I was given an unknown image. I always take things like this, put it on a Linux machine and do strings to see if there's any header information that can be of use. In this case, I see LUKS, aes, xts-plain64, sha1. I'm not familiar with this format, so I Google. This is a format used to protect disks and encrypt containers. Breaking LUKS Encryption | By Oleg Afonin - eForensics (eforensicsmag.com). While this is interesting, I didn't use this to solve the problem.
I'd gotten a Talino (Forensic Laptop | Extremely Portable Forensic Workstation (sumuri.com) a couple years ago - I tend to save up and overbuild my machines. It's a nice forensics laptop. I'm interested in forensics, so I asked them how much it would cost to get certain tools added into the price of the laptop. One of those tools was a nice application called Passware. It's very easy to use. I just opened it, dragged the image file into the GUI, and it automatically detected what type of image it was.
No comments:
Post a Comment