You will be shown a progress bar and it will take some time depending on how big your volume size is. Next click on ‘Format’ and the volume creation would begin.
Needless to say, it should be strong as a weak password defeats the whole purpose of security/encryption. This is the ‘password’ which will be used to decrypt the volume while ‘mounting’ it. The container can be seen at this location but it won’t have any ‘extension’ and will have the name that you provide it during this set up.Ĭhoose any ‘location’ on your computer for the container and carry on to the next step.Ī password is now required for this volume. On the next screen you will asked for the ‘location’ of this volume. In case of hidden volume, no one would really know that it is there so they can’t ‘force’ you to provide its password.įor now we will just create a ‘Standard’ volume. Now the next screen asks if you want to create a Standard or Hidden Volume. The files can be of any type, as long as they lie in this container, they will be encrypted after ‘dismounting the volume’.
This container will contain your encrypted files. As this is the first time we are using Truecrypt we need to set up a volume for our use.Ĭlick ‘Create Volume’ and the Truecrypt volume creation wizard opens up:Ĭlick on ‘create an encrypted file container’ Here is how you can set up Truecrypt for use in Kali Linux (similar procedures will work in other Linux distros and Windows). I first came across the tool when I was reading ‘Kingpin’ (The infamous hacker Max Butler was using it to encrypt data that could be used as evidence against him). It comes pre-installed in Kali Linux and Backtrack. It’s free and available for Windows and Linux. Truecrypt is one of the best encryption tools out there. The importance of privacy–specially concerning sensitive documents–cannot be overstated, and if you’re here, you have already taken the first step towards securing it.
Image mounting: due to fuse driver issues, using ewfmount, mountwin or imageMounter.Data protection is crucial.
Manual installation under Windows Subsystem for Linux Sudo mv sift-cli-linux /usr/local/bin/sift Note: You'll see an error about improperly formatted lines, it can be ignored so long as you see sift-cli-linux: OKbefore it
You can register here.Īfter, you should import the OVA file into your virtualization environment: The most simple way is download the VM Appliance, from this link:ĭownload SIFT Workstation Virtual Appliance (.ova format) Threat Hunting and Malware Analysis CapabilitiesĪnd here a long video by Rob Lee with a big overview of the toolkit:ĭownload and Install SIFT Workstation VM appliance.Threat Intelligence and Indicator of Compromise Support.ewfmount - mount E01 images/split images to view single raw file and metadata.mount_ewf.py - mount E01 image/split images to view single raw file and metadata.split ewf (Split E01 files) via mount_ewf.py.affuse - mount 001 image/split images to view single raw file and metadata.afflib (All AFFLIB image formats (including beta ones)).The SIFT Workstation is a collection of tools for forensic investigators and incident responders, put together and maintained by a team at SANS and specifically Rob Lee, also available bundled as a virtual machine. In my point of view, SIFT is the definitive forensic toolkit!