Eve
Eve
I think i was planning on doing it... I agree though that it would be simple enough as a starter.
Thanks @ikelos !
Another attempt to keep this not stale....!
@dgmcdona maybe one for a different PR once all these bits have been worked out but it would probably make sense to also update the linux VmaYaraScan plugin too? Or...
Be aware that truecrpyt doesn't always cache a password, it may only be the master keys held in memory. (Although the fact the plugin tried might mean that there is...
This blog post is a good place to start: https://volatility-labs.blogspot.com/2014/01/truecrypt-master-key-extraction-and.html
Could you share a full log with -vvvvv please. E.g. lots of verbose flags not just one. Is it by any chance using the new compressed format they offer? https://github.com/volatilityfoundation/volatility3/issues/1325
Thanks for this, it looks like vol is finding most of the bits it needs but is still failing. I'm not clear why at the moment, hopefully someone else will...
Thanks, good to know. Having deleted it might make any bug fixes difficult to test. Let's see if the core devs can spot the problem.
@QXJ6YW4 are you able to make an issue with the logs required for debugging? That'll allow someone to properly diagnose the issue with your sample.