[sleuthkit-users] Encryption flag issue
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Encryption flag issue
|
From: Søren B. <shb...@gm...> - 2019-03-20 09:47:54
|
Hi. I've got this issue that I haven't been able to solve: Autopsy 4.10.0 on Windows 10 Pro Problem: A known encrypted file is not flagged when running the Encryption Detection Module. Secondary problem: The encrypted file is saved as a .dll file, but is not flagged when running the Extension Mismatch Detector Module. Pre: An encrypted container was created using Veracrypt. The size of the container was set to 100MB. Hash sha512, encryption serpent, filesystem NTFS. The container was named "VBoxClient-64bit.dll" and was placed in folder "C:\Program Files\Oracle\VirtualBox\x86". The forensic image on where the container is located, was also tested using X-Ways and EnCase, and both tools flag the container as encrypted. Best regards Soren Berggreen |
