for security reasons I rename wallet.dat to "foo" without an extension

[mackminer]

is there a way to search for this file?

I used a hex utility before but it couldn't find anything I had in common with other wallet.dat files....

thanks.

[Foxpup]

it couldn't find anything I had in common with other wallet.dat files....

You couldn't find that wallets are all Berkeley Database files?

Code:

$ file foo
foo: Berkeley DB (Btree, version 9, native byte-order)

And that's just doing it manually. Keep in mind that most digital forensics software not only allows searching for specific types of files this way, but also automatic highlighting of files whose contents don't match the extension. You're not fooling anybody.

[kolloh]

For the best security, I'd recommend placing them in an encrypted container which should better help prevent against forensics like this. Security through obscurity is usually not going to stop a determined individual.

[ArcCsch]

Some kinds of ransomware intentionally don't encrypt wallet.dat files, so their victims can recover their coins to pay as ransom.
This implies that their is some mechanism to search for it.

[Kakmakr]

it couldn't find anything I had in common with other wallet.dat files....

You couldn't find that wallets are all Berkeley Database files?

Code:

$ file foo
foo: Berkeley DB (Btree, version 9, native byte-order)

And that's just doing it manually. Keep in mind that most digital forensics software not only allows searching for specific types of files this way, but also automatic highlighting of files whose contents don't match the extension. You're not fooling anybody.

Yea, but he is not trying to hide it from some secret agency with specialized digital forensic software. The basic script kiddie will not go through all that trouble to find it. Just use a popular compression software with the abbility to encrypt & split the compressed file and then store the split file in different locations. < even on different devices > That should stop the average script kiddie from gaining access to your valueble files. ^smile^

[shorena]

it couldn't find anything I had in common with other wallet.dat files....

You couldn't find that wallets are all Berkeley Database files?

Code:

$ file foo
foo: Berkeley DB (Btree, version 9, native byte-order)

And that's just doing it manually. Keep in mind that most digital forensics software not only allows searching for specific types of files this way, but also automatic highlighting of files whose contents don't match the extension. You're not fooling anybody.

Yea, but he is not trying to hide it
-snip-

correct, OP tries to find it.


@OP you should be able to search for one of your addresses or labels. Example from a new test wallet below.

Code:

000128d0  2e 00 01 c0 d4 01 00 3b  d3 e7 56 00 00 00 00 21  |.......;..V....!|
000128e0  2e 00 01 c0 01 00 01 00  28 00 01 04 6e 61 6d 65  |........(...name|
000128f0  22 31 4b 36 01 00 01 00  01 00 01 00 28 00 01 04  |"1K6........(...|
00012900  6e 61 6d 65 22 31 42 31  31 62 65 51 7a 5a 6f 74  |name"1B11beQzZot|
00012910  47 69 47 41 7a 52 76 43  44 4c 56 75 31 48 42 78  |GiGAzRvCDLVu1HBx|
00012920  76 34 33 70 79 72 44 c0  01 00 01 00 28 00 01 04  |v43pyrD.....(...|
00012930  6e 61 6d 65 22 31 4b 36  76 61 44 75 47 4b 63 78  |name"1K6vaDuGKcx|
00012940  70 45 6a 58 48 59 36 71  65 4c 35 4a 78 79 73 52  |pEjXHY6qeL5JxysR|
00012950  4a 59 71 36 42 61 53 00  2e 00 01 c0 d4 01 00 3b  |JYq6BaS........;|
00012960  d3 e7 56 00 00 00 00 21  02 bb 5c e5 9d 28 0c 9d  |..V....!..\..(..|

[mocacinno]

find / -exec file {} \; | grep Berkeley

It'll take a long time, and there might be false positives, but it should find your wallets