TrueCrypt Search and Decrypt - Tool created for 2013 DC3 Forensic Challengeīelow are examples on how to use the example scripts.ĭump.py will perform a hex dump of the decrypted header and first sector of a container.
TCHead – header brute-forcer and hidden volume detection tool.
TestCrypt – helps recover lost TrueCrypt partitions.
UNTRUE – checking passwords against TrueCrypt encrypted volumes and disks, and/or decrypting the data.
tcplay – pretty much fully featured and stable TrueCrypt implementation.
reserved.py: Hides data within the reserved space of a container.
quick-container.py: Produces a working Truecrypt container in seconds.
pw-check.py: Checks password against all available Truecrypt options.
image.py: Create decrypted dd image of container.
dump.py: Header and first sector decrypted hex dump.
Easy to use - see example and source code for API.
Can decrypt damaged containers if salt and header keys are recoverable.
Supports all encryption modes and hash functions offered by Truecrypt.
Can decrypt using only recovered keys (no password required).
Decrypts header (can dump raw decrypted header).
Truecrypt volume parsing library by originally created by Gareth Owen, University of Portsmouth, with additional features added by Adam Swann.
0 kommentar(er)
