/Cryptoscan

It is an updated version of a module created by Jesse Kornblum for the Volatility framework which scans a memory image for TrueCrypt passphrases. The method is described in Brian Kaplan's thesis “RAM is Key, Extracting Disk Encryption Keys From Volatile Memory”, pages 22-23. More on that can be found on the author's blog.

Primary LanguagePython

This repository is not active