Interrogate is a proof-of-concept tool for identification of cryptographic keys in binary material (regardless of target operating system), first and foremost for memory dump analysis and forensic usage. Able to identify AES, Serpent, Twofish and DER-encoded RSA keys as of version 0.0.4.
The tool was written as a part of my Master’s Thesis at NTNU.
- Version: 0.0.4
- License: GPL
- Author: Carsten Maartmann-Moe (carsten@carmaa.com)
- Twitter: @MaartmannMoe
- Source: https://github.com/carmaa/interrogate
Interrogate requires:
- Linux or Mac OS X
Interrogate has no dependencies, installation consists of downloading and compiling:
git clone https://github.com/carmaa/interrogate.git
cd interrogate
make
- Dump memory from the target machine
- Run Interrogate against the memory dump
For a more complete and up-to-date description, please run:
./interrogate -h
This is a Proof of Concept tool only. Don't expect too much.
Please see my master's thesis: https://ntnuopen.ntnu.no/ntnu-xmlui/handle/11250/261742
And the related paper: https://dfrws.org/sites/default/files/session-files/paper-the_persistence_of_memory_-_forensic_identification_and_extraction_of_cryptographic_keys.pdf
- None
- 0.0.1 - First version
- 0.0.2 - Added TwoFish and Serpent key search functionality
- 0.0.3 - The version that was released with my Master's thesis
- 0.0.4 - Small bug fixes in conjunction with DFRWS 2009
Do no evil with this tool. Also, I am a pentester, not a developer. So if you see weird code that bugs your purity senses, drop me a note on howI can improve it. Or even better, fork my code, change it and issue a pull request.