Handling, possibly, encrypted data

From: kontoudisat_private
Date: Mon Aug 12 2002 - 22:57:48 PDT

  • Next message: Tom Stowell: "Re: Handling, possibly, encrypted data" 

    Hi all,

I am not into the forensic business, just like the subject and 
read a bit on it. I have this issue that I would appreciate your input on.
Say you
image a hard disk and, then, proceed to analyze the copy in
order to produce evidence. If the files on the image are obvious
(like .doc and stuff) then you may be in a good place. But what
happens when you discover a chunk of binary data (a binary
file or something) ? How can you determine the file type and,
furthermore, how do you conclude that this file is encrypted
(if it is) ? 

Are there any tools that can do this analysis and, maybe, try out
a decryption process ?

Regards,
Dimitris.

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    This archive was generated by hypermail 2b30 : Tue Aug 13 2002 - 10:47:16 PDT