Automatically encrypt acquisition folder (and securely wipe unencrypted files)

botherder / pcqf

pcqf (PC Quick Forensics) helps quickly gathering forensic evidence from Windows, Mac, and Linux systems, in order to identify potential traces of compromise.

Other

133 stars 20 forks source link

Automatically encrypt acquisition folder (and securely wipe unencrypted files) #1

Open botherder opened 6 years ago

botherder commented 6 years ago

In some cases, carrying acquisition data (particularly memory snapshots) through various types of checkpoints (e.g. borders/airports) could be problematic as it might expose very sensitive personal data.

The idea would be to automatically compress, anonymize and encrypt the acquisition folder if for example a PGP public key is detected on the drive.

The primary issue is the size of the data to be encrypted, which with memory snapshots might be significant.

botherder commented 6 years ago

Started with 56fde5a4df85aab38541a6542a86c9b9c8152bb6. Still trying to figure out what's the best way to encrypt the acquisition.

botherder commented 6 years ago

Almost completed with 98816474bed3aeea5d35c12b4d7d34e0d3405032. Need to securely wipe the unencrypted files though.