Difference between pages "TrueCrypt" and "Talk:Tools:File Analysis"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(New page: '''TrueCrypt''' is a Windows program to create and mount virtual encrypted disks. == Forensic Acquisition == If you encounter a system that has a mounted TrueCrypt drive, it is imperati...)
 
(Are file hash analysis tools suitable for this page?)
 
Line 1: Line 1:
'''TrueCrypt''' is a Windows program to create and mount virtual encrypted disks.  
+
Perhaps a few introductory words as to what kind of file analysis is intended would be helpful.
 
+
I was looking for a mention of the http://www.fileadvisor.bit9.com service, and could not decide
== Forensic Acquisition ==
+
if it was suitable for this page, or if it should go somewhere else. It's a collection of
 
+
file hashes, very useful for deciding if a file is reasonably well known by its file hash.[[User:Athulin|Athulin]] 02:41, 29 October 2007 (PDT)
If you encounter a system that has a mounted TrueCrypt drive, it is imperative that you capture the contents of the encrypted drive before shutting down the system. Once the system is shutdown, the contents will be inaccessible with an encryption key generated by a user's password and/or an additional datafile.  
+
 
+
== External Links ==
+
 
+
* [http://www.truecrypt.org/ Official website]
+

Revision as of 04:41, 29 October 2007

Perhaps a few introductory words as to what kind of file analysis is intended would be helpful. I was looking for a mention of the http://www.fileadvisor.bit9.com service, and could not decide if it was suitable for this page, or if it should go somewhere else. It's a collection of file hashes, very useful for deciding if a file is reasonably well known by its file hash.Athulin 02:41, 29 October 2007 (PDT)