Difference between revisions of "TrueCrypt"

From ForensicsWiki
Jump to: navigation, search
m
m (Attacks)
Line 6: Line 6:
  
 
==Attacks==
 
==Attacks==
The only option for acquiring the content of a TrueCrypt drive is to do a brute-force password guessing attack. Both PRTK and DNA can attack the program.
+
The only option for acquiring the content of a TrueCrypt drive is to do a brute-force password guessing attack. AccessData's Password Recovery Toolkit ([[PRTK]]) and Distributed Network Attack ([[DNA]]) can both perform such an attack, but DNA is faster.
  
 
== External Links ==
 
== External Links ==
  
 
* [http://www.truecrypt.org/ Official website]
 
* [http://www.truecrypt.org/ Official website]

Revision as of 03:38, 27 February 2007

TrueCrypt is a Windows program to create and mount virtual encrypted disks.

Forensic Acquisition

If you encounter a system that has a mounted TrueCrypt drive, it is imperative that you capture the contents of the encrypted drive before shutting down the system. Once the system is shutdown, the contents will be inaccessible with an encryption key generated by a user's password and/or an additional datafile.

Attacks

The only option for acquiring the content of a TrueCrypt drive is to do a brute-force password guessing attack. AccessData's Password Recovery Toolkit (PRTK) and Distributed Network Attack (DNA) can both perform such an attack, but DNA is faster.

External Links