eCryptfs Parser is a GUI for Linux and Windows that recursively parses the headers of every eCryptfs file found in a given directory. It will tell you what encryption algorithm was used, the original filesize, signature used etc
Features
- GUI runs in both Linux and Windows systems. Envisaged uses in Windows is with regard to the extraction of such files from a forensic image of disk.
- Recursively explores every header of every eCryptfs file found in a given directory
- Optional choice to SHA1 hash the files, or not
- Calculates the original size of the file, before it was encrypted
- Calculates header extent sizes
- Calculates the encryption algorithm used (3DES, AES, Blowfish etc)
- Displays what salt was used for the key generation
- Signature of the File Encryption Key, to tie the ownership to a particular user
- Full rendering of the whole header, with ability to copy and paste the whole grid to spreadsheet
- Released under GNU with source code provided
- Ability to export the results to CSV text file or HTML file for web browser
Categories
Encryption AlgorithmsFollow eCryptfs Parser
You Might Also Like