Truehunter Logo

Truehunter

0
Free
Visit Website

The goal of Truehunter is to detect encrypted containers using a fast and memory efficient approach without any external dependencies for ease of portability. It was designed to detect Truecrypt and Veracrypt containers, however it may detect any encrypted file with a 'header' not included in its database. Truehunter performs the following checks: Test the first 8 bytes of the file against its own database. File size modulo 64 must be zero. Calculates file entropy. Truehunter is part of BlackArch forensic tools. Installation: Any Python version from 2.7-3.7 should work, it does not need any additional libraries. Usage: The headers database file will be created with the first use, and can be updated after every scan. Note this is not a correct header database, just the first 8 bytes of every file, extension and date (It does the job as a PoC). Fast Scan: Searches for files with a size % 64 = 0 (block ciphers), unknown headers and appearing less than MAXHEADER value (default 3). Default Scan: Performs a fast scan and calculates the entropy of the resulting files to reduce false positives. Usage: truehunter.py [-h] [-D HEADERSFILE] [-m MINSIZ

FEATURES

ALTERNATIVES

A tool for fixing acquired .evt Windows Event Log files in digital forensics.

Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.

A powerful OSINT tool for creating custom templates for data extraction and analysis

A Python-based engine for automatic creation of timelines in digital forensic analysis

Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.

A digital forensics tool that provides read-only access to file-system objects from various storage media types and file formats.

A DFVFS backed viewer project with a WxPython GUI, aiming to enhance file extraction and viewing capabilities.

Automated collection tool for incident response triage in Windows systems.