New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Of course it can be accessed. You can just snapshot and save the running instance and do whatever you want to it. This essentially saves the RAM of the VM to a file. Now, there are many things you can do with a memory dump:
You can spin up another instance from this snapshot and play around with it. The file system will be unencrypted since the decryption keys never left the RAM you saved… One can try brute forcing root passwords, looking for exploits in running services etc…
You can try to fish out the data you're looking for from the memory dump itself. Assuming the data has been accessed recently, there's a good chance you might dig it out using tools like Volatility.
You can try to find the encryption key itself in the memory dump, and then decrypt the file system. Success of this method depends largely on the encryption method/tool used. I know you can do this for BitLocker and TrueCrypt protected stuff at least.
Exactly, LET proves it every day: Nothing is more confusing than plain text.
I agree.
No one would expect plain text encryption.