mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
29 lines
1008 B
Plaintext
29 lines
1008 B
Plaintext
/*! \page encryption_page Encryption Detection Module
|
|
|
|
\section encrypt_overview Overview
|
|
|
|
The Encryption Detection Module searches for files that could be encrypted using an entropy calculation.
|
|
|
|
\section encrypt_running Running the module
|
|
|
|
The module's settings can be configured at runtime.
|
|
|
|
\image html encrypt_module.png
|
|
|
|
Minimum entropy can be set higher or lower, depending on how many false hits are being produced. There is also an option to only run the test on files whose size is a multiple of 512, which is useful for finding certain encryption algorithms.
|
|
|
|
\section encrypt_results Viewing results
|
|
|
|
Files that pass the test are shown in the Results tree under "Encryption Suspected".
|
|
|
|
\image html encrypt_tree.png
|
|
|
|
Each hit also generates an inbox message. These are viewed through the warning triangle near the top of the screen.
|
|
|
|
\image html encrypt_inbox.png
|
|
|
|
Selecting one of the encryption detection hits displays the calculated entropy of the file.
|
|
|
|
\image html encrypt_entropy.png
|
|
|
|
*/ |