the first sector of the hard drive.