CryptHunter detects mounted encrypted volumes and active full-disk encryption on running computer systems. The tool responders and investigators to the need to execute a forensic collection of data from encrypted volumes before powering down systems and potentially losing access to evidence. The latest version of CryptHunter has been tested against 21 of the most common volume-based encryption applications and 8 full-disk encryption packages.
With the rising prevalence of encryption on computers, CryptHunter is designed to avert the unintentional loss of evidentiary data by alerting search team personnel to the presence of accessible encrypted containers for that data. As a quick screening tool, CryptHunter will warn when the traditional practice of pulling the plug on running computers will lead to losing access to encrypted data. This screening approach enables the allocation of technical resources to encrypted systems that merit special treatment and a different forensic collection process.
Register to download CryptHunter.
Availability: law enforcement
Released: August 2006 (v 0.2)
System requirements: Windows OS Version updates support for new versions of SafeGuard Easy full disk encryption, since its acquisition by Sophos; now scans up to 15 attached physical devices; fully tested on 64-bit systems