Re: [sleuthkit-users] Encryption flag issue
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Encryption flag issue
|
From: Nanni B. <dig...@gm...> - 2019-03-20 11:54:15
|
I tried and in my test image file (EWF format) it founds two TrueCrypt volumes as encrypted suspects. Il giorno mer 20 mar 2019 alle ore 10:48 Søren Berggreen < shb...@gm...> ha scritto: > Hi. > > I've got this issue that I haven't been able to solve: > > Autopsy 4.10.0 on Windows 10 Pro > > Problem: > A known encrypted file is not flagged when running the Encryption > Detection Module. > > Secondary problem: > The encrypted file is saved as a .dll file, but is not flagged when > running the Extension Mismatch Detector Module. > > Pre: > An encrypted container was created using Veracrypt. The size of the > container was set to 100MB. Hash sha512, encryption serpent, filesystem > NTFS. The container was named "VBoxClient-64bit.dll" and was placed in > folder "C:\Program Files\Oracle\VirtualBox\x86". > > The forensic image on where the container is located, was also tested > using X-Ways and EnCase, and both tools flag the container as encrypted. > > Best regards > Soren Berggreen > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > -- Dott. Nanni Bassetti http://www.nannibassetti.com CAINE project manager - http://www.caine-live.net INFORMATIVA TRATTAMENTO DATI: I dati da voi inviati alla mia e-mail dig...@gm... ( https://www.google.com/intl/it/policies/privacy/) sono trattati esclusivamente da me medesimo (Dott. Giovanni Bassetti) presso la mia sede legale e protetti adeguatamente e gli allegati sono anche conservati cifrati. Per qualsiasi informazione e richiesta non esitate a contattarmi. L'interessato, può chiedere in qualsiasi momento informazioni e/o cancellazione dei suoi dati. La finalità, la tempistica e la modalità del trattamento è formata dalla richiesta stessa dell'interessato e degli accordi intrapresi col sottoscritto.*Si prega di LEGGERE l'informativa completa sulla PRIVACY* https://nannibassetti.com/privacy.html <https://nannibassetti.com/privacy.html> |
