Truehunter Logo

Truehunter

0
Free
Visit Website

The goal of Truehunter is to detect encrypted containers using a fast and memory efficient approach without any external dependencies for ease of portability. It was designed to detect Truecrypt and Veracrypt containers, however it may detect any encrypted file with a 'header' not included in its database. Truehunter performs the following checks: Test the first 8 bytes of the file against its own database. File size modulo 64 must be zero. Calculates file entropy. Truehunter is part of BlackArch forensic tools. Installation: Any Python version from 2.7-3.7 should work, it does not need any additional libraries. Usage: The headers database file will be created with the first use, and can be updated after every scan. Note this is not a correct header database, just the first 8 bytes of every file, extension and date (It does the job as a PoC). Fast Scan: Searches for files with a size % 64 = 0 (block ciphers), unknown headers and appearing less than MAXHEADER value (default 3). Default Scan: Performs a fast scan and calculates the entropy of the resulting files to reduce false positives. Usage: truehunter.py [-h] [-D HEADERSFILE] [-m MINSIZ

FEATURES

ALTERNATIVES

Open Backup Extractor is an open source program for extracting data from iPhone and iPad backups.

GVfs is a userspace virtual filesystem implementation for GIO with various backends and features.

A command-line tool for searching and extracting strings from files with various options like ASCII and Unicode string search.

A network forensics toolkit that transforms network traffic data into graph-based representations for interactive analysis and visualization through a web interface.

Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.

A powerful reverse engineering framework

Recover event log entries from an image by heuristically looking for record structures.

A console program for file recovery through data carving.

PINNED