How-Tos

How To Boot Scan A Microsoft Surface Pro

Hi, I’m Rich Frawley, and I’m the Digital Forensic Specialist with ADF Solutions. Today we’re going to conduct a boot scan of a Microsoft Surface Pro with BitLocker activated.

At this point you have decided on a search profile, or search profiles, to use and prepared your collection key.

When conducting a boot scan, Digital Evidence Investigator is forensically sound. This means that no changes are made to the target media.

Prior to conducting a boot scan, establish how many USB ports are available, and determine if the four-port USB hub is required.

Two ports are required in order to complete a scan: one for the collection key and one for the authentication key. Once the scan is started, the authentication key can be removed.

The Surface Pro only has one USB port, so I have a four-port hub, the collection key connected, and the authentication key.

With the Surface Pro, in order to boot to the USB device, we’ll hold the ‘volume down’ button while pushing and releasing the power button.

When booting to the collection key, Digital Evidence Investigator will automatically launch the application to scan the computer. No user input is normally required within the Windows boot manager.

Once DEI has launched, there are two options available: Scan Computer and Image Computer. To proceed with the boot scan, click on ‘Scan Computer.’

You can see here the physical device and the BitLocker volume; the search profiles that we have on our collection key; and our scan information.

To get started, we need to enter the credentials for the BitLocker encrypted volume.

Once the volume is decrypted, we can choose the search profile that we want to run; give it a scan name; adjust our date and time if necessary; enter in any custom fields that may be present; and then start our scan.

As you can see, I have my authentication key. In order to start the scan, I present my authentication key. The scan will start. I can now remove the authentication key and move on to another computer with another collection key.

That’s all for this video; thank you for your time.

Get a free trial at www.TryADF.com.

About Scar de Courcier

Scar de Courcier is Senior Editor at Forensic Focus.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,276 other followers

%d bloggers like this: