Yes for projects like aeskeyfind For Volatility we use the TC data structures in memory to lead us to the key (the same ones TC uses to perform reads/writes)
right now we are only using them in the class, but in the next Volatility release (2.4) they will be in SVN like all our other ones.
I hope linking to reddit doesn't get me banned, but this question was asked there and explained nicely: http://www.reddit.com/r/netsec/comments/1va904/truecrypt_mas...
It would not help. Volatility is not doing any searching, instead it is reading TC's data structures in memory to find the key. Basically replicating TC's algos offline.
Yes for projects like aeskeyfind For Volatility we use the TC data structures in memory to lead us to the key (the same ones TC uses to perform reads/writes)
right now we are only using them in the class, but in the next Volatility release (2.4) they will be in SVN like all our other ones.
I hope linking to reddit doesn't get me banned, but this question was asked there and explained nicely: http://www.reddit.com/r/netsec/comments/1va904/truecrypt_mas...
It would not help. Volatility is not doing any searching, instead it is reading TC's data structures in memory to find the key. Basically replicating TC's algos offline.