I am also in desperate need of a testcrypt like solution that can search my 1TB HDD for a lost veracrypt partition as I accidentely removed the partition table using testdisk in linux.
I would be very willing to contribute to the development of such a tool but need some guidance..
Any suggestions or feedback would be greatly appreciated.
Please respond asap
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
VeraCrypt does not contain any marks for begin and end of partition encrypted.
The only possibility is to try authorization procedure for sectors range.
Also possible to guess encrypted data and regular data. Level of entropy is diffrent.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Have there been any updates on this? I'm also interested in a fork of TestCrypt with VeraCrypt support. I'm currently dealing with a forensic image containing several Veracrypt volumes of which the password is known but the location of the volume in the image is not.
Last edit: Peter Van Akelyen 2017-03-07
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Fast.
The tool checks statistical parameters of every sector in range. Statistical parameters of block encrypted are: entropy > 91%, montecarlo PI > 85%, number of "1" bits >1900, number of trnasitions "0-1" >1900 because data encrypted is close to random data.
Slow.
It tries authorizing every sector in range.
see dcsfv.cfg for details. It is possible to specify several ranges and several logins.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Alex, this is exactly what I've been looking for. I've done some preliminary tests and it seems to work great. Is there any chance to see the source code for DcsFV? It'd offer some more insight into the options in the configuration file and I'd like to try and improve the code to enhance scanning speed.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi All
I am also in desperate need of a testcrypt like solution that can search my 1TB HDD for a lost veracrypt partition as I accidentely removed the partition table using testdisk in linux.
I would be very willing to contribute to the development of such a tool but need some guidance..
Any suggestions or feedback would be greatly appreciated.
Please respond asap
VeraCrypt does not contain any marks for begin and end of partition encrypted.
The only possibility is to try authorization procedure for sectors range.
Also possible to guess encrypted data and regular data. Level of entropy is diffrent.
Have there been any updates on this? I'm also interested in a fork of TestCrypt with VeraCrypt support. I'm currently dealing with a forensic image containing several Veracrypt volumes of which the password is known but the location of the volume in the image is not.
Last edit: Peter Van Akelyen 2017-03-07
Hi Peter Van Akelyen
I wrote DcsFV tool to scan disk.
https://sourceforge.net/projects/dc5/files/beta/
(DCS-TS_28.02.2017_11_42.zip)
It contains two modes:
Fast.
The tool checks statistical parameters of every sector in range. Statistical parameters of block encrypted are: entropy > 91%, montecarlo PI > 85%, number of "1" bits >1900, number of trnasitions "0-1" >1900 because data encrypted is close to random data.
Slow.
It tries authorizing every sector in range.
see dcsfv.cfg for details. It is possible to specify several ranges and several logins.
Hi Alex, this is exactly what I've been looking for. I've done some preliminary tests and it seems to work great. Is there any chance to see the source code for DcsFV? It'd offer some more insight into the options in the configuration file and I'd like to try and improve the code to enhance scanning speed.
Hi Peter Van Akelyen
I'll publish sources. Some delay. It is preview. It uses boost and veracrypt.
Same question, any update on this? Will TestCrypt work with VeraCrypt?