Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

encryption

- - - - -

  • Please log in to reply
1 reply to this topic

#1
achical

achical
  • Member
  • 1 posts
  • Joined 08-October 12
  • OS:none specified
  • Country: Country Flag
Hi guys!!

im doing a working in the it-forensic area and i would like any help with this question.
'
suppose u have a hardisk where one of the partition is encrypted with Truecrypt 5.1a and is hidden as well
u know the key as 16 characteres AES 256 bit.

how would u find this hidden partition and how would collect data from it?

which tools you think can work better in this case

remember the laptop is runnig Win7 home premium

any ideas here guys

thanks for your time


How to remove advertisement from MSFN

#2
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,654 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

Hi guys!!

im doing a working in the it-forensic area and i would like any help with this question.
'
suppose u have a hardisk where one of the partition is encrypted with Truecrypt 5.1a and is hidden as well
u know the key as 16 characteres AES 256 bit.

how would u find this hidden partition and how would collect data from it?

which tools you think can work better in this case

remember the laptop is runnig Win7 home premium

any ideas here guys

thanks for your time


I don't get it. :ph34r:
Are you sure you do work in digital forensics? :unsure:
You are not serious about doing the work from the booted laptop, don't you? :w00t:
You IMAGE (forensic sound image) the disk first thing, then working on the IMAGE or on a CLONE of it:
  • You find hidden partition in the MBR and/or EPBR's, then you unhide it, and if you have the key you unencrypt it.
  • If you have not the key, then you need to "crack" it.

You will need some dedicated GPU(s) and a lot of patience (and a bit of luck).

jaclaz




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users