Menu

#228 Encryption detection issue

1.65
open
nobody
encryption (1)
5
2019-03-20
2019-03-20
Soren Berggreen
No

Autopsy 4.10.0 on Windows 10 Pro

Problem:
A known encrypted file is not flagged when running the Encryption Detection Module.

Secondary problem:
The encrypted file is saved as a .dll file, but is not flagged when running the Extension Mismatch Detector Module.

Pre:
An encrypted container was created using Veracrypt. The size of the container was set to 100MB. Hash sha512, encryption serpent, filesystem NTFS. The container was named "VBoxClient-64bit.dll" and was placed in folder "C:\Program Files\Oracle\VirtualBox\x86".

The forensic image on where the container is located, was also tested using X-Ways and EnCase, and both tools flag the container as encrypted.

Discussion

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.