Luks – Crypto Container

#Initialization sudo dd if=/dev/urandom of=CryptoContainer bs=1M count=300000 sudo cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -y luksFormat CryptoContainer sudo cryptsetup luksOpen CryptoContainer Crypto_Forensics sudo mkfs.ext4 /dev/mapper/Crypto_Forensics sudo mount -t ext4 /dev/mapper/Crypto_Forensics /media/Crypto_Forensics sudo chown -R username /media/Crypto_Forensics #Map Crypto Container sudo cryptsetup luksOpen CryptoContainer Crypto_Forensics sudo mount -t ext4 /dev/mapper/Crypto_Forensics /media/Crypto_Forensics #UnMap Crypto Container sudo unmount /media/Crypto_Forensics sudo cryptsetup luksClose container

Continue reading »

Convert RAW image to VDI/VMDK (VirtualBox/VMWare)

In some forensics cases it is necessary to directly boot a HDD evidence to analyze a certain operating system behavior in a “realtime” way. Before you take this step make sure that you really have collected all volatile data and have 1-2 bitcopy images or a clone of the HDD evidence…just in case of. Convert RAW to VDI VBoxManage convertdd SOURCE.raw DESTINATION.vdi –format VDI Convert RAW to VMDK VBoxManage convertdd SOURCE.raw DESTINATION.vmdk –format VMDK Convert VDI to RAW VBoxManage clonehd SOURCE.vdi DESTINATION.raw –format RAW Convert VMDK to RAW VBoxManage clonehd SOURCE.vmdk DESTINATION.raw –format RAW

Continue reading »

Luks – crypto volume

Setup of LUKS crypto volume on Ubuntu: sudo cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 -y DEVICE sudo cryptsetup -c aes-xts-plain64 -s 512 -h sha512 luksFormat DEVICE sudo pv -tpreb /dev/zero | dd of=/dev/mapper/crypto_forensiscs bs=128M sudo mkfs.ext4 /dev/mapper/crypto_forensics sudo mkdir /media/crypto_forensics sudo mount /dev/mapper/crypto_forensics /media/crypto_forensics/ Auto-Mount-Script: #!/bin/sh umount /media/crypto_forensics/ cryptsetup luksClose /dev/mapper/crypto_forensics cryptsetup luksOpen /dev/sdb crypto_forensics cryptsetup -v status crypto_forensics mount /dev/mapper/crypto_forensics /media/crypto_forensics/

Continue reading »