Scanning TrueCrypted hard drives
June 8, 2012 9:28 AM Subscribe
I'm looking for a good Linux distribution to run from a USB stick for virus scanning on Windows computers. Difficulty - these computers have their hard drives encrypted with TrueCrypt.
Before we began encrypting laptop hard drives, I was scanning computers with a variety of rescue disks via SARDU or Trinity Rescue. Now I need to be able to decrypt the hard drive first, so whatever I boot into needs to be able to run TrueCrypt 7.
So far I've gotten Puppy Linux to work like this, but I'm not thrilled with the anti-virus options (Avast, F-Prot won't update and ClamAv plain won't work). I'd prefer to not have to go compiling source myself, so ideally a distro with a good selection of AV packages.
Additionally, feel free to challenge my assumptions here - if there's a way to run rescue disks on encrypted drives that would be awesome. (I know Trinity has TrueCrypt, buy it is only version 6 and won't decrypt our drives.) Also if I'm asking too much and will basically need to compile my own stuff, let me know that too. Or anything I obviously haven't considered.
Thanks!
Before we began encrypting laptop hard drives, I was scanning computers with a variety of rescue disks via SARDU or Trinity Rescue. Now I need to be able to decrypt the hard drive first, so whatever I boot into needs to be able to run TrueCrypt 7.
So far I've gotten Puppy Linux to work like this, but I'm not thrilled with the anti-virus options (Avast, F-Prot won't update and ClamAv plain won't work). I'd prefer to not have to go compiling source myself, so ideally a distro with a good selection of AV packages.
Additionally, feel free to challenge my assumptions here - if there's a way to run rescue disks on encrypted drives that would be awesome. (I know Trinity has TrueCrypt, buy it is only version 6 and won't decrypt our drives.) Also if I'm asking too much and will basically need to compile my own stuff, let me know that too. Or anything I obviously haven't considered.
Thanks!
Maybe a USB stick or DVD with BartPE + Microsoft Security Essentials + TrueCrypt installed will do it.
posted by dudeman at 9:38 AM on June 8, 2012
posted by dudeman at 9:38 AM on June 8, 2012
1. Build an OS image that runs your preferred anti-virus software on an unencrypted mounted disk
2. Run that image in a virtual machine that you launch from the USB-disk Linux. The host OS handles the encryption and provides the guest OS with a decrypted block volume.
Ubuntu can be installed on a usb disk (see usb-creator). That's going to be a more full-featured Linux than Puppy, which is more oriented towards ancient machines with very limited resources.
posted by qxntpqbbbqxl at 9:46 AM on June 8, 2012
2. Run that image in a virtual machine that you launch from the USB-disk Linux. The host OS handles the encryption and provides the guest OS with a decrypted block volume.
Ubuntu can be installed on a usb disk (see usb-creator). That's going to be a more full-featured Linux than Puppy, which is more oriented towards ancient machines with very limited resources.
posted by qxntpqbbbqxl at 9:46 AM on June 8, 2012
Response by poster:
posted by charred husk at 9:52 AM on June 8, 2012
qxntpqbbbqxl:I've only done a little bit with virtualization - can the virtual machine be configured to directly access the host like that beyond shared folders?
"2. Run that image in a virtual machine that you launch from the USB-disk Linux. The host OS handles the encryption and provides the guest OS with a decrypted block volume."
posted by charred husk at 9:52 AM on June 8, 2012
i realize you want linux.
i want you to try HBCD-15.1-Restored
in miniwindows, windows xp , it has truecrypt 7.1
it has loads of antivirus programs.
also, do us a favor and get back to us with which solution you settle on.
posted by calm down at 10:16 AM on June 8, 2012 [2 favorites]
i want you to try HBCD-15.1-Restored
in miniwindows, windows xp , it has truecrypt 7.1
it has loads of antivirus programs.
also, do us a favor and get back to us with which solution you settle on.
posted by calm down at 10:16 AM on June 8, 2012 [2 favorites]
can the virtual machine be configured to directly access the host like that beyond shared folders?
I've never done it specifically with TrueCrypt, but I think it's possible. The process is to get the host's TrueCrypt to provide the decrypted disk a block device (without mounting it on the host), and then have the VM access that block device as if it were a physical disk. It should be roughly the same as mounting a physical partition in a VM, which is certainly possible. You may need to ask further questions on the VirtualBox or VMWare forums, though :) Also, to be safe, probably best to have TrueCrypt mount read-only for the scans...
posted by qxntpqbbbqxl at 10:22 AM on June 8, 2012
I've never done it specifically with TrueCrypt, but I think it's possible. The process is to get the host's TrueCrypt to provide the decrypted disk a block device (without mounting it on the host), and then have the VM access that block device as if it were a physical disk. It should be roughly the same as mounting a physical partition in a VM, which is certainly possible. You may need to ask further questions on the VirtualBox or VMWare forums, though :) Also, to be safe, probably best to have TrueCrypt mount read-only for the scans...
posted by qxntpqbbbqxl at 10:22 AM on June 8, 2012
Response by poster:
posted by charred husk at 10:27 AM on June 8, 2012
calm down:Oh, yeah, Hiren's. I had trouble with it being really buggy last time I tried it and had forgotten about it. It had much better options than the UBCD4Win. Looks like it's beefed up anti-virus stuff, too. I'll give it a shot and see if it has improved.
"i want you to try HBCD-15.1-Restored "
posted by charred husk at 10:27 AM on June 8, 2012
You can indeed make the host's block devices accessible to a VM. Both VMWare and VirtualBox support .vmdk virtual-disk-descriptor files that reference real devices.
posted by vasi at 2:46 AM on June 9, 2012
posted by vasi at 2:46 AM on June 9, 2012
This thread is closed to new comments.
posted by snuffleupagus at 9:37 AM on June 8, 2012