As we know, TrueCrypt is a free and open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux. It does so by creating a virtual encrypted disk within a file and mounts it as a real disk. The reason we are mentioning aboutTrueCrypt is because of TCHunt – an open source application to detect most encrypted TrueCryptvolumes.
Since TrueCrypt is very stable and does it’s job as it says, it is used by almost everyone who wants to deny unauthorized access to their data. It allows you to use keyfiles that stop basic keyloggers, supports automatic unmounting after timeouts, etc. However, this also brings in the “bad guys” who hide behind such legitimate software to protect themselves. It does become really difficult while forensically investigating a TC encrypted drive. This is where TCHunt comes in handy. TCHunt allows you to search for file with the following attributes :
- The suspect file size modulo 512 must equal zero.
- The suspect file size is at least 19 KB in size (although in practice this is set to 5 MB).
- The suspect file contents pass a chi-square distribution test.
- The suspect file must not contain a common file header.
TCHunt also seems very robust. Only, if a volume happen to be created with a common file header, then TCHunt would not find that volume. Even if someone were to rename your encrypted TrueCryptvolumes and hide them among millions of files of similar size, file extension, modification time, etc., TCHunt would quickly and accurately find the actual encrypted volumes! That’s not all! TCHunt completely ignores file names and file extensions. Owing to this, TCHunt can still find encrypted volumes that lack file extensions or have fictitious file extensions! You can employ TCHunt to locate encrypted sparse volumes and encrypted hidden volumes too!
TCHunt can run on Windows XP or newer Windows operating systems. Best of all, it is a self-contained, standalone program, that does not need any additional dependencies and can be used from a floppy disk, USB drive or CD/DVD! Just take care while compiling from the source code that you link the source with boost and FLTK libraries.
Download TCHunt v1.5 (TCHunt-1.5-en.exe/TCHunt-1.5-en.lin) here.
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
download