CryptHunter

CryptHunter detects mounted encrypted volumes as well as active full-disk encryption on running computer systems. This alerts responders and investigators to the need to execute a forensic collection of data from encrypted volumes before powering down systems and potentially losing access to evidence. The latest version of CryptHunter is tested against 21 of the most common volume-based encryption applications and 8 full-disk encryption packages.

With the rising prevalence of encryption on computers, CryptHunter is designed to avert the unintentional loss of evidentiary data by alerting search team personnel to the presence of accessible encrypted containers for that data. As a quick screening tool, CryptHunter will warn when the traditional practice of pulling the plug on running computers will lead to losing access to encrypted data. This screening approach enables the allocation of technical resources to encrypted systems that merit special treatment and a different forensic collection process.

Availability

Law Enforcement

Release Date

Initial Release: August 2006 (v 0.2)

Version

Version 0.9

Version Updates

  • Support for new versions of SafeGuard Easy full disk encryption, since its acquisition by Sophos.
  • Now scans up to 15 attached physical devices.
  • Fully tested on 64-bit systems.

System Requirements

Windows operating system

Download

Please visit the CERT website to download CryptHunter.

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.