The objective of Truehunter is to detect TrueCrypt containers the usage of a quick and reminiscence environment friendly way. It was once designed as a PoC a while in the past as I could not in finding any open supply device with the similar capability.
utilization: truehunter.py [-h] [-D HEADERSFILE] [-m MINSIZE] [-M MAXSIZE]
[-R MAXHEADER] [-f] [-o OUTPUTFILE]
Tests for record dimension, unknown header, and entropy of information to decide if
they're encrypted containers.
LOCATION Power or listing to scan.
-h, --help display this assist message and go out.
-D HEADERSFILE, --database HEADERSFILE
Headers database record, default headers.db
-m MINSIZE, --minsize MINSIZE
Minimal record dimension in Kb, default 1Mb.
-M MAXSIZE, --maxsize MAXSIZE
Most record dimension in Kb, default 100Mb.
-R MAXHEADER, --repeatHeader MAXHEADER
Discard information with unknown headers repeated greater than
N instances, default 3.
-f, --fast Don't calculate entropy.
-o OUTPUTFILE, --outputfile OUTPUTFILE
Scan effects record title, default scan_results.csv