True Crypt Search?

Truecrypt can encrypt files, partitions or whole disks so you might want to check out any partitions with high entropy first.

When it comes to files there are no magic answers but if you know how TrueCrypt works you can give yourself a head start. Look for files with a high entropy and are a round number (to the power of 2) in KB, MB or GB as files made with TrueCrypt rarely have a file size that is an odd size (because that's what the GUI asks when creating the file). In Windows, files with the '.tc' extension are associated with TrueCrypt but this is no guarantee as TrueCrypt will open files with any (or no) extensions.

Cracking the encryption, now that's a whole different ball game…

Paul

Thanks for the info, I knew it wouldnt be as easy as looking for ".TC" extensions..lol.

Hi Techie,

Read the TrueCrypt Documentation and the information on their website. I did a project a few years ago on 'attack trees' for a computer security subject and found the info very handy. Look at Hybernation files, registry info and the like, but actually finding the encrypted containers may be a bit harder.

DM

TChunt.
http//16s.us/TCHunt/
———-
Q. TCHunt found all of my encrypted volumes. How does it work?

A. TCHunt searches for four (4) file attributes. This is all TCHunt does

1. The suspect file size modulo 512 must equal zero.
2. The suspect file size is at least 19 KB in size (although in practice this is set to 5 MB).
3. The suspect file contents pass a chi-square distribution test.
4. The suspect file must not contain a common file header.

@net-Clone
AWESOME find!! Thank you sir! =)

Verify it -)

As always but great advice! =)

Are their any True Crypt Enscripts out there?

There is an Encrypted Data Finder EnScript that scans files and reports back those with an entropy above a certain level you set.