I have a file (about 13GB).
When I execute the command file "filename"
in terminal,
It shows tails_filesystem: LUKS encrypted file, ver 1 [aes, xts-plain64, sha1] UUID : blahblah
And, when I mount in FTK imager for viewing filesystem,
It shows Unrecognized file system [unknown]
I know LUKS passphrase for this file dump.
But I don't know how to mount this file dump for analysing.
Google contains only a few methods of encrypting volume by dm-crypt… :'(
(In addition, I tried to analyse with freeOTFE & librecrypt. This failed.)
How can I see files in LUKS encrypted filesystem dump??
Best Answer
Be sure dm-crypt kernel module is loaded.
Then I would suggest:
This should create a device /dev/mapper/desired-name which you can then mount as used to.
I'm not sure if this works for a dump. But it's quite possible.