Windows: Getting forensic image from truecrypt container (opened) and getting forensic image from nonopened truecrypt container

Posted on 2010-08-25
Last Modified: 2012-06-27

i would like to know to to get a dd image from truecrypt container which is allready mounted


i would like to know how to get it when the file is not mounted.

My environment is a windows box. All Solutions should be freeware.


Question by:ByteSleuth
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 33

Accepted Solution

Dave Howe earned 500 total points
ID: 33521151
to get it while mounted:

download and unzip

use the command dd if=\\.\k: of=drive.img bs=10M

where k: is the drive it is mounted on (change to suit)
drive.img is the target file (must be enough space to store an uncompressed image of the drive)
and 10M is the buffer (chunk) size during the copy - larger sizes mean faster copies, but more memory used.

to get it while not mounted:

just copy the file :)

Author Comment

ID: 33521223

thanks a lot :-)

Here are your points...

Author Closing Comment

ID: 33521233
Thanks a lot buddy.
View my other questions about truecrypt-----

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Unable to boot to safe made with Bitlocker 13 98
one-way data "masking" MD5 sql 26 202
shd and spl analysis 3 166
Best way to encrypt a xls file 8 63
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question