Autopsy User Documentation
4.5.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
The Encryption Detection Module searches for files that could be encrypted using an entropy calculation.
The module's settings can be configured at runtime.
Minimum entropy can be set higher or lower, depending on how many false hits are being produced. There is also an option to only run the test on files whose size is a multiple of 512, which is useful for finding certain encryption algorithms.
Files that pass the test are shown in the Results tree under "Encryption Suspected".
Each hit also generates an inbox message. These are viewed through the warning triangle near the top of the screen.
Selecting one of the encryption detection hits displays the calculated entropy of the file.
Copyright © 2012-2016 Basis Technology. Generated on Tue Feb 20 2018
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.