Truehunter Logo

Truehunter

0
Free
Visit Website

The goal of Truehunter is to detect encrypted containers using a fast and memory efficient approach without any external dependencies for ease of portability. It was designed to detect Truecrypt and Veracrypt containers, however it may detect any encrypted file with a 'header' not included in its database. Truehunter performs the following checks: Test the first 8 bytes of the file against its own database. File size modulo 64 must be zero. Calculates file entropy. Truehunter is part of BlackArch forensic tools. Installation: Any Python version from 2.7-3.7 should work, it does not need any additional libraries. Usage: The headers database file will be created with the first use, and can be updated after every scan. Note this is not a correct header database, just the first 8 bytes of every file, extension and date (It does the job as a PoC). Fast Scan: Searches for files with a size % 64 = 0 (block ciphers), unknown headers and appearing less than MAXHEADER value (default 3). Default Scan: Performs a fast scan and calculates the entropy of the resulting files to reduce false positives. Usage: truehunter.py [-h] [-D HEADERSFILE] [-m MINSIZ

FEATURES

ALTERNATIVES

A file search and query tool for ops and security experts.

Exiv2 is a C++ library and command-line utility for image metadata manipulation.

Visually inspect regex matches in binary data/text with YARA and regular expressions, displaying matched bytes and surrounding context.

A tool for restoring defocused and blurred images with various deconvolution techniques and fast processing capabilities.

PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.

A python module for orchestrating content acquisitions and analysis via Amazon SSM.

Tool for parsing NTFS journal files, $Logfile, and $MFT.

Browse and analyze iPhone/iPad backups with detailed file properties and various viewers.

PINNED