Slashdot Mirror

← Back to Stories (view on slashdot.org)

Forensics Tool Finds Headerless Encrypted Files

Posted by timothy on from the sir-there's-an-anomaly-here dept.

gurps_npc writes "Forensics Innovations claims to have for sale a product that detects headerless encrypted files, such as TrueCrypt Dynamic files. It does not decrypt the file, just tells you that it is in fact an encrypted file. It works by detecting hidden patterns that don't exist in a random file. It does not mention steganography, but if their claim is true, it seems that it should be capable of detecting stenographic information as well."

3 of 374 comments (clear)

  1. Yet another scam by trifish · · Score: 5, Interesting

    Wow, the quality of Slashdot has really been going down lately. Now any random fraud can submit his misleading material and it gets accepted to front page just because it sounds interesting? Is this actually tabloid or serious news for nerds who understand what the talk about?

    In short, this is yet another lame attempt to make money by posting bogus claims about a popular product.

    First, hidden volumes are the only kind of steganography that TrueCrypt offers. Second, if you read the TrueCrypt documentation, you'll learn the following about hidden volumes vs. dynamic:

    On Linux or Mac OS X, if you intend to create a hidden volume within a file-hosted TrueCrypt volume, make sure that the volume is not sparse-file-hosted (the Windows version of TrueCrypt verifies this and disallows creation of hidden volumes within sparse files).

    Furthermore, when I try to create a dynamic TrueCrypt volume, TrueCrypt displays a big warning saying that dynamic volumes are insecure. That's right. Insecure.

    So again, I demote this story as total and utter bogus motivated by the vision commercial gain.

    1. Re:Yet another scam by gurps_npc · · Score: 4, Interesting
      I am the poster. I have ZERO connection to the company mentioned I read about because I do computer programming for a law firm.

      The article may in fact just be an advertisement, created for commercial gain.

      But it was posted because I personally read it and was interested in it.

      --
      excitingthingstodo.blogspot.com
  2. Re:Don't worry by FutureDomain · · Score: 4, Interesting

    The company has "innovations" in it's name, so their product probably won't work.

    I actually tried it with a Truecrypt volume and a random file (/dev/urandom) and it seems to work. The Truecrypt is identified as "Encrypted Data (Headerless)" and the random file is identified as "Data File (Unknown)".

    --
    Hydraulic pizza oven!! Guided missile! Herring sandwich! Styrofoam! Jayne Mansfield! Aluminum siding! Borax!