Hosting Provided By

Re: Identifying Win2K/XP Encrypted Files

From: Simson L. Garfinkel <simsong(at)lcs.mit.edu>
Date: Thu Jan 30 2003 - 07:55:40 EST

Although not guaranteed, encrypted files are files with high entropy that do not have a header indicating that they are a compressed with a recognized format.

Truthfully, this approach will not recognize files that are compressed with unrecognized algorithms. But for all purposes, such files are actually encrypted.

I have written a small program in the past that finds encrypted files. If you wish, I could dig it up and polish it off.

On Wednesday, January 29, 2003, at 12:23 PM, Christopher Howell wrote:

> Does anyone know a slick way to find encrypted files on a running

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Jan 30 08:31:51 2003

This message: [ Message body ]
Next message: Burnette, Michael: "RE: Identifying Win2K/XP Encrypted Files"
In reply to: Christopher Howell: "Identifying Win2K/XP Encrypted Files"
In reply to Matthew S. Hamrick: "Re: Identifying Win2K/XP Encrypted Files"
Next in thread: Craig Earnshaw: "Re: Identifying Win2K/XP Encrypted Files"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:43 EDT