Home

Awesome

Interrogate

Interrogate is a proof-of-concept tool for identification of cryptographic keys in binary material (regardless of target operating system), first and foremost for memory dump analysis and forensic usage. Able to identify AES, Serpent, Twofish and DER-encoded RSA keys as of version 0.0.4.

The tool was written as a part of my Master’s Thesis at NTNU.

Key data

Requirements

Interrogate requires:

Installation

Interrogate has no dependencies, installation consists of downloading and compiling:

Download and install

git clone https://github.com/carmaa/interrogate.git
cd interrogate
make

Usage

  1. Dump memory from the target machine
  2. Run Interrogate against the memory dump

For a more complete and up-to-date description, please run:

./interrogate -h

Known bugs / caveats

This is a Proof of Concept tool only. Don't expect too much.

Troubleshooting

Please see my master's thesis: https://ntnuopen.ntnu.no/ntnu-xmlui/handle/11250/261742

And the related paper: https://dfrws.org/sites/default/files/session-files/paper-the_persistence_of_memory_-_forensic_identification_and_extraction_of_cryptographic_keys.pdf

Planned features

Development history

Disclaimer

Do no evil with this tool. Also, I am a pentester, not a developer. So if you see weird code that bugs your purity senses, drop me a note on howI can improve it. Or even better, fork my code, change it and issue a pull request.