All
The target is a RAID 5 1.0 TB encrypted Volume which the user has used Truecrypt to encrypt all data.
I have imaged the RAID and system Drive using FTK, opened the system Drive and RAID in Encase Ver 6, I can obviously read the system drive but just 'jibberish' on the RAID Volume.
I have mounted both drives via VMware and accessed his system drive. The RAID volume is picked up in the virtual machine, but it asks for the password. The user has been approached but states that he cant recall it. He is no help.
I have the latest version PRTK with a Truecrypt module, I understand this may take a long time but can anyone tell me how I can get PRTK to see the mounted encrypted volume ?
Any help would be appreciated.
Paul
PRTK does not look at the volume. You need to point PRTK at the encrypted container. You will also want to perform some triage on the container to extract just the part of the header necessary for PRTK to attack, otherwise mounting the entire 1 TB every time will just result in an exercise in futility that just tests your processor. Also without some custom dictionaries and some other investigative techniques you will also just be spinning your wheels.
Encryption Devices
Tableau TACC1441 Hardware Accelerator
http//
Re Tableau TACC1441 Hardware Accelerator
gathering shekels to put one in the budget.
How are you getting beyond the second encrypt level for Truecrypt?
Very interesting case you have there. Will like to know how you crack it. Like someone said you need the encryption container for PRTK (or most probably DNA) to chew on.
BTW any tips on shekel gathering. I saw one of these at a show and will love to have it in my toolbox.