Anti-Forensics: Using Veracrypt to Hide Your Most Sensitive Data

Bug Bounty Cybersecurity Cyberwar Digital Forensics Hacking InfoSec

Welcome back, my aspiring cyberwarriors!

In our industry, we often carry around some very valuable and sensitive data. This might include a bug bounty technique, a zero-day, future plans in our cyberwar, or simply confidential information on our family and friends that they have shared with us. It is critical that this information not fall into the wrong hands if our laptop is stolen or misplaced.

As you know, a password protected operating system will not protect your data from a skilled investigator. Data on your hard drive can be accessed using a live boot forensic operating system or simply removing your hard drive from the system and copying the key clusters.

To keep your data safe, you need to encrypt your data on your hard drive. although both Apple and Microsoft offer data encryption applications both companies have shown themselves to be untrustworthy guardians of your data. Let’s use an open-source application with a good track record and not beholden to some untrustworthy corporate behemoth who will sell your data to the highest bidder.

Once there was an application known as TrueCrypt that was open-source and successful in keeping your data safe. Unfortunately, the developers discontinued support of this product. Fortunately for us, another group of developers forked TrueCrypt to another product they called VeraCrypt.

VeraCrypt is a software utility used for on-the-fly encryption (OTFE). It’s a fork of the discontinued TrueCrypt project, which means it was developed based on TrueCrypt’s source code but with additional improvements and security enhancements. VeraCrypt can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device with pre-boot authentication.

Some of the key features of VeraCrypt include:

  1. Enhanced Security: VeraCrypt uses more robust encryption algorithms and more complex key derivation procedures than TrueCrypt. This makes it more resistant to brute-force attacks.

  2. Encryption: It supports various encryption algorithms, including AES, Serpent, and Twofish, and combinations of these.

  3. Cross-Platform: VeraCrypt is available for Windows, macOS, and Linux, making it versatile for different user environments.

  4. Hidden Volumes: It can create a hidden volume within another volume. This feature allows plausible deniability, where even if forced to reveal a password, the hidden volume’s existence can remain undisclosed.

Let’s download and test Veracrypt!

Step #1 Download and Install Veracrypt

In this tutorial, I will be downloading and installing Veracrypt to my Kali Linux system, but the instructions are nearly identical for use with the MacOS and Windows.

You can download veracrypt here.

I have indicated the package I used for my 64-bit Kali Linux in the image above, but if you are using MacOS or Windows, make certain to download the appropriate package.

Once the application has completely downloaded, you will need to unpack the compressed application. In Kali, the default archive manager is Engrampa and it will automatically open when your application completes its download. Simply click on the Extract button and Engrampa with uncompress your file.

Now, go ahead and click the Extract button.

You should now have several versions of Veracrypt in your Downloads directory. I am using the veracrypt-1.26.7-setup-gui-x64 on my Kali.

Step # 2 Install and Enable Veracrypt

Once you have executed the setup script, you should be greeted then by a screen such as seen below asking you to select an installation option. I selected 1.

Once you enter 1, the application will ask you to read and agree to all the End User agreement. When you agree, Veracrypt will run it’s script and install all of its components.

Now, you only need to enter the command “veracrypt”.

kali > veracrypt

This should open a window like that below.

Select “Create Volume”.

Next, select “Create an encrypted file container”.

At this point, you can choose to create a standard Veracrypt volume or a Hidden Veracrypt volume. For extra security, I selected the hidden volume.

Now, we are asked what type of encryption to use to encrypt the volume. AES is the default, but there are many other choices including nested encryption by 2 or 3 encryption algorithms. In this case, the data is first encrypted with one type of encryption and then the encrypted data is encrypted again with a different encryption algorithm. This makes it VERY difficult for anyone to decipher the data but it also adds latency to the availability of the data since the data must go through multiple rounds of encryption. I only use these nested encryption for my most sensitive data.

Once you have selected your encryption algorithm, you will be asked for the size of the volume.

Finally, you will be asked for your password. Make certain it is long and complex to prevent brute force attacks.

At this stage, you are asked whether you will be encrypting very large files. If you are encrypting files over 4gb, you file system choices are limited.

Now, we choose the type of file system. In my case, I selected FAT as it can be read by multiple operating systems but can not store files larger than 4gb.

At this point, we need to provide the encryption algorithm some random data. It’s important that this data be truly random (rather than pseudo-random such as random number generators in some applications) to make the data as secure as possible. Veracrypt uses your random mouse movements to generator these random numbers for the algorithm.

 

Once you have completed the random number generation, Veracrypt will create your encrypted volume.

Step # 3 Open the Encrypted Volume

Now, when you want access to the encrypted volume, simply double click on the icon and this window will pop up requesting your password. Make certain to enter your password correctly and the data will available to you and only you!

Summary

In many cases, cyberwarriors must make certain that their data is secure. Personal data, corporate data, military plans and strategies can all be compromised by malicious actors or corporate data security plans that are compromised or simply insecure. A tool such as Veracrypt can secure our data even in the case of a stolen laptop or a sophisticated forensics investigator.