TCHunt
TCHunt is a software application used to detect encrypted TrueCrypt volumes, files containing pure random data and other encrypted files. It was written to demonstrate that while encrypted volumes may be indistinguishable from random data, volumes themselves can be easily distinguished from most other files on your system; TCHunt can quickly and accurately find actual encrypted volumes - there can be false positives (as explained above) but they can be easily dismissed.
The source code to TCHunt is distributed as free software on github.
TCHunt Attributes
TCHunt uses the following file attributes to identify encrypted files and/or files containing only random data. TCHunt cannot differentiate between encrypted data and random data:
* The suspect file size modulo 512 must equal zero.
* The suspect file size is at least 19 KB.
* The suspect file contents pass a chi-square distribution test.
* The suspect file must not contain a common file header.
References and notes
As of version 1.5a, TCHunt is licensed under the GPL
 
< Prev   Next >
[ Back ]

Main Menu

Home
Articles
Search
Submit Article
Contact Us
Donate to Wikibin
All text is available under the terms of the GNU Free Documentation License.