Mount – How to Mount LUKS Encrypted File

encryptionlukslvmmount

I have a file (about 13GB).

When I execute the command file "filename" in terminal,
It shows tails_filesystem: LUKS encrypted file, ver 1 [aes, xts-plain64, sha1] UUID : blahblah

And, when I mount in FTK imager for viewing filesystem,
It shows Unrecognized file system [unknown]

I know LUKS passphrase for this file dump.

But I don't know how to mount this file dump for analysing.

Google contains only a few methods of encrypting volume by dm-crypt… :'(
(In addition, I tried to analyse with freeOTFE & librecrypt. This failed.)

How can I see files in LUKS encrypted filesystem dump??

Best Answer

Be sure dm-crypt kernel module is loaded.

modprobe dm-crypt

Then I would suggest:

cryptsetup open --type luks /path/to/dump desired-name

This should create a device /dev/mapper/desired-name which you can then mount as used to.

mount /dev/mapper/desired-name /mnt

I'm not sure if this works for a dump. But it's quite possible.

Related Solutions

LUKS Encryption Security – How Secure is an Encrypted LUKS Filesystem?

Yes, it is secure. Ubuntu uses AES-256 to encrypt the disk volume and has a cypher feedback to help protect it from frequency attacks and others attacks that target statically encrypted data.

As an algorithm, AES is secure and this has been proved by crypt-analysis testing. The weakness actually lies within the cypher and the software to pass it the keys. Specifically lies in the keystore (which is stored in the header of the volume), the keystore is secured by a passphrase. Passphrases are of course open to some attacks such as dictionary/brute force (if this was successful, it would decrypt the keystore). Using long "complex" non-word passwords would reduce the chance of this happening.

The only other possibility to decrypt is using recording devices or social engineering to determine your passphrase.

In short, your computer is reasonably safe unless you are subject to serious organised cyber crime or Government investigation!

Ubuntu – Mount LUKS encrypted hard drive at boot

A key file in the /boot directory can be read by any other operation system booted on your machine that is able to mount the filesystem on that /boot is located. Thus, encryption is not really effective. This argument applies to all key file locations on unencrypted file systems.

To avoid key files on unencrypted file systems a password can be used for decryption. Create a strong password for the device. Then, change the line in /etc/crypttab to

hddencrypted UUID=b3024cc1-93d1-439f-80ce-1b1ceeafda1e none luks

and keep the entry in /etc/fstab unmodified. Ubuntu 14.04/16.04/18.04 asks you for the password on startup.

Best Answer

Related Solutions

LUKS Encryption Security – How Secure is an Encrypted LUKS Filesystem?

Ubuntu – Mount LUKS encrypted hard drive at boot

Related Question