![[-]](https://www.aiowares.com/images/collapse.png "[-]")
12-17-2019, 08:11 PM
(This post was last modified: 12-18-2019, 08:12 AM by Bl4ckCyb3rEnigm4.)
It's important during an arrest of a cybercriminal that the computer is powered on. That because the cybercriminal can have installed a program that decrypt the disk at startup only by inserting a password or because you want the login credential to a site. An example of a program that encrypt the disk is VeraCrypt. VeraCrypt infact is able to encrypt the disk with a password and decrypt it at startup, that means that if the computer is shutted down the only way to do forensics over it is to know the password. You can try to do a dictionary attack(trying common used passwords) to decrypt the disk, but if the cybercriminal chose a good password, there is nothing you can do. If someone of you want a thread about how to use these programs, let me know. Here the link for the interesting article about disk encryption.(I suggest you to first read this post https://www.aiowares.com/showthread.php?tid=1446 to understand how that can be possible)
Code:
https://www.zdnet.com/article/cryogenically-frozen-ram-bypasses-all-disk-encryption-methods/
