Protecting multiple partitions with EWF

[jasoneblue554]

Hello all,

I have been trying to deny writing on all volumes on my PC using EWF
First, I tried running EWF over the partition of the OS only, and
succeeded to do so
Then, I tried protecting multiple volumes, as explained on MSDN:
opened a new key in the registry :

for C: key:
HKLM\system\CurrentControlSet\Services\efw\Paramters\Volume0 --
values : (REG_DWORD)Type = 1, (REG_SZ)ArcName =
multi(0)disk(0)rdisk(0)partition(1)

for D: key:
HKLM\system\CurrentControlSet\Services\efw\Paramters\Volume1 --
vaules : (REG_DWORD)Type = 1, (REG_SZ)ArcName =
multi(0)disk(0)rdisk(0)partition(2)

after these steps i found that only partition C is protected by the EWF
can someone help me understand what I've been doing wrong, or what more
do i need to do for getting the needed result

 

[KM]

To be able to help you with the issue we would need to get more details about the software and hardware configuration you use over
there:

- How many hard drives in your target device? How they are connected (what IDE channels used)?

- How the drives are partitioned?

- Are you doing the EWF registry Config in Pre-FBA image or you are changing the registry in PostFBA phase? (the latte would be
wrong unless you reconfigure/reinstall EWF)

- What SP you are working with? Highly recommended to use SP2/FP2007 as many bugs of EWF have been fixed there.