The great thing about encrypted files is that they appear to be statistically random. If you still have the tools that find RSA keypairs on harddrives, you might be able to tell it to find files that look statistically random. Public and private keys, and compressed files will have some of the same characteristics, however, so you'll probably have to use the randomness scanner to find candidates, then common sense to figure out what's an encrypted file and what's a compressed file. /etc Matt Hamrick On 1/29/03 12:23 PM, "Christopher Howell" <howellcat_private> wrote: > Does anyone know a slick way to find encrypted files on a running Win2K/XP > machine? If I am tasked with seizing one, and find it on and logged in, it > would be nice to be able to identify files encrypted with Windows before I > pull the plug. It seems to me the only way to do it is to view the attributes > in Windows Explorer - but short of clicking down through the whole tree, I > don't see how to find encrypted files that are in non-encrypted folders or a > level or two down... > > Anyone with ideas on this? > > > Christopher Howell > State Investigator, ACCCI, ACCFT > New Jersey Division of Criminal Justice > Computer Analysis and Technology Unit > 609-984-9411 > howellcat_private > > > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 04:59:09 PST