We posted about TCHunt yesterday, that could help you identify TrueCrypt encrypted data on your hard drive. But, what if you are not able to load TCHunt and only have access to a backed up hard drive? If that data is backed with dd, you are in luck – for we now have TCDiscover!
This open source python script was submitted to us via the PenTestIT Submit Your Tool option by Mr. Will Schroeder and Mr. Tyler Dean. So, TCDiscover is a python script that uses entropy calculations to find possible TrueCrypt/encrypted containers on a .DD hard drive image. It can even do so recursively through directories!
It is very simple to use. Run it simply with the following arguments and you are done:
./tcdiscover.py -i <image file>
Download TCDiscover (tcdiscover.py) here.
Searches leading to this post:
tcdiscoverIf you enjoyed this article, you might also like:
- TCHunt: Detect Encrypted TrueCrypt Volumes!
As we know, TrueCrypt is a free and open-source disk encryption software for Windows 7/Vista/XP, Mac... - UPDATE: SIFT 2.13!
Guys! The SANS Investigative Forensic Toolkit has been updated! We now have SIFT version 2.13! Our o... - IGPRS: Ivan Golubev’s Password Recovery Suite!
IGPRS is an interesting tool, which Windows users will find it very easier to use. IGPRS that stands... - UPDATE: log2timeline 0.63!
We very briefly wrote about log2timeline in an update post about DEFT Linux here. A few hours ago, a... - UPDATE: DEFT 7.1!
Our first post regarding DEFT Linux can be found here. Yesterday, an update DEFT Linux version 7.1 w... - UPDATE: Mandiant Redline 1.5!
Our first post regarding Mandiant Redline can be found here. A few hours ago, an update Mandiant Red... - BFT: Browser forensic tool
BFT- Browser forensic tool is a software that will search in all kind of browser history even that a... - androguard: Reverse engineering, Malware and goodware analysis
Androguard (Android Guard) is a tool written in python which helps us to analyze, display, modify an... - UPDATE: Registry Decoder 1.2!
Our first post regarding the Registry Decoder can be found here. A few hours ago, an update – Regist...
Tagged as:
Forensics,
TCDiscover,
TCHunt,
TrueCrypt
Comments on this entry are closed.