|
Title: for security reasons I rename wallet.dat to "foo" without an extension Post by: mackminer on December 13, 2016, 01:18:00 PM is there a way to search for this file?
I used a hex utility before but it couldn't find anything I had in common with other wallet.dat files.... thanks. Title: Re: for security reasons I rename wallet.dat to "foo" without an extension Post by: Foxpup on December 13, 2016, 01:33:21 PM it couldn't find anything I had in common with other wallet.dat files.... You couldn't find that wallets are all Berkeley Database files?Code: $ file foo And that's just doing it manually. Keep in mind that most digital forensics software not only allows searching for specific types of files this way, but also automatic highlighting of files whose contents don't match the extension. You're not fooling anybody. Title: Re: for security reasons I rename wallet.dat to "foo" without an extension Post by: kolloh on December 13, 2016, 03:06:40 PM For the best security, I'd recommend placing them in an encrypted container which should better help prevent against forensics like this. Security through obscurity is usually not going to stop a determined individual.
Title: Re: for security reasons I rename wallet.dat to "foo" without an extension Post by: ArcCsch on December 14, 2016, 03:36:25 AM Some kinds of ransomware intentionally don't encrypt wallet.dat files, so their victims can recover their coins to pay as ransom.
This implies that their is some mechanism to search for it. Title: Re: for security reasons I rename wallet.dat to "foo" without an extension Post by: Kakmakr on December 14, 2016, 09:15:11 AM it couldn't find anything I had in common with other wallet.dat files.... You couldn't find that wallets are all Berkeley Database files?Code: $ file foo And that's just doing it manually. Keep in mind that most digital forensics software not only allows searching for specific types of files this way, but also automatic highlighting of files whose contents don't match the extension. You're not fooling anybody. Yea, but he is not trying to hide it from some secret agency with specialized digital forensic software. The basic script kiddie will not go through all that trouble to find it. Just use a popular compression software with the abbility to encrypt & split the compressed file and then store the split file in different locations. < even on different devices > That should stop the average script kiddie from gaining access to your valueble files. ^smile^ Title: Re: for security reasons I rename wallet.dat to "foo" without an extension Post by: shorena on December 14, 2016, 10:23:33 AM it couldn't find anything I had in common with other wallet.dat files.... You couldn't find that wallets are all Berkeley Database files?Code: $ file foo And that's just doing it manually. Keep in mind that most digital forensics software not only allows searching for specific types of files this way, but also automatic highlighting of files whose contents don't match the extension. You're not fooling anybody. Yea, but he is not trying to hide it -snip- correct, OP tries to find it. @OP you should be able to search for one of your addresses or labels. Example from a new test wallet below. Code: 000128d0 2e 00 01 c0 d4 01 00 3b d3 e7 56 00 00 00 00 21 |.......;..V....!| Title: Re: for security reasons I rename wallet.dat to "foo" without an extension Post by: mocacinno on December 14, 2016, 10:34:15 AM find / -exec file {} \; | grep Berkeley
It'll take a long time, and there might be false positives, but it should find your wallets ;) |