Bruteforcing Linux Full Disk Encryption (LUKS) With Hashcat

by

by Patrick Bell

This walk-through will show you how to Bruteforce LUK volumes using hashcat, how you can mount a LUK partition, and how we can image it once it’s decrypted.

Scenario: You’ve got a Macbook in. MacOS has been removed and Debian 9.0 has been installed. The suspect is using LUKS (Linux Unified Key Setup) full disk encryption to encrypt the disk. Password is unknown and we need a forensically sound method to access the data. This is how I’d do it.

Read More

Leave a Comment

Latest Articles

Atola Adds iSCSI Support And Enhanced RAID Features To Its TaskForce Imagers
News

Atola Adds iSCSI Support And Enhanced RAID Features To Its TaskForce Imagers

ByAtola TechnologyMay 20, 2025
Major Step Forward For Public Safety As Forensics Europe Expo Co-Locates With The Blue Light Show
News

Major Step Forward For Public Safety As Forensics Europe Expo Co-Locates With The Blue Light Show

ByForensic FocusMay 19, 2025
Forensic Focus Digest, May 16 2025
News

Forensic Focus Digest, May 16 2025

ByForensic FocusMay 16, 2025
Introducing XRY 11.0.1 From MSAB
News

Introducing XRY 11.0.1 From MSAB

ByMSABMay 15, 2025
“You Knew What You Were Signing Up For” – A Harmful Narrative In DFIR?
ArticlesWell-being

“You Knew What You Were Signing Up For” – A Harmful Narrative In DFIR?

ByForensic FocusMay 15, 2025
Amped Authenticate Update Empowers Investigators With Expanded Tools For Deepfake Detection And Video Integrity Analysis
News

Amped Authenticate Update Empowers Investigators With Expanded Tools For Deepfake Detection And Video Integrity Analysis

ByAmpedSoftwareMay 15, 2025