Re: [sleuthkit-users] Encryption flag issue
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Encryption flag issue
|
From: Richard C. <rco...@ba...> - 2019-03-20 13:58:47
|
Is it at all possible to share the file (or a similar one that you make that recreates the issue) with us here at Basis Technology so that we can look into this? V/R, Richard Cordovano Autopsy Team Lead Director of Engineering - Cyber Forensics, Basis Technology On Wed, Mar 20, 2019 at 5:48 AM Søren Berggreen <shb...@gm...> wrote: > Hi. > > I've got this issue that I haven't been able to solve: > > Autopsy 4.10.0 on Windows 10 Pro > > Problem: > A known encrypted file is not flagged when running the Encryption > Detection Module. > > Secondary problem: > The encrypted file is saved as a .dll file, but is not flagged when > running the Extension Mismatch Detector Module. > > Pre: > An encrypted container was created using Veracrypt. The size of the > container was set to 100MB. Hash sha512, encryption serpent, filesystem > NTFS. The container was named "VBoxClient-64bit.dll" and was placed in > folder "C:\Program Files\Oracle\VirtualBox\x86". > > The forensic image on where the container is located, was also tested > using X-Ways and EnCase, and both tools flag the container as encrypted. > > Best regards > Soren Berggreen > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > |
