Problems With Encrypted Drives - Tableau TD2u User Manual

CHAPTER 4 Troubleshooting and Support

Problems with Encrypted Drives

Prior to TD2u v1.3 release in December 2017, the method by which 4kbyte sector size drives
were encrypted was not compatible with the VeraCrypt standard. This would result in an
inability to properly decrypt a TD2u encrypted 4k drive on any system using the publicly
available VeraCrypt application. Drives with 512 byte sector sizes and advanced format drives
(4kbyte drives that act as 512 byte drives) were not affected by this issue.
This issue was fixed in TD2u v1.3 software. If you captured encrypted evidence on pre-v1.3
TD2u software, that evidence will no longer be usable on a TD2u that has been updated to v1.3
or later. Such a drive would be able to be unlocked, but the unlocked data container would
present unintelligible information to the system. In that scenario, if the improperly encrypted
4k drive was attached to a TD2u destination port, no filesystem would be detected and the
TD2u would prompt to format the drive during Duplication setup. That format request should
be declined in order to preserve the previously captured evidence.
In order to recover the previously captured evidence, the v1.3 firmware includes a "Legacy
Unlock" feature. If you have such a drive, the following procedure will allow for recapture of
the previous evidence:
1. Update your TD2u to version 1.3 or newer.
2. Connect the encrypted, 4k sector drive to the appropriate source port on the TD2u.
3. Connect a different drive to one of the destination ports of the TD2u. This drive must be
big enough to store the entirety of the 4k source.
4. Boot the TD2u.
5. Go to the Disk Info screen for the 4k source and select the
option. This option will only be present for encrypted 4k drives. It will guide you through
a familiar unlock process and instruct the TD2u to use the encryption style the 4k drive is
using.
6. If desired, encrypt the destination drive.
7. Using the Duplication feature, clone the legacy unlocked source to the new destination.
This will decrypt the data with the legacy encryption as it reads from the source, and
store the decrypted data on the destination.
8. Once this duplication completes, your new destination contains the evidence from the
source drive. If you want to put this data back on that drive, you can re-encrypt that
drive and duplicate the data back into it from the new copy. If the new copy is encrypted,
it can be unlocked as a source from Disk Info (not the legacy unlock option)
Legacy Unlock (VERY RARE)
63