Lisa Kachold wrote: > TrueCrypt is now Detectable > > "Sorry Charley!" not quite so fast. I have checked the tool as detailed on the site above and even tried a few tests. the results were inconclusive at best. the tool (as described) could not reliably tell the difference between a real encrypted volume (using truecrypt) and actual random data (as generated by /dev/urandom). The encrypted file volume was 1 GB and the 3 other random files were also 1 GB and a known commercial product was used for creating a 5th (mac's filevault). the tool clearly stipulated that the filevault volume was encrypted (it has headers) but none of the other 4 were detectable. as an aside, I have been messing with encrypted file systems now for several months. I have found that both ccrypt (for file encryption) and truecrypt seem to work best for their specific purposes (and don't cost a mint). Now, as for forensic innovations.. have they posted any of their testing criteria, any procedures they used, type of hardware, base OS, etc? I saw no mention of that and further digging has resulted in a null return. Now, if a company like encase or ftk or paraben had done some tests like this, there'd be reams of documentation (such as publications, white papers, additional instructions in their product manuals, etc). I have seen none of this so far. I will be calling a representative at FTK in the morning and running this across their desk. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss