How to Manage Container Key Files

Home > selected Organization > menu or right-click > Settings > General > Container Key Files

Project > Settings > Organization Settings tab > General > Container Key Files

Requires Organization - Container Key Files - View, Add/Edit, and Delete Permissions

You can add and manage two types of Container Key Files:

  • Lotus Notes ID files — These ID files enable processing of password-protected Lotus Notes NSF files or the encrypted items from unprotected NSF files.
  • Microsoft BitLocker Key files — These Key files (text files with a 48-digit key) enable processing of Microsoft BitLocker-encrypted disk partitions.

Adding Container Key files prior to import helps avoid reprocessing scenarios.

After import, you can rely on a reprocessing scenario that begins by checking the Warning and Errors section of the Data Set Scan Report for Protected, Encrypted, or Partitions Encrypted entries.

How to Manage Lotus Notes ID Files

This section summarizes how to manage Lotus Notes ID Files for the following:

  • Protected NSF files — These parent Lotus Notes files are labeled Protected (that is, their parsing status is 00029 PROTECTED).
  • Encrypted items from NSF files — These encrypted items of unprotected NSF files are labeled 00027 ENCRYPTED.

A Lotus Notes ID file typically has an associated password that enables access to a password-protected NSF file. (Not all Lotus Notes ID files may require passwords.)

After import, if you want to be able to reprocess the protected Lotus Notes files (or the encrypted children of unprotected NSF files) to get content, acquire and upload the Lotus Notes ID files for the protected or encrypted files, with the appropriate passwords (if passwords are required).

You can add a Lotus Notes ID file (using the appropriate password) from the Organization Settings, under Container Key files. Each Lotus Notes ID file you add is validated. If an ID file cannot be validated, it is not added to the list.

Once you have the ID file for a protected NSF uploaded, you can then drill through the Protected entry in the Data Set Scan Report and, from the Search Results, click Reprocess to reprocess the Protected Lotus Notes NSF file, using the Reprocess documents with children option (to discover the children of the NSF file that could not previously be processed).

Note: In cases where the unprotected Lotus Notes NSF file itself can be opened, but one or more of its items are encrypted, you can upload the ID file (which must apply to all children of the given NSF), then drill through the Encrypted entry in the Data Set Scan Report and use the Reprocess documents only option with the Extract from Container option for those files. Note that you may need to perform additional reprocessing of documents with children after the initial reprocessing. To find the files after the initial reprocessing, you can search for the origparsingstatus::00027 ENCRYPTED.

The following steps summarize how to use Lotus Notes ID files as part of a reprocessing workflow after import, to process password-protected NSF files (or encrypted items from unprotected NSF files):

  1. In the Project, check the Warning and Errors section of the Scan Report for the imported data set to check for Lotus Notes NSF files that are labeled Protected (that is, their parsing status is 00029 PROTECTED). If the NSF files are unprotected but have items that are encrypted/protected, you will see 00027 ENCRYPTED for those items.
  2. Acquire the Lotus Notes ID files and passwords (if applicable) for any protected NSF files (where the ID file for the NSF itself applies to all of its children), and/or the ID files for any encrypted children of unprotected NSF files (where the ID file must apply to all children of a given NSF file).
  3. From the Organization Settings, select Container Key files.
  4. Click the top-level New Key File option and supply the information for the Lotus Notes ID file. As part of this process, you will use the Browse button to select the path of the Lotus Notes ID file.
  5. Click OK to save the information and upload the file. The information is validated. If an ID file cannot be validated, it is not added to the list.
  6. From the drill-through search results for the Protected NSFs or the encrypted children of NSFs, select the files you want to reprocess and click Reprocess on the toolbar. Choose reprocess options using these guidelines:
    • For reprocessing protected NSF files, select the Reprocess documents with children option (to discover the children of the NSF files that could not previously be processed because they were Protected).
    • For reprocessing the encrypted items of unprotected NSF files, use the Reprocess documents only option with the Extract from Container option for those files.

Note: When you reprocess one or more protected Lotus Notes NSF files or encrypted items from unprotected NFS files, the software uses the list of available ID files, iterating through the list until an available ID file enables processing or until the entire list has been checked.

  1. After reprocessing is complete, you can view the Reprocessing task results in the Work Basket and recheck the Scan Report for changes, then locate the Lotus Notes NSF file content. After reprocessing encrypted items of NSF files, it may be necessary to perform additional reprocessing (Reprocess documents with children).
  2. From Container Key files, you can manage the Lotus Notes ID files (edit the Key File Name or delete the files as needed, and add more ID files if needed).

How to Manage Microsoft BitLocker Key Files for BitLocker-Encrypted Partitions

This section summarizes how to manage the Key files for Microsoft BitLocker-encrypted disk partitions.

BitLocker is a Microsoft Windows component used for disk encryption (for Windows 7 Enterprise and Ultimate, Windows 8 Professional, Enterprise and Ultimate, and Windows 10). BitLocker can encrypt a hard drive or USB, for example.

A BitLocker-encrypted partition uses a Windows-generated Key file and a user-generated password, and either can be used to decrypt the partition. If you supply the Key file for a partition, the software uses the 48-digit key and partition ID in the Key file (a text file) to identify and decrypt the partition. When multiple partitions are BitLocker-encrypted, each partition will have its own Key file and password.

You can add a Key file from the Organization Settings, under Container Key files.

As an alternative (or supplement) to supplying a Key file, you can supply the password for a BitLocker-encrypted partition in an uploaded password file for the Known Passwords form of password-cracking during reprocessing. Password-cracking options are available from the Project-level settings, under Password Cracking.

Note: If you supply both the BitLocker Key file for an encrypted disk partition and its password (as part of password-cracking), the Digital Reef software uses whichever it finds first. If you want to supply the password for a BitLocker-encrypted partition as part of password-cracking, the Known Passwords mode is recommended instead of the more intensive modes. For some BitLocker files, you may have to perform a second reprocessing pass.

The Digital Reef software accommodates the following types of BitLocker-encrypted partitions:

  • A Virtual Hard Drive (VHD) with BitLocker-encrypted disk partitions, such as GPT or MBR (file types diskimage/gptpartitions or diskimage/mbrpartitions). The VHD will be labeled Partitions Encrypted, and after decryption, the metadata will contain a password field for each partition, each with the key or password used. In addition, the diskpartitions field will include bitlocker for each BitLocker-encrypted partition.
  • An EWF with BitLocker-encrypted partitions (for example, where EWF serves as a wrapper for a hard disk or VHD). The EWF will be labeled Partitions Encrypted, and after decryption, the metadata will contain a password field for each partition, each with the key or password used. In addition, the diskpartitions field will include bitlocker for each BitLocker-encrypted partition.
  • An LEF with BitLocker-encrypted partitions, where the BitLocker partitions are extracted as Unallocated Clusters files with a file type of diskimage/bitlocker. These files will be labeled Encrypted, and after decryption, will contain a password field with the key or password used.

Prior to import, you can upload the Key files if you know the BitLocker-encrypted partitions that will be part of the import.

The following steps summarize how to use BitLocker Key files as part of a reprocessing workflow after import, to process BitLocker-encrypted partitions:

  1. For an EWF or Virtual Hard Drive (VHD) with one or more BitLocker-encrypted partitions, check the Warning and Errors section of the Scan Report for the imported data set to check for files that are labeled Partitions Encrypted (that is, their parsing status is 01024 PARTITIONS_ENCRYPTED). If you have an LEF with BitLocker-encrypted partitions, check the Warning and Errors section of the Scan Report for 00027 ENCRYPTED, which is reported for the extracted partitions that appear as Unallocated Clusters Files with a file type of diskimage/bitlocker. (The LEF itself will have a parsing status of SUCCESS.)
  2. Acquire the Key files and/or passwords for the BitLocker-encrypted partitions. Note that multiple partitions will mean multiple Key files and/or passwords.
  3. From the Organization Settings, select Container Key files.
  4. Click the top-level New Key File option and supply the information for the BitLocker Key file. As part of this process, you will use the Browse button to select the path of the Key file (a text file).
  5. Click OK to save the information and upload the file. The information is validated. If the Key file cannot be validated, it is not added to the list.
  6. From the drill-through search results for the Partitions Encrypted or Encrypted files, select the files you want to reprocess and click Reprocess on the toolbar. Choose reprocess options using these guidelines:
    • For reprocessing, select the Reprocess documents with children option (to discover any children of the files that could not previously be processed because they were encrypted).

Note: When you reprocess one or more BitLocker-encrypted files, the software matches the partition ID with the appropriate Key file.

  1. After reprocessing is complete, you can view the Reprocessing task results in the Work Basket and recheck the Scan Report for changes, then locate the decrypted items. Note that the parsing status of 01024 PARTITIONS_ENCRYPTED will persist for the parent file (such as an EWF or VHD) if any partition still needs to be decrypted. After reprocessing, it may be necessary to perform additional reprocessing for a partition that may still require a Key file or password (Reprocess documents with children).
  2. From Container Key files, you can manage the Key files (edit the Key File Name or delete the files as needed, and add more Key files if needed).