Encrypted Disk Detector: What does it do?

Encrypted Disk Detector (v2.2.0 released 06/09/2017) is a command-line tool that can quickly and non-intrusively check for encrypted volumes on a computer system during incident response.

The decision can then be made to investigate further and determine whether a live acquisition needs to be made in order to secure and preserve the evidence that would otherwise be lost if the plug was pulled.

Encrypted Disk Detector checks the local physical drives on a system for TrueCrypt, PGP®, or Bitlocker® encrypted volumes. If no disk encryption signatures are found in the MBR, EDD also displays the OEM ID and, where applicable, the Volume Label for partitions on that drive, checking for Bitlocker® volumes.

Supported Encrypted Volumes

  • Currently, Encrypted Disk Detector detects TrueCrypt, PGP®, Safeboot, and Bitlocker® encrypted volumes, and we’re adding to this list with each new release.

Simply fill out the form on the right and we’ll email you a copy of the Encrypted Disk Detector.

Note: Check your inbox for a confirmation email after completing the form.

By downloading Free Tools software from Magnet Forensics you agree that your use of the software is governed by the End User License Agreement available at www.magnetforensics.com/legal.  ©2018 Magnet Forensics Inc. All rights reserved.