Dimitris, Many binary files have a standard format, e.g. graphics and bitmap files. You can look at the format to see if it matches a known standard. On Windows 2000 and XP, files encrypted using EFS have information about the encryption stored in them in plaintext. There is also an 'encrypted' attribute bit. John -----Original Message----- From: kontoudisat_private [mailto:kontoudisat_private] Sent: Monday, August 12, 2002 10:58 PM To: forensicsat_private Subject: Handling, possibly, encrypted data Hi all, I am not into the forensic business, just like the subject and read a bit on it. I have this issue that I would appreciate your input on. Say you image a hard disk and, then, proceed to analyze the copy in order to produce evidence. If the files on the image are obvious (like .doc and stuff) then you may be in a good place. But what happens when you discover a chunk of binary data (a binary file or something) ? How can you determine the file type and, furthermore, how do you conclude that this file is encrypted (if it is) ? Are there any tools that can do this analysis and, maybe, try out a decryption process ? Regards, Dimitris. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Aug 13 2002 - 11:24:50 PDT