Hi everybody,
Lately, our clients are more and more interested in us taking out our Forensic Images out of their facitilies in encrypted volumes. The tool we are currently using for creating the volumes is TrueCrypt, and although it has been very "friendly" to us when in a Windows Environment, the same tool is not treating us the same way under a Linux Environment.
The problem arises when trying to make an acquisition with Helix directly into a TrueCrypt Volume. The volume I am trying to mount was created with the Windows GUI, but I believe they are fully compatible, aren't they?
The command I use, and the responses from Helix are the following
[root (knoppix)]# truecrypt -i
Enter Volume Path /media/sda/Volumen
Enter mount directory [none] /mnt/TrueVol
Protect hidden volume? [y/N] N
Enter keyfile path [none]
Enter password for '/media/sda/Volumen'
device-mapper reload ioctl failed Invalid argument
Command failed
The file 'Volumen' is the volume I created under Windows, the volume '/media/sda/' has been mounted with rw permission, and the directory '/mnt/TrueVol/' has been created by me so as to contain the mounted volume inside the TrueCrypt file. Any suggestions?
Thanks!
Never used TrueCrypt so I'm just thinking out loud. Was the TrueCrypt volume on the external media created with Windows? If so, try just formatting the media FAT32 with Windows and then creating the TrueCrypt volume using Linux.
Well, at least you should be able to …
Q Will I be able to mount my TrueCrypt partition/container on any computer?
A TrueCrypt volumes are independent of the operating system. You will be able to mount your TrueCrypt volume on any computer on which you can run TrueCrypt
Any chance of a look at /var/log/messages ? I don't know if Helix creates it, I know that some of the Knoppix derivatives that boot from CD don't create any logs … ( Nowhere to write the things I guess … ) But it might have a clue - look at the Device Mapper error lines if they exist …
I may just be confused by your use of "sda" here. Is this your volume label or the device indicator? Truecrypt will not recognize the device indicator (sda, hda, etc.) you have to enter the volume label.
For example, if your volume label is "fred" and the container is named "wilma" you would enter (for volume path)
/media/fred/wilma
It will mount truecrypt volumes created in Windows just fine.
Thank you guys, but I haven't been able to solve this
- There are not any logs about the device-mapper in /var/log/messages, or in any other file in /var/log.
- Relating to the naming of the volume… I don't quite understand what you mean gmarshall139, since under Linux you have to name the volumes after what you have decided when mounting the volume. I wouldn't be able to use the Windows volume label even I wanted, unless I manually mounted the volume with that name. I have also tried it (mounting the physical device /dev/sda into /mnt/[Windows Volume Name]), and didn't work.
To sum it up… it does't work ) If nobody has found this trouble before, I'm afraid I will have to wait for the next release of Helix and cross my fingers for the bug to have been solved!
Thank you all!
Actually, I had a thought after reading gmarshal139's post …
Maybe try using sda1 in place of sda … sda is a whole disk, rather than a partition … sda1 would be what you'd normally look at as a partition.
Actually, I had a thought after reading gmarshal139's post …
Maybe try using sda1 in place of sda … sda is a whole disk, rather than a partition … sda1 would be what you'd normally look at as a partition.
I agree with Azrael. You can't truecrypt a device, you can only encrypt a partition on the device.
PM me. I have directions for creating/mounting a truecrypt image on the linux side. I also have directions for the windows side if you are interested.
Are you encrypting the entire partition or a container file within the partition. I do the latter and yes Linux (SUSE 10.3) mounts it under the volume name.
Greetings,
Could you post the instructions for handling TrueCrypt on SUSE correctly? I think this may be of wide interest.
-David
Greetings,
Could you post the instructions for handling TrueCrypt on SUSE correctly? I think this may be of wide interest.
-David
I'd be happy too, but I have no where to host it. If someone else has a spot where they can host it for others to download, PM and I will send for them to post.
Is there a way to upload a file to this forum without linking it to an external website?