8 bits: Truecrypt now detectable

# -->

April 27, 2009

Truecrypt now detectable

version 2.23 of File Investigator TOOLS claims it can find files and volumes, encrypted with TrueCrypt. Read for yourself at http://www.forensicinnovations.com/blog/?p=7

update 28-4-2009:

I did some tests with the free evaluation version of File Investigator and it seems the tool DOES find TrueCrypt containers. Download the evaluation version here. Price of the full version: 195 US dollars

Posted in Encryptie | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451c2f969e201156f5ff3df970c

Listed below are links to weblogs that reference Truecrypt now detectable:

Comments

Hello Mark,

TrueCrypt detectable ? Not sure...

Did you read this comment posted on Forensic Innovations Website ?

-------- Begin --------

# debunker Says:
April 27th, 2009 at 12:16 pm

This is an obvious scam. The only thing your tool might be able to report is that a file was found to contain solely random data. Nothing more. The tool cannot distinguish a TrueCrypt container from a file containing random data. Therefore, you cannot identify a TrueCrypt volume.

A simple test to prove that you are nothing more than commercially motivated, deliberately misleading, fraudsters:

Create a couple of files on a partition. Each of the files will be 1MB in size and it will contain purely random data. Now create a 1MB TrueCrypt container on the same partition. Your software will NOT be able to distinguish the TrueCrypt container from the other files. It will falsely report that all of the files are TrueCrypt containers. Again, it will NOT be able to DISTINGUISH a TrueCrypt volume from random data or to identify it as such. (The fact that the size of a TrueCrypt container is always a multiple of 512 does not play any role — it doesn’t distinguish it from other files containing random data (let alone prove that it is a TrueCrypt container).)

There already is a similar scam tool. It’s free (unlike your tool) and the following comment was posted in response to it by one of the moderators on the TrueCrypt Forums. It sums it up well:

http://forums.truecrypt.org/viewtopic.php?p=63217#63217

If your claims were true, you would break the AES and you would now be really famous. But the only thing you will achieve is that you will be sued by the TrueCrypt Foundation for intentional, commercially motivated, damage of the reputation of their product.

---------- end of citation -----------

There is also a response from Forensic Innovations and the question is still open.

What do you think about it ?

Posted by: Serge | April 27, 2009 at 10:01 PM

Hi Serge ! I'll do some tests with the tool today to see if it works or not and I'll update my posting afterwards, Mark

Posted by: Mark | April 28, 2009 at 07:50 AM

Hi Mark,

Thanks for the tests and your quick response. So, it's a good news for us.

Posted by: Serge | April 28, 2009 at 09:15 PM

I'd be curious to know if it detects hidden truecrypt volumes... ?

Posted by: Cedric Pernet | April 29, 2009 at 02:13 PM

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Post a comment

Comments are moderated, and will not appear until the author has approved them.

8 bits

Just a techblog about IT security, SQL, webdesign and open source forensics

Categories

Beeld advertenties