Bruteforcing Linux Full Disk Encryption (LUKS) with hashcat - The Forensic way!

This walk-through will show you how to Bruteforce LUK volumes using hashcat. How you can mount a LUK partition and how we can image it once it's decrypted.

Scenario: You've got a Macbook in. MacOS has been removed and Debian 9.0  has been installed. The suspect is using LUKS (Linux Unified Key Setup) full disk encryption to encrypt the disk. Password unknown and we need a forensically sound method to access the data. This is how I'd do it:
Requirements: Hashcat 3.5.0+ FTK imager (optional)
Encase (optional)

Skip to step 5 to just see the hashcat step. Skip to step 6 just to see the mounting and imaging.  
1. Image the Macbook and load into Encase Imaging hard drive can be done forensically sound via thunderbolt, another Mac and, target disk mode. This is fairly easy and common so won’t be detailed here.   
Once we have an evidence file and loaded into EnCase we can see that the boot partition is visible but hda2 appears as Unallocated Clusters in an EXT2 partition.

We can s…

How to Root Galaxy S7 Edge without wiping data to obtain a Physical Extraction

These instructions will show you how you can root your Samsung Galaxy S7 Edge, without the need to wipe the data. Once rooted we can use UFED 4PC to obtain a Physical Extraction of the device to recovery deleted data. 

tl;dr: Install SuperSU & No Encrypt from an SDcard using TWRP, rather than the onboard storage which requires wiping the device.

For an un-encrypted device and when you have the Pin code.

My Disclaimer: You follow these instructions under your own risk. This is a potentially destructive method for both the device (it could brick) and the data. Ensure you have appropriate authority approval before attempting this method. I do not take any responsibility for any damage you may cause to devices/exhibits. This is not a perfect guide and should be used only as guide. This method has worked for me on the 06.11.2016 with these variables: Samsung Galaxy S7 SM-G935F (Normal and Edge Exynos versions only) Android 6.0.1
Kernel 3.18.14-888212 KNOX 2.6 Android Secuirty patch level 1 Au…