In my line of work protecting customer data is extremely important, and with that in mind unfortunately some times there is just no way to retrieve data for analysis without using a USB Drive. This presents some important requirements for any removable drive used in this way and for me that includes regularly performing three main tasks:
Introducing the USB Drive Wipe Prepare project.
What you will need:
While the complete script can be found here I will focus this post on the challenges I faced with building such solution so that if you are working on a similar project you can benefit from my hard work :)
The most challenging aspect of this was working with Bitlocker CmdLets, so they are my main focus.
The first step is to format the drive with Format-Volume.
This script is provided "as is" however should you be performing similar operations around Encrypting removable drives this may help you towards your solution.
As mentioned above the complete script can be found on the CodePlex project https://usbdrivepreptool.codeplex.com/
Legal Stuff: As always the contents of this blog is provided “as-is”. The information, opinions and views expressed are those of the author and do not necessarily state or reflect those of any other company with affiliation to the products discussed. This includes any URLs or Tools. The author does not accept any responsibility from the use of the information or tools mentioned within this blog, and recommends adequate evaluation against your own requirements to measure suitability.
- Format the drive (erase any previous customers data)
- Encrypt the drive
- Copy any tools etc back onto the drive
Introducing the USB Drive Wipe Prepare project.
What you will need:
- PowerShell 3+
- BitLocker Module (recommend at least Windows 8, Windows 2012)
While the complete script can be found here I will focus this post on the challenges I faced with building such solution so that if you are working on a similar project you can benefit from my hard work :)
The most challenging aspect of this was working with Bitlocker CmdLets, so they are my main focus.
The first step is to format the drive with Format-Volume.
$Result = Format-Volume -ObjectId $($Volume.ObjectId) -FileSystem $($Volume.FileSystem) -NewFileSystemLabel $($Volume.FileSystemLabel);The next step is to encrypt the volume with BitLocker. This involves a number of steps.
- Firstly, due to my employers GPO setting (and a best practice) I must add a recovery password key to the drive.
$Result = Add-BitLockerKeyProtector -MountPoint "$($Volume.DriveLetter):" -RecoveryPasswordProtector
- As part of this it is best practice to then make sure you have the Recovery Key saved off to a location. Earlier in the script I create a PSDrive to reference this location and simplify scripting.
"Bitlocker Key for $($Volume.FileSystemLabel)`r`n ` Identifier: $((Get-BitLockerVolume "$($Volume.DriveLetter):").KeyProtector.KeyProtectorId)`r`n `Key: $((Get-BitLockerVolume "$($Volume.DriveLetter):").KeyProtector.RecoveryPassword)" | Out-File -FilePath "BitLockerKeys:\$($Volume.FileSystemLabel).BitLockerKey.txt";
- Next I enable BitLocker on the Removable Drive with a Password (effectively using BitLocker2Go)
$Result = Enable-BitLocker -MountPoint "$($Volume.DriveLetter):" -EncryptionMethod Aes256 -UsedSpaceOnly -Password $BitLockerPassword -PasswordProtector;
- As the encryption process can take some time the next part of my script checks the status of the protection with
while ((Get-BitLockerVolume -MountPoint "$($Volume.DriveLetter):").EncryptionPercentage -lt 100) ....
This script is provided "as is" however should you be performing similar operations around Encrypting removable drives this may help you towards your solution.
As mentioned above the complete script can be found on the CodePlex project https://usbdrivepreptool.codeplex.com/
Legal Stuff: As always the contents of this blog is provided “as-is”. The information, opinions and views expressed are those of the author and do not necessarily state or reflect those of any other company with affiliation to the products discussed. This includes any URLs or Tools. The author does not accept any responsibility from the use of the information or tools mentioned within this blog, and recommends adequate evaluation against your own requirements to measure suitability.
No comments:
Post a Comment