Tales from the Crypt: TrueCrypt Analysis
- Hal Pomeranz, Deer Run Associates
What if you suspect a device you are investigating may contain TrueCrypt volumes? What if you have no passwords or memory image to analyze and cannot access the volumes? Is all hope lost?
Based on real world investigations, this talk starts by covering techniques for detecting TrueCrypt volumes on Windows systems using a combination of specialized tools, registry forensics, and application-specific configuration files Next we'll look at the information that is available to the investigator about the contents of a TrueCrypt volume, even when the volume itself cannot be decrypted.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.